W32.IRCbot.Gen removal problem then cannot reboot my computer normally

Hi GUMPY

Download and run OTS

  • Download OTS by Oldtimer to your Desktop and double-click on it to extract the files.
    • NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the Scan All Users checkbox on the toolbar.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessry).



Thanks peku006
 
OTS log

Dear Peku006:

My text is said to be too long (64539 characters) so I have cut it into 2 parts this will be the first part:

Code: 
OTS logfile created on: 12/8/2009 7:04:55 AM - Run 1
OTS by OldTimer - Version 3.1.8.8     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
503.23 Mb Total Physical Memory | 332.18 Mb Available Physical Memory | 66.01% Memory free
1.20 Gb Paging File | 0.84 Gb Available in Paging File | 69.71% Paging File free
Paging file location(s): C:\pagefile.sys 754 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 54.43 Gb Free Space | 36.52% Space Free | Partition Type: NTFS
Drive D: | 4.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: OWNER-GMHV9JQLQ
Current User Name: Owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2009/12/08 07:03:39 | 00,532,992 | ---- | M] (OldTimer Tools)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
wscntfy.exe -> C:\WINDOWS\system32\wscntfy.exe -> [2008/04/14 20:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 20:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation)
stacsv.exe -> c:\Program Files\IDT\ECSXPV_5762_010208\WDM\stacsv.exe -> [2007/12/14 12:27:34 | 00,212,992 | ---- | M] (IDT, Inc.)
sttray.exe -> C:\Program Files\IDT\WDM\sttray.exe -> [2007/12/14 12:26:40 | 00,413,696 | ---- | M] (IDT, Inc.)
vptray.exe -> C:\Program Files\Symantec AntiVirus\VPTray.exe -> [2004/03/13 06:18:32 | 00,124,128 | ---- | M] (Symantec Corporation)
rtvscan.exe -> C:\Program Files\Symantec AntiVirus\Rtvscan.exe -> [2004/03/13 06:17:46 | 01,221,864 | ---- | M] (Symantec Corporation)
defwatch.exe -> C:\Program Files\Symantec AntiVirus\DefWatch.exe -> [2004/03/13 06:17:10 | 00,029,928 | ---- | M] (Symantec Corporation)
ccsetmgr.exe -> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -> [2004/03/01 07:44:54 | 00,242,808 | ---- | M] (Symantec Corporation)
ccevtmgr.exe -> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -> [2004/03/01 07:44:48 | 00,255,096 | ---- | M] (Symantec Corporation)
ccapp.exe -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe -> [2004/03/01 07:44:46 | 00,066,680 | ---- | M] (Symantec Corporation)
jrew.exe -> C:\Documents and Settings\Owner\My Documents\AVIXE pen drive2 stuff\TuDienHND\3rdparty\jre\bin\jrew.exe -> [2003/04/04 09:54:26 | 00,012,800 | ---- | M] ()
apptoservice.exe -> C:\Documents and Settings\Owner\My Documents\AVIXE pen drive2 stuff\TuDienHND\3rdparty\basta\AppToService.exe -> [1999/09/14 03:47:08 | 00,045,056 | ---- | M] (Basta Computing )
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2009/12/08 07:03:39 | 00,532,992 | ---- | M] (OldTimer Tools)
 
[Win32 Services - Safe List]
(sdCoreService) PC Tools Security Service [Auto | Stopped] ->  -> File not found
(sdAuxService) PC Tools Auxiliary Service [Auto | Stopped] ->  -> File not found
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
(STacSV) Audio Service [Auto | Running] -> c:\Program Files\IDT\ECSXPV_5762_010208\WDM\stacsv.exe -> [2007/12/14 12:27:34 | 00,212,992 | ---- | M] (IDT, Inc.)
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [On_Demand | Stopped] -> C:\Program Files\MSN Messenger\usnsvc.exe -> [2007/01/20 03:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation)
(NBService) NBService [On_Demand | Stopped] -> C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -> [2006/11/11 10:18:02 | 00,774,144 | ---- | M] (Nero AG)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(SavRoam) SavRoam [On_Demand | Stopped] -> C:\Program Files\Symantec AntiVirus\SavRoam.exe -> [2004/03/13 06:18:06 | 00,169,192 | ---- | M] (symantec)
(Symantec AntiVirus) Symantec AntiVirus [Auto | Running] -> C:\Program Files\Symantec AntiVirus\Rtvscan.exe -> [2004/03/13 06:17:46 | 01,221,864 | ---- | M] (Symantec Corporation)
(DefