some viruses make my laptop run slower

R

rio123

New member
Hi there,
my laptop run very slow plz check my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:45 AM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [BMf3e540a8] Rundll32.exe "C:\WINDOWS\system32\xufvoxag.dll",s
O4 - HKLM\..\Run: [f0d67334] rundll32.exe "C:\WINDOWS\system32\auqrqepe.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Mojicon Dispenser - {3B3628FF-E084-47ef-8797-FA36FC2571EA} - C:\Program Files\Mojicon\Mojicon\mojiwin.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9189 bytes
 
Hi rio123

Rename HijackThis.exe to rio123.exe and post back a fresh HijackThis log, please :)
 
hi shaba this is my fresh HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:01:12 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [BMf3e540a8] Rundll32.exe "C:\WINDOWS\system32\oltccltt.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Mojicon Dispenser - {3B3628FF-E084-47ef-8797-FA36FC2571EA} - C:\Program Files\Mojicon\Mojicon\mojiwin.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9709 bytes
 
Unfortunately it didn't go right:

Rename HijackThis.exe to rio123.exe by doing the following;

  • Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
  • Right-click on the HijackThis.exe
  • Choose from the pull-down menu; "Rename"
  • And now Rename HijackThis.exe to rio123.exe
  • When you've renamed HijackThis, open HijackThis again.
  • Take a fresh HijackThis log (click Do a system scan and save a log file)
  • Post the fresh HijackThis log here.
 
sry my bad..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:25 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\rio123.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: {5f404dcd-72bb-527a-4b74-11597f0d7723} - {3277d0f7-9511-47b4-a725-bb27dcd404f5} - C:\WINDOWS\system32\jkkznk.dll
O2 - BHO: (no name) - {45F8DA5A-FFD5-4B83-9307-069437962439} - C:\WINDOWS\system32\pmnlijhe.dll
O2 - BHO: (no name) - {4F464E28-CD58-4BC2-95BD-FF194C56A238} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7C0AC601-BF98-455C-AAD5-D1B49B74DE00} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A8C86967-08AC-4BE1-B44D-6C5F429FD361} - (no file)
O2 - BHO: (no name) - {AE7A992D-AA0A-4493-81CE-4E60BA2BD2E0} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DE83686C-FE3C-40D2-80AC-2F43B4F18100} - (no file)
O2 - BHO: (no name) - {E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C} - C:\WINDOWS\system32\ljJBttRL.dll
O2 - BHO: (no name) - {FF66D5D5-158E-457D-BC01-CEF20141E194} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [BMf3e540a8] Rundll32.exe "C:\WINDOWS\system32\oltccltt.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Mojicon Dispenser - {3B3628FF-E084-47ef-8797-FA36FC2571EA} - C:\Program Files\Mojicon\Mojicon\mojiwin.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: ljJBttRL - C:\WINDOWS\SYSTEM32\ljJBttRL.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11434 bytes
 
We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

Post:

- a fresh HijackThis log
- combofix report

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
 
fresh HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:36 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\update\update.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\rio123.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Mojicon Dispenser - {3B3628FF-E084-47ef-8797-FA36FC2571EA} - C:\Program Files\Mojicon\Mojicon\mojiwin.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9983 bytes


combofix

ComboFix 08-07-31.06 - RiO 2008-08-02 17:39:30.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.229 [GMT 8:00]
Running from: C:\Documents and Settings\RiO\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\RiO\ResErrors.log
C:\Program Files\AdvancedHelper
C:\Program Files\AdvancedHelper\AdvancedHelper.dat
C:\Program Files\AdvancedHelper\pcre3.dll
C:\Program Files\AdvancedHelper\uninstall.exe
C:\WINDOWS\BMf3e540a8.txt
C:\WINDOWS\BMf3e540a8.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\_004184_.tmp.dll
C:\WINDOWS\system32\_004185_.tmp.dll
C:\WINDOWS\system32\_004186_.tmp.dll
C:\WINDOWS\system32\_004187_.tmp.dll
C:\WINDOWS\system32\_004193_.tmp.dll
C:\WINDOWS\system32\_004194_.tmp.dll
C:\WINDOWS\system32\_004195_.tmp.dll
C:\WINDOWS\system32\_004196_.tmp.dll
C:\WINDOWS\system32\_004197_.tmp.dll
C:\WINDOWS\system32\_004198_.tmp.dll
C:\WINDOWS\system32\_004199_.tmp.dll
C:\WINDOWS\system32\_004200_.tmp.dll
C:\WINDOWS\system32\_004201_.tmp.dll
C:\WINDOWS\system32\_004202_.tmp.dll
C:\WINDOWS\system32\_004203_.tmp.dll
C:\WINDOWS\system32\_004204_.tmp.dll
C:\WINDOWS\system32\_004205_.tmp.dll
C:\WINDOWS\system32\_004206_.tmp.dll
C:\WINDOWS\system32\_004207_.tmp.dll
C:\WINDOWS\system32\_004208_.tmp.dll
C:\WINDOWS\system32\_004209_.tmp.dll
C:\WINDOWS\system32\_004210_.tmp.dll
C:\WINDOWS\system32\_004211_.tmp.dll
C:\WINDOWS\system32\_004212_.tmp.dll
C:\WINDOWS\system32\_004213_.tmp.dll
C:\WINDOWS\system32\_004214_.tmp.dll
C:\WINDOWS\system32\_004215_.tmp.dll
C:\WINDOWS\system32\_004216_.tmp.dll
C:\WINDOWS\system32\_004217_.tmp.dll
C:\WINDOWS\system32\_004218_.tmp.dll
C:\WINDOWS\system32\_004219_.tmp.dll
C:\WINDOWS\system32\_004220_.tmp.dll
C:\WINDOWS\system32\_004221_.tmp.dll
C:\WINDOWS\system32\_004222_.tmp.dll
C:\WINDOWS\system32\_004223_.tmp.dll
C:\WINDOWS\system32\_004224_.tmp.dll
C:\WINDOWS\system32\_004225_.tmp.dll
C:\WINDOWS\system32\_004226_.tmp.dll
C:\WINDOWS\system32\_004227_.tmp.dll
C:\WINDOWS\system32\_004228_.tmp.dll
C:\WINDOWS\system32\_004229_.tmp.dll
C:\WINDOWS\system32\_004230_.tmp.dll
C:\WINDOWS\system32\_004231_.tmp.dll
C:\WINDOWS\system32\_004232_.tmp.dll
C:\WINDOWS\system32\_004233_.tmp.dll
C:\WINDOWS\system32\_004234_.tmp.dll
C:\WINDOWS\system32\_004235_.tmp.dll
C:\WINDOWS\system32\_004236_.tmp.dll
C:\WINDOWS\system32\_004237_.tmp.dll
C:\WINDOWS\system32\_004238_.tmp.dll
C:\WINDOWS\system32\_004239_.tmp.dll
C:\WINDOWS\system32\_004240_.tmp.dll
C:\WINDOWS\system32\_004241_.tmp.dll
C:\WINDOWS\system32\_004242_.tmp.dll
C:\WINDOWS\system32\_004243_.tmp.dll
C:\WINDOWS\system32\_004244_.tmp.dll
C:\WINDOWS\system32\_004245_.tmp.dll
C:\WINDOWS\system32\_004246_.tmp.dll
C:\WINDOWS\system32\_004247_.tmp.dll
C:\WINDOWS\system32\_004248_.tmp.dll
C:\WINDOWS\system32\_004249_.tmp.dll
C:\WINDOWS\system32\_004250_.tmp.dll
C:\WINDOWS\system32\_004251_.tmp.dll
C:\WINDOWS\system32\_004252_.tmp.dll
C:\WINDOWS\system32\_004253_.tmp.dll
C:\WINDOWS\system32\_004254_.tmp.dll
C:\WINDOWS\system32\_004255_.tmp.dll
C:\WINDOWS\system32\_004256_.tmp.dll
C:\WINDOWS\system32\_004257_.tmp.dll
C:\WINDOWS\system32\_004258_.tmp.dll
C:\WINDOWS\system32\_004259_.tmp.dll
C:\WINDOWS\system32\_004260_.tmp.dll
C:\WINDOWS\system32\_004261_.tmp.dll
C:\WINDOWS\system32\_004262_.tmp.dll
C:\WINDOWS\system32\_004263_.tmp.dll
C:\WINDOWS\system32\_004264_.tmp.dll
C:\WINDOWS\system32\_004265_.tmp.dll
C:\WINDOWS\system32\_004266_.tmp.dll
C:\WINDOWS\system32\_004267_.tmp.dll
C:\WINDOWS\system32\_004268_.tmp.dll
C:\WINDOWS\system32\_004269_.tmp.dll
C:\WINDOWS\system32\_004270_.tmp.dll
C:\WINDOWS\system32\_004271_.tmp.dll
C:\WINDOWS\system32\_004272_.tmp.dll
C:\WINDOWS\system32\_004273_.tmp.dll
C:\WINDOWS\system32\_004274_.tmp.dll
C:\WINDOWS\system32\_004275_.tmp.dll
C:\WINDOWS\system32\_004276_.tmp.dll
C:\WINDOWS\system32\_004277_.tmp.dll
C:\WINDOWS\system32\_004278_.tmp.dll
C:\WINDOWS\system32\_004279_.tmp.dll
C:\WINDOWS\system32\_004280_.tmp.dll
C:\WINDOWS\system32\_004281_.tmp.dll
C:\WINDOWS\system32\_004282_.tmp.dll
C:\WINDOWS\system32\_004283_.tmp.dll
C:\WINDOWS\system32\_004284_.tmp.dll
C:\WINDOWS\system32\_004285_.tmp.dll
C:\WINDOWS\system32\_004286_.tmp.dll
C:\WINDOWS\system32\_004287_.tmp.dll
C:\WINDOWS\system32\_004288_.tmp.dll
C:\WINDOWS\system32\_004289_.tmp.dll
C:\WINDOWS\system32\_004291_.tmp.dll
C:\WINDOWS\system32\_004292_.tmp.dll
C:\WINDOWS\system32\_004293_.tmp.dll
C:\WINDOWS\system32\_004294_.tmp.dll
C:\WINDOWS\system32\_004295_.tmp.dll
C:\WINDOWS\system32\_004296_.tmp.dll
C:\WINDOWS\system32\_004297_.tmp.dll
C:\WINDOWS\system32\_004299_.tmp.dll
C:\WINDOWS\system32\_004300_.tmp.dll
C:\WINDOWS\system32\_004301_.tmp.dll
C:\WINDOWS\system32\_004302_.tmp.dll
C:\WINDOWS\system32\_004303_.tmp.dll
C:\WINDOWS\system32\_004304_.tmp.dll
C:\WINDOWS\system32\_004305_.tmp.dll
C:\WINDOWS\system32\_004306_.tmp.dll
C:\WINDOWS\system32\_004307_.tmp.dll
C:\WINDOWS\system32\_004308_.tmp.dll
C:\WINDOWS\system32\_004309_.tmp.dll
C:\WINDOWS\system32\_004310_.tmp.dll
C:\WINDOWS\system32\_004311_.tmp.dll
C:\WINDOWS\system32\_004312_.tmp.dll
C:\WINDOWS\system32\_004313_.tmp.dll
C:\WINDOWS\system32\_004314_.tmp.dll
C:\WINDOWS\system32\_004316_.tmp.dll
C:\WINDOWS\system32\_004317_.tmp.dll
C:\WINDOWS\system32\_004318_.tmp.dll
C:\WINDOWS\system32\_004319_.tmp.dll
C:\WINDOWS\system32\_004321_.tmp.dll
C:\WINDOWS\system32\_004323_.tmp.dll
C:\WINDOWS\system32\_004324_.tmp.dll
C:\WINDOWS\system32\_004325_.tmp.dll
C:\WINDOWS\system32\_004326_.tmp.dll
C:\WINDOWS\system32\_004327_.tmp.dll
C:\WINDOWS\system32\_004328_.tmp.dll
C:\WINDOWS\system32\_004329_.tmp.dll
C:\WINDOWS\system32\_004331_.tmp.dll
C:\WINDOWS\system32\_004332_.tmp.dll
C:\WINDOWS\system32\_004333_.tmp.dll
C:\WINDOWS\system32\_004334_.tmp.dll
C:\WINDOWS\system32\_004335_.tmp.dll
C:\WINDOWS\system32\_004336_.tmp.dll
C:\WINDOWS\system32\_004337_.tmp.dll
C:\WINDOWS\system32\_004338_.tmp.dll
C:\WINDOWS\system32\_004339_.tmp.dll
C:\WINDOWS\system32\_004340_.tmp.dll
C:\WINDOWS\system32\_004341_.tmp.dll
C:\WINDOWS\system32\_004342_.tmp.dll
C:\WINDOWS\system32\_004343_.tmp.dll
C:\WINDOWS\system32\_004344_.tmp.dll
C:\WINDOWS\system32\_004345_.tmp.dll
C:\WINDOWS\system32\_004346_.tmp.dll
C:\WINDOWS\system32\_004348_.tmp.dll
C:\WINDOWS\system32\_004349_.tmp.dll
C:\WINDOWS\system32\_004350_.tmp.dll
C:\WINDOWS\system32\_004351_.tmp.dll
C:\WINDOWS\system32\_004353_.tmp.dll
C:\WINDOWS\system32\_004355_.tmp.dll
C:\WINDOWS\system32\_004356_.tmp.dll
C:\WINDOWS\system32\_004357_.tmp.dll
C:\WINDOWS\system32\_004358_.tmp.dll
C:\WINDOWS\system32\_004359_.tmp.dll
C:\WINDOWS\system32\_004360_.tmp.dll
C:\WINDOWS\system32\_004361_.tmp.dll
C:\WINDOWS\system32\_004363_.tmp.dll
C:\WINDOWS\system32\_004364_.tmp.dll
C:\WINDOWS\system32\_004365_.tmp.dll
C:\WINDOWS\system32\_004366_.tmp.dll
C:\WINDOWS\system32\_004367_.tmp.dll
C:\WINDOWS\system32\_004368_.tmp.dll
C:\WINDOWS\system32\_004369_.tmp.dll
C:\WINDOWS\system32\_004370_.tmp.dll
C:\WINDOWS\system32\_004372_.tmp.dll
C:\WINDOWS\system32\_004373_.tmp.dll
C:\WINDOWS\system32\_004375_.tmp.dll
C:\WINDOWS\system32\_004377_.tmp.dll
C:\WINDOWS\system32\_004378_.tmp.dll
C:\WINDOWS\system32\_004382_.tmp.dll
C:\WINDOWS\system32\_004383_.tmp.dll
C:\WINDOWS\system32\_004385_.tmp.dll
C:\WINDOWS\system32\_004388_.tmp.dll
C:\WINDOWS\system32\_004390_.tmp.dll
C:\WINDOWS\system32\_004391_.tmp.dll
C:\WINDOWS\system32\_004392_.tmp.dll
C:\WINDOWS\system32\_004393_.tmp.dll
C:\WINDOWS\system32\_004396_.tmp.dll
C:\WINDOWS\system32\_004397_.tmp.dll
C:\WINDOWS\system32\_004398_.tmp.dll
C:\WINDOWS\system32\_004399_.tmp.dll
C:\WINDOWS\system32\_004400_.tmp.dll
C:\WINDOWS\system32\_004405_.tmp.dll
C:\WINDOWS\system32\_004407_.tmp.dll
C:\WINDOWS\system32\afgbnauh.dll
C:\WINDOWS\system32\bqvbxvic.ini
C:\WINDOWS\system32\cxwesqhq.dll
C:\WINDOWS\system32\eafhbdpx.dll
C:\WINDOWS\system32\ehjilnmp.ini
C:\WINDOWS\system32\ehjilnmp.ini2
C:\WINDOWS\system32\eivrpmgn.dll
C:\WINDOWS\system32\epeqrqua.ini
C:\WINDOWS\system32\eryjepaf.dll
C:\WINDOWS\system32\fizaqe.dll
C:\WINDOWS\system32\jkkznk.dll
C:\WINDOWS\system32\kwogbhfp.dll
C:\WINDOWS\system32\lffnpodd.dll
C:\WINDOWS\system32\ljJBttRL.dll
C:\WINDOWS\system32\mmymxb.dll
C:\WINDOWS\system32\mqwmejbs.dll
C:\WINDOWS\system32\mvitnohh.dll
C:\WINDOWS\system32\mvxdkx.dll
C:\WINDOWS\system32\mykoyvwi.dll
C:\WINDOWS\system32\nhykju.dll
C:\WINDOWS\system32\nlpxldka.dll
C:\WINDOWS\system32\pbviuayp.ini
C:\WINDOWS\system32\pmnlijhe.dll
C:\WINDOWS\system32\qxjmdy.dll
C:\WINDOWS\system32\rqRKBQgF.dll
C:\WINDOWS\system32\sbwldwtv.ini
C:\WINDOWS\system32\sqgqqblv.dll
C:\WINDOWS\system32\tovhijaw.dll
C:\WINDOWS\system32\uqsxdyab.dll
C:\WINDOWS\system32\vhkjakga.dll
C:\WINDOWS\system32\vqmfbuar.ini
C:\WINDOWS\system32\vtwdlwbs.dll
C:\WINDOWS\system32\vubibell.dll
C:\WINDOWS\system32\wmjaybil.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-07-30 00:35 . 2008-07-30 00:56 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-30 00:35 . 2008-07-30 00:56 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-30 00:29 . 2008-07-30 00:29 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-30 00:29 . 2008-08-02 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-30 00:29 . 2008-08-02 18:01 3,709,472 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-30 00:29 . 2008-08-02 18:03 671,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-30 00:29 . 2008-08-02 18:01 30,060 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-30 00:29 . 2008-08-02 18:03 3,376 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-30 00:24 . 2008-07-30 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-27 21:29 . 2007-04-19 00:12 2,854,400 --a------ C:\WINDOWS\system32\dllcache\msi.dll
2008-07-27 21:28 . 2007-10-26 11:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-07-27 15:48 . 2008-07-27 15:48 <DIR> d-------- C:\Documents and Settings\RiO\Application Data\Nero
2008-07-27 15:43 . 2008-07-27 15:43 <DIR> d-------- C:\Program Files\Nero
2008-07-27 15:43 . 2008-07-27 15:46 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-27 15:43 . 2008-07-27 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-27 11:21 . 2008-07-27 11:21 <DIR> d-------- C:\Program Files\uTorrent
2008-07-27 09:16 . 2004-08-03 23:00 71,040 --------- C:\WINDOWS\system32\drivers\_004187_.tmp.dll
2008-07-27 01:38 . 2004-08-03 23:00 71,040 --------- C:\WINDOWS\system32\drivers\_004196_.tmp.dll
2008-07-27 00:52 . 2008-07-27 00:52 <DIR> d-------- C:\Program Files\iPod
2008-07-26 22:24 . 2008-07-26 22:24 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-07-26 21:50 . 2008-07-26 21:50 <DIR> d-------- C:\Program Files\MSBuild
2008-07-26 21:46 . 2008-07-26 23:02 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-07-26 21:45 . 2008-07-26 21:45 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-07-26 21:44 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-07-26 21:43 . 2008-07-26 21:43 <DIR> d-------- C:\9d49f36563c46fecc22d5b210631
2008-07-26 19:48 . 2004-08-03 23:00 71,040 --------- C:\WINDOWS\system32\drivers\_004186_.tmp.dll
2008-07-26 18:11 . 2008-07-26 18:11 <DIR> d-------- C:\Documents and Settings\RiO\Application Data\Winamp
2008-07-26 18:09 . 2008-07-26 18:09 <DIR> d-------- C:\FEA - Command & Conquer Generals
2008-07-26 15:53 . 2008-07-26 18:09 <DIR> d-------- C:\Documents and Settings\RiO\Application Data\.Torrent Swapper
2008-07-25 14:09 . 2008-07-25 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-25 13:12 . 2004-08-03 23:00 71,040 --------- C:\WINDOWS\system32\drivers\_004167_.tmp.dll
2008-07-25 12:15 . 2008-07-27 21:45 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-25 12:15 . 2008-07-27 21:45 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-25 12:15 . 2008-07-27 21:45 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-25 12:00 . 2004-08-03 23:00 71,040 --------- C:\WINDOWS\system32\drivers\_004159_.tmp.dll
2008-07-25 10:57 . 2008-07-27 21:42 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-25 02:05 . 2008-07-25 02:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-24 21:02 . 2008-07-24 21:02 <DIR> d-------- C:\Program Files\Sun
2008-07-24 14:12 . 2008-07-30 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-24 03:40 . 2008-07-29 17:22 <DIR> d-------- C:\Program Files\Uniblue
2008-07-24 01:22 . 2008-07-24 01:22 <DIR> d-------- C:\172c772b76c5c83b5bdae6fcceb9b481
2008-07-24 01:00 . 2008-07-29 19:38 <DIR> d-------- C:\Program Files\VirusRanger
2008-07-24 01:00 . 2008-07-24 01:00 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-07-23 11:51 . 2008-07-23 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-07-23 09:52 . 2008-07-24 03:41 <DIR> d-------- C:\Documents and Settings\RiO\Application Data\Uniblue
2008-07-23 08:43 . 2004-08-03 23:00 71,040 --------- C:\WINDOWS\system32\drivers\_004165_.tmp.dll
2008-07-23 08:43 . 2008-07-23 08:43 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-07-23 08:43 . 2008-07-23 08:43 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-07-22 23:16 . 2008-07-22 23:16 <DIR> d-------- C:\Documents and Settings\RiO\Application Data\Sunbelt Software
2008-07-22 23:15 . 2008-07-22 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-07-22 23:13 . 2008-07-22 23:13 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-07-22 18:43 . 2008-04-14 08:12 8,461,312 --a------ C:\WINDOWS\system32\SETCD5.tmp
2008-07-22 18:42 . 2008-04-14 08:11 1,267,200 --a------ C:\WINDOWS\system32\SETF7C.tmp
2008-07-22 18:41 . 2008-04-14 08:11 1,025,024 --a------ C:\WINDOWS\system32\SETFA6.tmp
2008-07-21 20:52 . 2008-07-21 20:52 <DIR> d-------- C:\Program Files\Mojicon Installer
2008-07-21 17:14 . 2008-07-21 17:14 <DIR> d-------- C:\WINDOWS\ASTULogTemp
2008-07-21 17:14 . 2008-07-21 17:14 41,920 --a------ C:\WINDOWS\system32\ASTULog.cab
2008-07-21 17:14 . 2008-07-21 17:14 283 --a------ C:\WINDOWS\system32\setup.rpt
2008-07-21 12:08 . 2008-07-21 12:10 2 --a------ C:\-254381157
2008-07-21 03:24 . 2008-07-21 03:24 <DIR> d-------- C:\Program Files\Binaryfish
2008-07-21 02:50 . 2008-07-21 02:50 <DIR> d-------- C:\Program Files\Mojicon
2008-07-20 20:08 . 2008-01-30 19:39 69,632 --a------ C:\WINDOWS\ResEnu.dll
2008-07-20 17:46 . 2008-07-20 17:46 876 --a------ C:\WINDOWS\$_hpcst$.hpc
2008-07-20 16:52 . 2008-07-27 00:28 50,948 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-20 15:55 . 2003-12-12 01:52 278,668 --a------ C:\WINDOWS\epsuninst.exe
2008-07-20 13:50 . 2008-07-20 13:50 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-20 13:49 . 2008-07-20 13:49 2,301 --a------ C:\WINDOWS\mozver.dat
2008-07-19 15:47 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-07-02 20:05 . 2008-07-02 20:05 <DIR> d-------- C:\Program Files\SweetIM
2008-07-02 20:05 . 2008-07-02 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 08:21 --------- d-----w C:\Documents and Settings\RiO\Application Data\uTorrent
2008-08-01 17:46 --------- d-----w C:\Program Files\Valve
2008-07-29 16:51 52,736 ----a-w C:\20070208-017-i32.exe
2008-07-29 08:39 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-27 13:56 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd9229.sys
2008-07-27 02:55 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-26 18:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-26 16:52 --------- d-----w C:\Program Files\iTunes
2008-07-26 16:06 --------- d-----w C:\Program Files\Safari
2008-07-26 10:11 --------- d-----w C:\Program Files\Winamp
2008-07-25 13:02 --------- d-----w C:\Program Files\Java
2008-07-25 07:15 --------- d-----w C:\Program Files\LimeWire
2008-07-23 18:18 --------- d-----w C:\Program Files\Windows Live
2008-07-23 17:00 --------- d-----w C:\Program Files\DAEMON Tools
2008-07-23 17:00 --------- d-----w C:\Program Files\Common Files\ConfidentUser
2008-07-20 19:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-20 18:50 260,608 ----a-w C:\Documents and Settings\RiO\Application Data\setup_en[1].exe
2008-07-20 18:49 188,928 ----a-w C:\Documents and Settings\RiO\Application Data\install_en[1].exe
2008-07-20 14:23 --------- d-----w C:\Program Files\Incomplete
2008-07-20 07:54 --------- d--h--r C:\Documents and Settings\RiO\Application Data\yahoo!
2008-06-24 08:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-23 11:54 23,766,320 ----a-w C:\QuickTimeInstaller.exe
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 05:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 01:37 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-06-08 01:37 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-06 06:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-06-05 15:50 --------- d-----w C:\Program Files\Microsoft Works
2008-02-02 17:50 15,229,896 ----a-w C:\Program Files\winampremote.exe
2008-02-02 08:24 102,082 ----a-w C:\Program Files\greasemonkey-0.7.20080121.0-fx.xpi
2008-02-02 08:17 23,383 ----a-w C:\Program Files\10948.user.js.js
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 14:12 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" [2008-05-27 10:50 413696]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-03-13 04:24]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2003-03-20 17:24]
S3 NTProcDrv;Process creation detector for NT.;C:\Program Files\Silkroad\bot\NtProcDrv.sys []
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-04-14 12:07]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d2ef75f-3824-11dc-9288-0020e026efc2}]
\Shell\AutoRun\command - .\AutoRun\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62316a84-b817-11db-911b-00023f22e544}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe AngAntiVirus.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84bf8850-edf2-11dc-9489-0020e026efc2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3140da8-eb16-11db-91e9-0020e026efc2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb0b71f1-c4dd-11dc-93fe-0020e026efc2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4bcc4b0-2db5-11dd-9511-0020e026efc2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db749230-12b6-11dd-94d7-0020e026efc2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a07972-5272-11dd-956c-0020e026efc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a07974-5272-11dd-956c-0020e026efc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
.
Contents of the 'Scheduled Tasks' folder

2008-07-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-07-23 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-02 09:50]

2008-07-23 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-02 09:50]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue SpyEraser - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
HKCU-Run-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKLM-Run-Ad-Watch - C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
HKLM-Run-BMf3e540a8 - C:\WINDOWS\system32\oltccltt.dll
Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
R1 -: HKCU-SearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 -: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 -: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 -: {3B3628FF-E084-47ef-8797-FA36FC2571EA} - C:\Program Files\Mojicon\Mojicon\mojiwin.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 18:03:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\update\update.exe
.
**************************************************************************
.
Completion time: 2008-08-02 18:13:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-02 10:13:26
ComboFix2.txt 2008-07-24 21:44:40

Pre-Run: 44,164,513,792 bytes free
Post-Run: 43,763,568,640 bytes free

492 --- E O F --- 2008-07-27 13:55:38
 
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

utorrent

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders:

C:\Program Files\uTorrent
C:\Documents and Settings\RiO\Application Data\uTorrent

Empty Recycle Bin

Please run again combofix when finished and post the log back here.
 
ComboFix 08-07-31.06 - RiO 2008-08-02 18:41:26.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.221 [GMT 8:00]
Running from: C:\Documents and Settings\RiO\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-07-30 00:35 . 2008-07-30 00:56 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-30 00:35 . 2008-07-30 00:56 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-30 00:29 . 2008-07-30 00:29 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-30 00:29 . 2008-08-02 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-30 00:29 . 2008-08-02 18:01 3,709,472 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-30 00:29 . 2008-08-02 18:03 671,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-30 00:29 . 2008-08-02 18:01 30,060 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-30 00:29 . 2008-08-02 18:03 3,376 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-30 00:24 . 2008-07-30 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-27 21:29 . 2007-04-19 00:12 2,854,400 --a------ C:\WINDOWS\system32\dllcache\msi.dll
2008-07-27 21:28 . 2007-10-26 11:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-07-27 15:48 . 2008-07-27 15:48 <DIR> d-------- C:\Documents and Settings\RiO\Application Data\Nero
2008-07-27 15:43 . 2008-07-27 15:43 <DIR> d-------- C:\Program Files\Nero
2008-07-27 15:43 . 2008-07-27 15:46 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-27 15:43 . 2008-07-27 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-27 09:16 . 2004-08-03 23:00 71,040 --------- C:\WINDOWS\system32\drivers\_004187_.tmp.dll
2008-07-27 01:38 . 2004-08-03 23:00 71,040 --------- C:\WINDOWS\system32\drivers\_004196_.tmp.dll
2008-07-27 00:52 . 2008-07-27 00:52 <DIR> d-------- C:\Program Files\iPod
2008-07-26 22:24 . 2008-07-26 22:24 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-07-26 21:50 . 2008-07-26 21:50 <DIR> d-------- C:\Program Files\MSBuild
2008-07-26 21:46 . 2008-07-26 23:02 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-07-26 21:45 . 2008-07-26 21:45 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-07-26 21:44 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-07-26 21:43 . 2008-07-26 21:43 <DIR> d-------- C:\9d49f36563c46fecc22d5b210631
2008-07-26 19:48 . 2004-08-03 23:00 71,040 --------- C:\WINDOWS\system32\drivers\_004186_.tmp.dll
2008-07-26 18:11 . 2008-07-26 18:11 <DIR> d-------- C:\Documents and Settings\RiO\Application Data\Winamp
2008-07-26 18:09 . 2008-07-26 18:09 <DIR> d-------- C:\FEA - Command & Conquer Generals
2008-07-25 14:09 . 2008-07-25 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-25 13:12 . 2004-08-03 23:00 71,040 --------- C:\WINDOWS\system32\drivers\_004167_.tmp.dll
2008-07-25 12:15 . 2008-07-27 21:45 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-25 12:15 . 2008-07-27 21:45 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-25 12:15 . 2008-07-27 21:45 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-25 12:00 . 2004-08-03 23:00 71,040 --------- C:\WINDOWS\system32\drivers\_004159_.tmp.dll
2008-07-25 10:57 . 2008-08-02 18:20 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-25 02:05 . 2008-07-25 02:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-24 21:02 . 2008-07-24 21:02 <DIR> d-------- C:\Program Files\Sun
2008-07-24 14:12 . 2008-07-30 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-24 03:40 . 2008-07-29 17:22 <DIR> d-------- C:\Program Files\Uniblue
2008-07-24 01:22 . 2008-07-24 01:22 <DIR> d-------- C:\172c772b76c5c83b5bdae6fcceb9b481
2008-07-24 01:00 . 2008-07-29 19:38 <DIR> d-------- C:\Program Files\VirusRanger
2008-07-24 01:00 . 2008-07-24 01:00 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-07-23 11:51 . 2008-07-23 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-07-23 09:52 . 2008-07-24 03:41 <DIR> d-------- C:\Documents and Settings\RiO\Application Data\Uniblue
2008-07-23 08:43 . 2004-08-03 23:00 71,040 --------- C:\WINDOWS\system32\drivers\_004165_.tmp.dll
2008-07-23 08:43 . 2008-07-23 08:43 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-07-23 08:43 . 2008-07-23 08:43 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-07-22 23:16 . 2008-07-22 23:16 <DIR> d-------- C:\Documents and Settings\RiO\Application Data\Sunbelt Software
2008-07-22 23:15 . 2008-07-22 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-07-22 23:13 . 2008-07-22 23:13 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-07-22 18:43 . 2008-04-14 08:12 8,461,312 --a------ C:\WINDOWS\system32\SETCD5.tmp
2008-07-22 18:42 . 2008-04-14 08:11 1,267,200 --a------ C:\WINDOWS\system32\SETF7C.tmp
2008-07-22 18:41 . 2008-04-14 08:11 1,025,024 --a------ C:\WINDOWS\system32\SETFA6.tmp
2008-07-21 20:52 . 2008-07-21 20:52 <DIR> d-------- C:\Program Files\Mojicon Installer
2008-07-21 17:14 . 2008-07-21 17:14 <DIR> d-------- C:\WINDOWS\ASTULogTemp
2008-07-21 17:14 . 2008-07-21 17:14 41,920 --a------ C:\WINDOWS\system32\ASTULog.cab
2008-07-21 17:14 . 2008-07-21 17:14 283 --a------ C:\WINDOWS\system32\setup.rpt
2008-07-21 12:08 . 2008-07-21 12:10 2 --a------ C:\-254381157
2008-07-21 03:24 . 2008-07-21 03:24 <DIR> d-------- C:\Program Files\Binaryfish
2008-07-21 02:50 . 2008-07-21 02:50 <DIR> d-------- C:\Program Files\Mojicon
2008-07-20 20:08 . 2008-01-30 19:39 69,632 --a------ C:\WINDOWS\ResEnu.dll
2008-07-20 17:46 . 2008-07-20 17:46 876 --a------ C:\WINDOWS\$_hpcst$.hpc
2008-07-20 16:52 . 2008-07-27 00:28 50,948 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-20 15:55 . 2003-12-12 01:52 278,668 --a------ C:\WINDOWS\epsuninst.exe
2008-07-20 13:50 . 2008-07-20 13:50 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-20 13:49 . 2008-07-20 13:49 2,301 --a------ C:\WINDOWS\mozver.dat
2008-07-19 15:47 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-07-02 20:05 . 2008-07-02 20:05 <DIR> d-------- C:\Program Files\SweetIM
2008-07-02 20:05 . 2008-07-02 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 17:46 --------- d-----w C:\Program Files\Valve
2008-07-29 16:51 52,736 ----a-w C:\20070208-017-i32.exe
2008-07-29 08:39 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-27 13:56 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd9229.sys
2008-07-27 02:55 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-26 18:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-26 16:52 --------- d-----w C:\Program Files\iTunes
2008-07-26 16:06 --------- d-----w C:\Program Files\Safari
2008-07-26 10:11 --------- d-----w C:\Program Files\Winamp
2008-07-25 13:02 --------- d-----w C:\Program Files\Java
2008-07-25 07:15 --------- d-----w C:\Program Files\LimeWire
2008-07-23 18:18 --------- d-----w C:\Program Files\Windows Live
2008-07-23 17:00 --------- d-----w C:\Program Files\DAEMON Tools
2008-07-23 17:00 --------- d-----w C:\Program Files\Common Files\ConfidentUser
2008-07-20 19:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-20 18:50 260,608 ----a-w C:\Documents and Settings\RiO\Application Data\setup_en[1].exe
2008-07-20 18:49 188,928 ----a-w C:\Documents and Settings\RiO\Application Data\install_en[1].exe
2008-07-20 14:23 --------- d-----w C:\Program Files\Incomplete
2008-07-20 07:54 --------- d--h--r C:\Documents and Settings\RiO\Application Data\yahoo!
2008-06-24 08:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-23 11:54 23,766,320 ----a-w C:\QuickTimeInstaller.exe
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-16 05:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 01:37 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-06-08 01:37 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-06 06:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-06-06 06:54 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-06-05 15:50 --------- d-----w C:\Program Files\Microsoft Works
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz(3).dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz(2).dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-02-02 17:50 15,229,896 ----a-w C:\Program Files\winampremote.exe
2008-02-02 08:24 102,082 ----a-w C:\Program Files\greasemonkey-0.7.20080121.0-fx.xpi
2008-02-02 08:17 23,383 ----a-w C:\Program Files\10948.user.js.js
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 14:12 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" [2008-05-27 10:50 413696]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-03-13 04:24]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2003-03-20 17:24]
S3 NTProcDrv;Process creation detector for NT.;C:\Program Files\Silkroad\bot\NtProcDrv.sys []
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-04-14 12:07]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d2ef75f-3824-11dc-9288-0020e026efc2}]
\Shell\AutoRun\command - .\AutoRun\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62316a84-b817-11db-911b-00023f22e544}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe AngAntiVirus.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84bf8850-edf2-11dc-9489-0020e026efc2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3140da8-eb16-11db-91e9-0020e026efc2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb0b71f1-c4dd-11dc-93fe-0020e026efc2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4bcc4b0-2db5-11dd-9511-0020e026efc2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db749230-12b6-11dd-94d7-0020e026efc2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a07972-5272-11dd-956c-0020e026efc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a07974-5272-11dd-956c-0020e026efc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
.
Contents of the 'Scheduled Tasks' folder

2008-07-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-07-23 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-02 09:50]

2008-07-23 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-02 09:50]

2008-07-25 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Supplementary Scan -------
.
R1 -: HKCU-SearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 -: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 -: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 -: {3B3628FF-E084-47ef-8797-FA36FC2571EA} - C:\Program Files\Mojicon\Mojicon\mojiwin.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 18:44:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-02 18:46:21
ComboFix-quarantined-files.txt 2008-08-02 10:45:43
ComboFix2.txt 2008-08-02 10:13:51
ComboFix3.txt 2008-07-24 21:44:40

Pre-Run: 44,331,024,384 bytes free
Post-Run: 44,314,914,816 bytes free

239 --- E O F --- 2008-07-27 13:55:38
 
I recommend to uninstall sweetim, link

Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
C:\WINDOWS\system32\drivers\_004187_.tmp.dll
C:\WINDOWS\system32\drivers\_004196_.tmp.dll
C:\WINDOWS\system32\drivers\_004186_.tmp.dll
C:\WINDOWS\system32\drivers\_004167_.tmp.dll
C:\WINDOWS\system32\drivers\_004159_.tmp.dll
C:\WINDOWS\system32\drivers\_004165_.tmp.dll

Folder::
C:\Program Files\VirusRanger
C:\Documents and Settings\All Users\Application Data\SalesMon

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d2ef75f-3824-11dc-9288-0020e026efc2}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62316a84-b817-11db-911b-00023f22e544}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84bf8850-edf2-11dc-9489-0020e026efc2}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3140da8-eb16-11db-91e9-0020e026efc2}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb0b71f1-c4dd-11dc-93fe-0020e026efc2}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4bcc4b0-2db5-11dd-9511-0020e026efc2}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db749230-12b6-11dd-94d7-0020e026efc2}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a07972-5272-11dd-956c-0020e026efc2}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a07974-5272-11dd-956c-0020e026efc2}]

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
Please don't install SP3 until you are clean or it will cause serious consequences to your system.

So please stop it and continue with my instructions :)
 
OMG i just failed install sp3!!!! arghhhhhh!!!
anyway here's my HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:30 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\rio123.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Mojicon Dispenser - {3B3628FF-E084-47ef-8797-FA36FC2571EA} - C:\Program Files\Mojicon\Mojicon\mojiwin.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9563 bytes


combofix

ComboFix 08-07-31.06 - RiO 2008-08-02 22:58:52.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.208 [GMT 8:00]
Running from: C:\Documents and Settings\RiO\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\RiO\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\drivers\_004159_.tmp.dll
C:\WINDOWS\system32\drivers\_004165_.tmp.dll
C:\WINDOWS\system32\drivers\_004167_.tmp.dll
C:\WINDOWS\system32\drivers\_004186_.tmp.dll
C:\WINDOWS\system32\drivers\_004187_.tmp.dll
C:\WINDOWS\system32\drivers\_004196_.tmp.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\SalesMon
C:\Program Files\VirusRanger
C:\Program Files\VirusRanger\mm.dll
C:\WINDOWS\system32\_004217_.tmp.dll
C:\WINDOWS\system32\_004218_.tmp.dll
C:\WINDOWS\system32\_004219_.tmp.dll
C:\WINDOWS\system32\_004220_.tmp.dll
C:\WINDOWS\system32\_004227_.tmp.dll
C:\WINDOWS\system32\_004228_.tmp.dll
C:\WINDOWS\system32\_004229_.tmp.dll
C:\WINDOWS\system32\_004231_.tmp.dll
C:\WINDOWS\system32\_004232_.tmp.dll
C:\WINDOWS\system32\_004235_.tmp.dll
C:\WINDOWS\system32\_004236_.tmp.dll
C:\WINDOWS\system32\_004238_.tmp.dll
C:\WINDOWS\system32\_004239_.tmp.dll
C:\WINDOWS\system32\_004240_.tmp.dll
C:\WINDOWS\system32\_004242_.tmp.dll
C:\WINDOWS\system32\_004245_.tmp.dll
C:\WINDOWS\system32\_004246_.tmp.dll
C:\WINDOWS\system32\_004250_.tmp.dll
C:\WINDOWS\system32\_004251_.tmp.dll
C:\WINDOWS\system32\_004253_.tmp.dll
C:\WINDOWS\system32\_004256_.tmp.dll
C:\WINDOWS\system32\_004258_.tmp.dll
C:\WINDOWS\system32\_004259_.tmp.dll
C:\WINDOWS\system32\_004260_.tmp.dll
C:\WINDOWS\system32\_004261_.tmp.dll
C:\WINDOWS\system32\_004264_.tmp.dll
C:\WINDOWS\system32\_004265_.tmp.dll
C:\WINDOWS\system32\_004266_.tmp.dll
C:\WINDOWS\system32\_004267_.tmp.dll
C:\WINDOWS\system32\_004268_.tmp.dll
C:\WINDOWS\system32\_004273_.tmp.dll
C:\WINDOWS\system32\_004275_.tmp.dll
C:\WINDOWS\system32\drivers\_004159_.tmp.dll
C:\WINDOWS\system32\drivers\_004165_.tmp.dll
C:\WINDOWS\system32\drivers\_004167_.tmp.dll
C:\WINDOWS\system32\drivers\_004186_.tmp.dll
C:\WINDOWS\system32\drivers\_004187_.tmp.dll
C:\WINDOWS\system32\drivers\_004196_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-08-02 19:38 . 2007-10-26 11:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-08-02 19:37 . 2007-02-28 17:10 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-07-30 00:35 . 2008-07-30 00:56 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-30 00:35 . 2008-07-30 00:56 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-30 00:29 . 2008-07-30 00:29 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-30 00:29 . 2008-08-02 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-30 00:29 . 2008-08-02 23:03 3,720,224 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-30 00:29 . 2008-08-02 23:03 696,352 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-30 00:29 . 2008-08-02 23:03 30,144 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-30 00:29 . 2008-08-02 23:03 3,460 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-30 00:24 . 2008-07-30 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-27 21:28 . 2004-08-03 23:00 71,040 --------- C:\WINDOWS\system32\drivers\_004188_.tmp.dll
2008-07-27 15:48 . 2008-07-27 15:48 <DIR> d-------- C:\Documents and Settings\RiO\Application Data\Nero
2008-07-27 15:43 . 2008-07-27 15:43 <DIR> d-------- C:\Program Files\Nero
2008-07-27 15:43 . 2008-07-27 15:46 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-27 15:43 . 2008-07-27 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-27 00:52 . 2008-07-27 00:52 <DIR> d-------- C:\Program Files\iPod
2008-07-26 22:24 . 2008-07-26 22:24 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-07-26 21:50 . 2008-07-26 21:50 <DIR> d-------- C:\Program Files\MSBuild
2008-07-26 21:46 . 2008-07-26 23:02 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-07-26 21:45 . 2008-07-26 21:45 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-07-26 21:44 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-07-26 21:43 . 2008-07-26 21:43 <DIR> d-------- C:\9d49f36563c46fecc22d5b210631
2008-07-26 18:11 . 2008-07-26 18:11 <DIR> d-------- C:\Documents and Settings\RiO\Application Data\Winamp
2008-07-26 18:09 . 2008-07-26 18:09 <DIR> d-------- C:\FEA - Command & Conquer Generals
2008-07-25 14:09 . 2008-07-25 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-25 12:15 . 2008-08-02 19:59 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-25 12:15 . 2008-08-02 19:59 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-25 12:15 . 2008-08-02 19:59 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-25 10:57 . 2008-08-02 19:56 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-25 02:05 . 2008-07-25 02:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-24 21:02 . 2008-07-24 21:02 <DIR> d-------- C:\Program Files\Sun
2008-07-24 14:12 . 2008-07-30 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-24 03:40 . 2008-07-29 17:22 <DIR> d-------- C:\Program Files\Uniblue
2008-07-24 01:22 . 2008-07-24 01:22 <DIR> d-------- C:\172c772b76c5c83b5bdae6fcceb9b481
2008-07-23 11:51 . 2008-07-23 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-07-23 09:52 . 2008-07-24 03:41 <DIR> d-------- C:\Documents and Settings\RiO\Application Data\Uniblue
2008-07-23 08:43 . 2008-07-23 08:43 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-07-23 08:43 . 2008-07-23 08:43 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-07-22 23:16 . 2008-07-22 23:16 <DIR> d-------- C:\Documents and Settings\RiO\Application Data\Sunbelt Software
2008-07-22 23:15 . 2008-07-22 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-07-22 23:13 . 2008-07-22 23:13 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-07-22 18:43 . 2008-04-14 08:12 8,461,312 --a------ C:\WINDOWS\system32\SETCD5.tmp
2008-07-22 18:42 . 2008-04-14 08:11 1,267,200 --a------ C:\WINDOWS\system32\SETF7C.tmp
2008-07-22 18:41 . 2008-04-14 08:11 1,025,024 --a------ C:\WINDOWS\system32\SETFA6.tmp
2008-07-21 20:52 . 2008-07-21 20:52 <DIR> d-------- C:\Program Files\Mojicon Installer
2008-07-21 17:14 . 2008-07-21 17:14 <DIR> d-------- C:\WINDOWS\ASTULogTemp
2008-07-21 17:14 . 2008-07-21 17:14 41,920 --a------ C:\WINDOWS\system32\ASTULog.cab
2008-07-21 17:14 . 2008-07-21 17:14 283 --a------ C:\WINDOWS\system32\setup.rpt
2008-07-21 12:08 . 2008-07-21 12:10 2 --a------ C:\-254381157
2008-07-21 03:24 . 2008-07-21 03:24 <DIR> d-------- C:\Program Files\Binaryfish
2008-07-21 02:50 . 2008-07-21 02:50 <DIR> d-------- C:\Program Files\Mojicon
2008-07-20 20:08 . 2008-01-30 19:39 69,632 --a------ C:\WINDOWS\ResEnu.dll
2008-07-20 17:46 . 2008-07-20 17:46 876 --a------ C:\WINDOWS\$_hpcst$.hpc
2008-07-20 16:52 . 2008-07-27 00:28 50,948 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-20 15:55 . 2003-12-12 01:52 278,668 --a------ C:\WINDOWS\epsuninst.exe
2008-07-20 13:50 . 2008-07-20 13:50 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-20 13:49 . 2008-07-20 13:49 2,301 --a------ C:\WINDOWS\mozver.dat
2008-07-19 15:47 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-07-02 20:05 . 2008-07-02 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 12:33 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd9229.sys
2008-08-01 17:46 --------- d-----w C:\Program Files\Valve
2008-07-29 16:51 52,736 ----a-w C:\20070208-017-i32.exe
2008-07-29 08:39 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-27 02:55 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-26 18:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-26 16:52 --------- d-----w C:\Program Files\iTunes
2008-07-26 16:06 --------- d-----w C:\Program Files\Safari
2008-07-26 10:11 --------- d-----w C:\Program Files\Winamp
2008-07-25 13:02 --------- d-----w C:\Program Files\Java
2008-07-25 07:15 --------- d-----w C:\Program Files\LimeWire
2008-07-23 18:18 --------- d-----w C:\Program Files\Windows Live
2008-07-23 17:00 --------- d-----w C:\Program Files\DAEMON Tools
2008-07-23 17:00 --------- d-----w C:\Program Files\Common Files\ConfidentUser
2008-07-20 19:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-20 18:50 260,608 ----a-w C:\Documents and Settings\RiO\Application Data\setup_en[1].exe
2008-07-20 18:49 188,928 ----a-w C:\Documents and Settings\RiO\Application Data\install_en[1].exe
2008-07-20 14:23 --------- d-----w C:\Program Files\Incomplete
2008-07-20 07:54 --------- d--h--r C:\Documents and Settings\RiO\Application Data\yahoo!
2008-06-24 08:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-23 11:54 23,766,320 ----a-w C:\QuickTimeInstaller.exe
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 05:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 01:37 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-06-08 01:37 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-06 06:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-06-05 15:50 --------- d-----w C:\Program Files\Microsoft Works
2008-02-02 17:50 15,229,896 ----a-w C:\Program Files\winampremote.exe
2008-02-02 08:24 102,082 ----a-w C:\Program Files\greasemonkey-0.7.20080121.0-fx.xpi
2008-02-02 08:17 23,383 ----a-w C:\Program Files\10948.user.js.js
.

((((((((((((((((((((((((((((( snapshot@2008-08-02_18.12.37.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-03 15:00:56 71,040 ------w C:\WINDOWS\system32\drivers\_004188_.tmp.dll
+ 2004-08-03 14:59:20 36,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\intelppm.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" [2008-05-27 10:50 413696]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-03-13 04:24]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2003-03-20 17:24]
S3 NTProcDrv;Process creation detector for NT.;C:\Program Files\Silkroad\bot\NtProcDrv.sys []
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-04-14 12:07]
.
Contents of the 'Scheduled Tasks' folder

2008-08-02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-07-23 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-02 09:50]

2008-07-23 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-02 09:50]

2008-07-25 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 23:05:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-08-02 23:11:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-02 15:10:58
ComboFix2.txt 2008-08-02 10:46:22
ComboFix3.txt 2008-08-02 10:13:51
ComboFix4.txt 2008-07-24 21:44:40

Pre-Run: 44,934,279,168 bytes free
Post-Run: 44,907,323,392 bytes free

253 --- E O F --- 2008-08-02 12:31:45
 
Yes that is no wonder if SP3 installation failed.

Delete this:

C:\WINDOWS\system32\drivers\_004188_.tmp.dll

Empty Recycle Bin.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
 
here we go...
kaspersky report:

Full Scan: completed 8/3/2008 2:22:50 AM (events: 245, objects: 371356, time: 2:00:17 AM)
8/3/2008 2:22:52 AM Task completed
8/3/2008 2:22:50 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035895.dll Skipped by user
8/3/2008 2:22:50 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035895.dll
8/3/2008 2:22:50 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035893.dll
8/3/2008 2:22:42 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035892.dll Skipped by user
8/3/2008 2:22:42 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035892.dll
8/3/2008 2:22:42 AM Deleted: Trojan.Win32.Monder.bir C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035890.dll
8/3/2008 2:22:42 AM Detected: Trojan.Win32.Monder.bir C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035890.dll
8/3/2008 2:22:42 AM Deleted: Trojan.Win32.Monder.cbv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035889.dll
8/3/2008 2:22:42 AM Detected: Trojan.Win32.Monder.cbv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035889.dll
8/3/2008 2:22:42 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035888.dll
8/3/2008 2:22:38 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035887.dll Skipped by user
8/3/2008 2:22:38 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035887.dll
8/3/2008 2:22:37 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035886.dll
8/3/2008 2:22:17 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035885.dll Skipped by user
8/3/2008 2:22:17 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035885.dll
8/3/2008 2:22:17 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035884.dll
8/3/2008 2:22:07 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeuf C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035882.dll Skipped by user
8/3/2008 2:22:07 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeuf C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035882.dll
8/3/2008 2:22:06 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aema C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035881.dll Skipped by user
8/3/2008 2:22:06 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aema C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035881.dll
8/3/2008 2:22:06 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035880.dll Skipped by user
8/3/2008 2:22:06 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035880.dll
8/3/2008 2:22:06 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035879.dll
8/3/2008 2:21:56 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035878.dll
8/3/2008 2:21:52 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035877.dll
8/3/2008 2:21:42 AM Deleted: Trojan.Win32.Monder.cbv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035876.dll
8/3/2008 2:21:42 AM Detected: Trojan.Win32.Monder.cbv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035876.dll
8/3/2008 2:21:42 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035875.dll Skipped by user
8/3/2008 2:21:42 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035875.dll
8/3/2008 2:21:42 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aema C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035874.dll Skipped by user
8/3/2008 2:21:42 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aema C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035874.dll
8/3/2008 2:21:42 AM Deleted: Trojan.Win32.Monder.bis C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035873.dll
8/3/2008 2:21:42 AM Detected: Trojan.Win32.Monder.bis C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035873.dll
8/3/2008 2:21:42 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035872.dll Skipped by user
8/3/2008 2:21:42 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035872.dll
8/3/2008 2:21:41 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeuf C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035871.dll Skipped by user
8/3/2008 2:21:41 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeuf C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035871.dll
8/3/2008 2:21:41 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035870.dll
8/3/2008 2:21:31 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035869.dll Skipped by user
8/3/2008 2:21:31 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035869.dll
8/3/2008 2:21:31 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP64\A0035664.dll Skipped by user
8/3/2008 2:21:31 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP64\A0035664.dll
8/3/2008 2:21:31 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP64\A0035663.dll Skipped by user
8/3/2008 2:21:31 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP64\A0035663.dll
8/3/2008 2:21:30 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0035603.dll
8/3/2008 2:21:23 AM Deleted: Trojan.Win32.Monder.cca C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0035602.dll
8/3/2008 2:21:23 AM Detected: Trojan.Win32.Monder.cca C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0035602.dll
8/3/2008 2:21:22 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034587.dll Skipped by user
8/3/2008 2:21:22 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034587.dll
8/3/2008 2:21:22 AM Deleted: Trojan.Win32.Monder.cca C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034560.dll
8/3/2008 2:21:22 AM Detected: Trojan.Win32.Monder.cca C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034560.dll
8/3/2008 2:21:22 AM Deleted: Trojan.Win32.Monder.bmc C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034524.dll
8/3/2008 2:21:22 AM Detected: Trojan.Win32.Monder.bmc C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034524.dll
8/3/2008 2:21:22 AM Deleted: Trojan.Win32.Monder.bmd C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034523.dll
8/3/2008 2:21:22 AM Detected: Trojan.Win32.Monder.bmd C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034523.dll
8/3/2008 2:21:21 AM Deleted: Trojan.Win32.Monder.bir C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034491.dll
8/3/2008 2:21:20 AM Detected: Trojan.Win32.Monder.bir C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034491.dll
8/3/2008 2:21:20 AM Deleted: not-a-virus:AdTool.Win32.MyWebSearch.bm C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP62\a0033056.exe
8/3/2008 2:20:47 AM Detected: not-a-virus:AdTool.Win32.MyWebSearch.bm C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP62\A0033056.exe/Toolbar.exe
8/3/2008 2:18:51 AM Deleted: not-a-virus:AdTool.Win32.MyWebSearch.bm C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP55\a0032448.exe
8/3/2008 2:18:10 AM Detected: not-a-virus:AdTool.Win32.MyWebSearch.bm C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP55\A0032448.exe/Toolbar.exe
8/3/2008 2:16:07 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\QooBox\Quarantine\C\WINDOWS\system32\wmjaybil.dll.vir Skipped by user
8/3/2008 2:16:07 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\QooBox\Quarantine\C\WINDOWS\system32\wmjaybil.dll.vir
8/3/2008 2:16:07 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\vtwdlwbs.dll.vir
8/3/2008 2:16:00 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\QooBox\Quarantine\C\WINDOWS\system32\vhkjakga.dll.vir Skipped by user
8/3/2008 2:16:00 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\QooBox\Quarantine\C\WINDOWS\system32\vhkjakga.dll.vir
8/3/2008 2:16:00 AM Deleted: Trojan.Win32.Monder.bir C:\QooBox\Quarantine\C\WINDOWS\system32\tovhijaw.dll.vir
8/3/2008 2:16:00 AM Detected: Trojan.Win32.Monder.bir C:\QooBox\Quarantine\C\WINDOWS\system32\tovhijaw.dll.vir
8/3/2008 2:16:00 AM Deleted: Trojan.Win32.Monder.cbv C:\QooBox\Quarantine\C\WINDOWS\system32\sqgqqblv.dll.vir
8/3/2008 2:16:00 AM Detected: Trojan.Win32.Monder.cbv C:\QooBox\Quarantine\C\WINDOWS\system32\sqgqqblv.dll.vir
8/3/2008 2:15:59 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\rqRKBQgF.dll.vir
8/3/2008 2:15:56 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\QooBox\Quarantine\C\WINDOWS\system32\qxjmdy.dll.vir Skipped by user
8/3/2008 2:15:56 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\QooBox\Quarantine\C\WINDOWS\system32\qxjmdy.dll.vir
8/3/2008 2:15:56 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\pmnlijhe.dll.vir
8/3/2008 2:15:35 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\QooBox\Quarantine\C\WINDOWS\system32\nlpxldka.dll.vir Skipped by user
8/3/2008 2:15:35 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\QooBox\Quarantine\C\WINDOWS\system32\nlpxldka.dll.vir
8/3/2008 2:15:35 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\nhykju.dll.vir
8/3/2008 2:15:25 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeuf C:\QooBox\Quarantine\C\WINDOWS\system32\mvxdkx.dll.vir Skipped by user
8/3/2008 2:15:25 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeuf C:\QooBox\Quarantine\C\WINDOWS\system32\mvxdkx.dll.vir
8/3/2008 2:15:25 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aema C:\QooBox\Quarantine\C\WINDOWS\system32\mvitnohh.dll.vir Skipped by user
8/3/2008 2:15:25 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aema C:\QooBox\Quarantine\C\WINDOWS\system32\mvitnohh.dll.vir
8/3/2008 2:15:24 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\QooBox\Quarantine\C\WINDOWS\system32\mqwmejbs.dll.vir Skipped by user
8/3/2008 2:15:24 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\QooBox\Quarantine\C\WINDOWS\system32\mqwmejbs.dll.vir
8/3/2008 2:15:24 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\mmymxb.dll.vir
8/3/2008 2:15:14 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\ljJBttRL.dll.vir
8/3/2008 2:15:11 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\lffnpodd.dll.vir
8/3/2008 2:15:00 AM Deleted: Trojan.Win32.Monder.cbv C:\QooBox\Quarantine\C\WINDOWS\system32\kwogbhfp.dll.vir
8/3/2008 2:15:00 AM Detected: Trojan.Win32.Monder.cbv C:\QooBox\Quarantine\C\WINDOWS\system32\kwogbhfp.dll.vir
8/3/2008 2:15:00 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\QooBox\Quarantine\C\WINDOWS\system32\jkkznk.dll.vir Skipped by user
8/3/2008 2:15:00 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\QooBox\Quarantine\C\WINDOWS\system32\jkkznk.dll.vir
8/3/2008 2:15:00 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aema C:\QooBox\Quarantine\C\WINDOWS\system32\fizaqe.dll.vir Skipped by user
8/3/2008 2:15:00 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aema C:\QooBox\Quarantine\C\WINDOWS\system32\fizaqe.dll.vir
8/3/2008 2:15:00 AM Deleted: Trojan.Win32.Monder.bis C:\QooBox\Quarantine\C\WINDOWS\system32\eryjepaf.dll.vir
8/3/2008 2:15:00 AM Detected: Trojan.Win32.Monder.bis C:\QooBox\Quarantine\C\WINDOWS\system32\eryjepaf.dll.vir
8/3/2008 2:15:00 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\QooBox\Quarantine\C\WINDOWS\system32\eivrpmgn.dll.vir Skipped by user
8/3/2008 2:15:00 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\QooBox\Quarantine\C\WINDOWS\system32\eivrpmgn.dll.vir
8/3/2008 2:15:00 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeuf C:\QooBox\Quarantine\C\WINDOWS\system32\eafhbdpx.dll.vir Skipped by user
8/3/2008 2:15:00 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeuf C:\QooBox\Quarantine\C\WINDOWS\system32\eafhbdpx.dll.vir
8/3/2008 2:14:59 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\cxwesqhq.dll.vir
8/3/2008 2:14:48 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\QooBox\Quarantine\C\WINDOWS\system32\afgbnauh.dll.vir Skipped by user
8/3/2008 2:14:48 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\QooBox\Quarantine\C\WINDOWS\system32\afgbnauh.dll.vir
8/3/2008 2:14:48 AM Deleted: not-a-virus:Downloader.Win32.WinFixer.ig C:\Program Files\Common Files\ConfidentUser\strpmon.exe
8/3/2008 2:14:48 AM Detected: not-a-virus:Downloader.Win32.WinFixer.ig C:\Program Files\Common Files\ConfidentUser\strpmon.exe
8/3/2008 2:14:47 AM Deleted: not-a-virus:AdTool.Win32.Zango.l C:\Documents and Settings\RiO\Desktop\RiO\[DS]\setup.exe
8/3/2008 2:14:47 AM Detected: not-a-virus:AdTool.Win32.Zango.l C:\Documents and Settings\RiO\Desktop\RiO\[DS]\Setup.exe/UPX
8/3/2008 2:14:33 AM Deleted: not-a-virus:AdTool.Win32.MyWebSearch.bm C:\Documents and Settings\RiO\Desktop\harus!!!\Nero8\nero-8.3.6.0_eng_trial.exe
8/3/2008 2:13:15 AM Detected: not-a-virus:AdTool.Win32.MyWebSearch.bm C:\Documents and Settings\RiO\Desktop\harus!!!\Nero8\Nero-8.3.6.0_eng_trial.exe/Toolbar.exe
8/3/2008 2:09:40 AM Deleted: not-a-virus:Downloader.Win32.WinFixer.ba C:\Documents and Settings\RiO\Application Data\setup_en[1].exe
8/3/2008 2:09:40 AM Detected: not-a-virus:Downloader.Win32.WinFixer.ba C:\Documents and Settings\RiO\Application Data\setup_en[1].exe
8/3/2008 2:09:40 AM Deleted: not-a-virus:Downloader.Win32.WinFixer.au C:\Documents and Settings\RiO\Application Data\install_en[1].exe
8/3/2008 2:09:14 AM Detected: not-a-virus:Downloader.Win32.WinFixer.au C:\Documents and Settings\RiO\Application Data\install_en[1].exe
8/3/2008 2:08:25 AM Detected: http://www.viruslist.com/en/advisories/28083 C:\WINDOWS\system32\Macromed\Flash\SET1E.tmp
8/3/2008 2:08:24 AM Detected: http://www.viruslist.com/en/advisories/28083 C:\WINDOWS\system32\Macromed\Flash\SET1D.tmp
8/3/2008 2:00:08 AM Detected: http://www.viruslist.com/en/advisories/26027 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\flash.ocx
8/3/2008 1:48:58 AM Untreated: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\vtwdlwbs.dll.vir Postponed
8/3/2008 1:48:58 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\vtwdlwbs.dll.vir
8/3/2008 1:48:58 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\QooBox\Quarantine\C\WINDOWS\system32\wmjaybil.dll.vir Postponed
8/3/2008 1:48:58 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\QooBox\Quarantine\C\WINDOWS\system32\wmjaybil.dll.vir
8/3/2008 1:48:57 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\QooBox\Quarantine\C\WINDOWS\system32\vhkjakga.dll.vir Postponed
8/3/2008 1:48:57 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\QooBox\Quarantine\C\WINDOWS\system32\vhkjakga.dll.vir
8/3/2008 1:48:57 AM Untreated: Trojan.Win32.Monder.bir C:\QooBox\Quarantine\C\WINDOWS\system32\tovhijaw.dll.vir Postponed
8/3/2008 1:48:57 AM Detected: Trojan.Win32.Monder.bir C:\QooBox\Quarantine\C\WINDOWS\system32\tovhijaw.dll.vir
8/3/2008 1:48:57 AM Untreated: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\pmnlijhe.dll.vir Postponed
8/3/2008 1:48:57 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\pmnlijhe.dll.vir
8/3/2008 1:48:57 AM Untreated: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\rqRKBQgF.dll.vir Postponed
8/3/2008 1:48:57 AM Untreated: Trojan.Win32.Monder.cbv C:\QooBox\Quarantine\C\WINDOWS\system32\sqgqqblv.dll.vir Postponed
8/3/2008 1:48:57 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\rqRKBQgF.dll.vir
8/3/2008 1:48:57 AM Detected: Trojan.Win32.Monder.cbv C:\QooBox\Quarantine\C\WINDOWS\system32\sqgqqblv.dll.vir
8/3/2008 1:48:56 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\QooBox\Quarantine\C\WINDOWS\system32\qxjmdy.dll.vir Postponed
8/3/2008 1:48:56 AM Untreated: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\nhykju.dll.vir Postponed
8/3/2008 1:48:56 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\QooBox\Quarantine\C\WINDOWS\system32\qxjmdy.dll.vir
8/3/2008 1:48:56 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\nhykju.dll.vir
8/3/2008 1:48:56 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\QooBox\Quarantine\C\WINDOWS\system32\nlpxldka.dll.vir Postponed
8/3/2008 1:48:56 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\QooBox\Quarantine\C\WINDOWS\system32\nlpxldka.dll.vir
8/3/2008 1:48:56 AM Untreated: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\mvxdkx.dll.vir Postponed
8/3/2008 1:48:55 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\mvxdkx.dll.vir
8/3/2008 1:48:55 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aema C:\QooBox\Quarantine\C\WINDOWS\system32\mvitnohh.dll.vir Postponed
8/3/2008 1:48:55 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\QooBox\Quarantine\C\WINDOWS\system32\mqwmejbs.dll.vir Postponed
8/3/2008 1:48:55 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aema C:\QooBox\Quarantine\C\WINDOWS\system32\mvitnohh.dll.vir
8/3/2008 1:48:55 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\QooBox\Quarantine\C\WINDOWS\system32\mqwmejbs.dll.vir
8/3/2008 1:48:55 AM Untreated: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\mmymxb.dll.vir Postponed
8/3/2008 1:48:54 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\mmymxb.dll.vir
8/3/2008 1:48:54 AM Untreated: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\lffnpodd.dll.vir Postponed
8/3/2008 1:48:54 AM Untreated: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\ljJBttRL.dll.vir Postponed
8/3/2008 1:48:54 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\lffnpodd.dll.vir
8/3/2008 1:48:54 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\ljJBttRL.dll.vir
8/3/2008 1:48:54 AM Untreated: Trojan.Win32.Monder.cbv C:\QooBox\Quarantine\C\WINDOWS\system32\kwogbhfp.dll.vir Postponed
8/3/2008 1:48:54 AM Detected: Trojan.Win32.Monder.cbv C:\QooBox\Quarantine\C\WINDOWS\system32\kwogbhfp.dll.vir
8/3/2008 1:48:54 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\QooBox\Quarantine\C\WINDOWS\system32\jkkznk.dll.vir Postponed
8/3/2008 1:48:54 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\QooBox\Quarantine\C\WINDOWS\system32\jkkznk.dll.vir
8/3/2008 1:48:54 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aema C:\QooBox\Quarantine\C\WINDOWS\system32\fizaqe.dll.vir Postponed
8/3/2008 1:48:53 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aema C:\QooBox\Quarantine\C\WINDOWS\system32\fizaqe.dll.vir
8/3/2008 1:48:53 AM Untreated: Trojan.Win32.Monder.bis C:\QooBox\Quarantine\C\WINDOWS\system32\eryjepaf.dll.vir Postponed
8/3/2008 1:48:53 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\QooBox\Quarantine\C\WINDOWS\system32\eivrpmgn.dll.vir Postponed
8/3/2008 1:48:53 AM Untreated: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\eafhbdpx.dll.vir Postponed
8/3/2008 1:48:53 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\QooBox\Quarantine\C\WINDOWS\system32\eivrpmgn.dll.vir
8/3/2008 1:48:53 AM Detected: Trojan.Win32.Monder.bis C:\QooBox\Quarantine\C\WINDOWS\system32\eryjepaf.dll.vir
8/3/2008 1:48:53 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\eafhbdpx.dll.vir
8/3/2008 1:48:52 AM Untreated: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\cxwesqhq.dll.vir Postponed
8/3/2008 1:48:52 AM Detected: Heur.Trojan.Generic C:\QooBox\Quarantine\C\WINDOWS\system32\cxwesqhq.dll.vir
8/3/2008 1:48:52 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\QooBox\Quarantine\C\WINDOWS\system32\afgbnauh.dll.vir Postponed
8/3/2008 1:48:52 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\QooBox\Quarantine\C\WINDOWS\system32\afgbnauh.dll.vir
8/3/2008 1:34:33 AM Untreated: not-a-virus:Downloader.Win32.WinFixer.ig C:\Program Files\Common Files\ConfidentUser\strpmon.exe Postponed
8/3/2008 1:34:32 AM Detected: not-a-virus:Downloader.Win32.WinFixer.ig C:\Program Files\Common Files\ConfidentUser\strpmon.exe
8/3/2008 1:32:15 AM Detected: http://www.viruslist.com/en/advisories/25023 C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\File Formats\BMP.8BI
8/3/2008 1:20:57 AM Untreated: not-a-virus:AdTool.Win32.Zango.l C:\Documents and Settings\RiO\Desktop\RiO\[DS]\Setup.exe/UPX Postponed
8/3/2008 1:20:57 AM Detected: not-a-virus:AdTool.Win32.Zango.l C:\Documents and Settings\RiO\Desktop\RiO\[DS]\Setup.exe/UPX
8/3/2008 1:18:50 AM Untreated: not-a-virus:AdTool.Win32.MyWebSearch.bm C:\Documents and Settings\RiO\Desktop\harus!!!\Nero8\Nero-8.3.6.0_eng_trial.exe/Toolbar.exe Postponed
8/3/2008 1:18:24 AM Detected: not-a-virus:AdTool.Win32.MyWebSearch.bm C:\Documents and Settings\RiO\Desktop\harus!!!\Nero8\Nero-8.3.6.0_eng_trial.exe/Toolbar.exe
8/3/2008 1:11:33 AM Untreated: not-a-virus:Downloader.Win32.WinFixer.ba C:\Documents and Settings\RiO\Application Data\setup_en[1].exe Postponed
8/3/2008 1:11:33 AM Detected: not-a-virus:Downloader.Win32.WinFixer.ba C:\Documents and Settings\RiO\Application Data\setup_en[1].exe
8/3/2008 1:11:32 AM Untreated: not-a-virus:Downloader.Win32.WinFixer.au C:\Documents and Settings\RiO\Application Data\install_en[1].exe Postponed
8/3/2008 1:11:31 AM Detected: not-a-virus:Downloader.Win32.WinFixer.au C:\Documents and Settings\RiO\Application Data\install_en[1].exe
8/3/2008 1:03:46 AM Untreated: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035893.dll Postponed
8/3/2008 1:03:46 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035893.dll
8/3/2008 1:03:46 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035895.dll Postponed
8/3/2008 1:03:46 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035895.dll
8/3/2008 1:03:45 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035892.dll Postponed
8/3/2008 1:03:45 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035892.dll
8/3/2008 1:03:45 AM Untreated: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035886.dll Postponed
8/3/2008 1:03:45 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035886.dll
8/3/2008 1:03:45 AM Untreated: Trojan.Win32.Monder.bir C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035890.dll Postponed
8/3/2008 1:03:45 AM Detected: Trojan.Win32.Monder.bir C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035890.dll
8/3/2008 1:03:45 AM Untreated: Trojan.Win32.Monder.cbv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035889.dll Postponed
8/3/2008 1:03:45 AM Untreated: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035888.dll Postponed
8/3/2008 1:03:45 AM Detected: Trojan.Win32.Monder.cbv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035889.dll
8/3/2008 1:03:45 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035888.dll
8/3/2008 1:03:44 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035887.dll Postponed
8/3/2008 1:03:44 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035887.dll
8/3/2008 1:03:44 AM Untreated: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035884.dll Postponed
8/3/2008 1:03:44 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035884.dll
8/3/2008 1:03:44 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035885.dll Postponed
8/3/2008 1:03:44 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035885.dll
8/3/2008 1:03:44 AM Untreated: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035882.dll Postponed
8/3/2008 1:03:44 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035882.dll
8/3/2008 1:03:43 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aema C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035881.dll Postponed
8/3/2008 1:03:43 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aema C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035881.dll
8/3/2008 1:03:43 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035880.dll Postponed
8/3/2008 1:03:43 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035880.dll
8/3/2008 1:03:43 AM Untreated: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035877.dll Postponed
8/3/2008 1:03:43 AM Untreated: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035879.dll Postponed
8/3/2008 1:03:43 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035877.dll
8/3/2008 1:03:43 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035879.dll
8/3/2008 1:03:43 AM Untreated: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035878.dll Postponed
8/3/2008 1:03:43 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035878.dll
8/3/2008 1:03:43 AM Untreated: Trojan.Win32.Monder.cbv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035876.dll Postponed
8/3/2008 1:03:42 AM Detected: Trojan.Win32.Monder.cbv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035876.dll
8/3/2008 1:03:42 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035875.dll Postponed
8/3/2008 1:03:42 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aegv C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035875.dll
8/3/2008 1:03:42 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aema C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035874.dll Postponed
8/3/2008 1:03:42 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aema C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035874.dll
8/3/2008 1:03:42 AM Untreated: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035871.dll Postponed
8/3/2008 1:03:42 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035871.dll
8/3/2008 1:03:42 AM Untreated: Trojan.Win32.Monder.bis C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035873.dll Postponed
8/3/2008 1:03:42 AM Detected: Trojan.Win32.Monder.bis C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035873.dll
8/3/2008 1:03:42 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035872.dll Postponed
8/3/2008 1:03:42 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035872.dll
8/3/2008 1:03:41 AM Untreated: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035870.dll Postponed
8/3/2008 1:03:41 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035870.dll
8/3/2008 1:03:41 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035869.dll Postponed
8/3/2008 1:03:41 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP65\A0035869.dll
8/3/2008 1:03:18 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP64\A0035664.dll Postponed
8/3/2008 1:03:18 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP64\A0035664.dll
8/3/2008 1:03:18 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP64\A0035663.dll Postponed
8/3/2008 1:03:18 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP64\A0035663.dll
8/3/2008 1:03:15 AM Untreated: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0035603.dll Postponed
8/3/2008 1:03:15 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0035603.dll
8/3/2008 1:03:13 AM Untreated: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0035602.dll Postponed
8/3/2008 1:03:13 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0035602.dll
8/3/2008 1:03:11 AM Untreated: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034587.dll Postponed
8/3/2008 1:03:11 AM Detected: not-a-virus:AdWare.Win32.Virtumonde.aeqi C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034587.dll
8/3/2008 1:03:11 AM Untreated: Trojan.Win32.Monder.bir C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034491.dll Postponed
8/3/2008 1:03:11 AM Detected: Trojan.Win32.Monder.bir C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034491.dll
8/3/2008 1:03:10 AM Untreated: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034560.dll Postponed
8/3/2008 1:03:10 AM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034560.dll
8/3/2008 1:03:00 AM Untreated: Trojan.Win32.Monder.bmd C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034523.dll Postponed
8/3/2008 1:03:00 AM Detected: Trojan.Win32.Monder.bmd C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034523.dll
8/3/2008 1:03:00 AM Untreated: Trojan.Win32.Monder.bmc C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034524.dll Postponed
8/3/2008 1:02:59 AM Detected: Trojan.Win32.Monder.bmc C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP63\A0034524.dll
8/3/2008 1:00:53 AM Untreated: not-a-virus:AdTool.Win32.MyWebSearch.bm C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP55\A0032448.exe/Toolbar.exe Postponed
8/3/2008 1:00:53 AM Untreated: not-a-virus:AdTool.Win32.MyWebSearch.bm C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP62\A0033056.exe/Toolbar.exe Postponed
8/3/2008 1:00:50 AM Detected: not-a-virus:AdTool.Win32.MyWebSearch.bm C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP62\A0033056.exe/Toolbar.exe
8/3/2008 1:00:50 AM Detected: not-a-virus:AdTool.Win32.MyWebSearch.bm C:\System Volume Information\_restore{FDAEEEB3-A7C2-4E87-80AD-377711320F1D}\RP55\A0032448.exe/Toolbar.exe
8/3/2008 12:22:33 AM Task started

i did click "Fix it now" button and delete(recommended) all viruses
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:56 AM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\rio123.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Mojicon Dispenser - {3B3628FF-E084-47ef-8797-FA36FC2571EA} - C:\Program Files\Mojicon\Mojicon\mojiwin.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9783 bytes
 
Empty this folder:

C:\QooBox\Quarantine

Delete these if still exist:

C:\Documents and Settings\RiO\Application Data\setup_en[1].exe
C:\Documents and Settings\RiO\Application Data\install_en[1].exe

Empty Recycle Bin.

All viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?
 
You must log in or register to reply here.
Back
Top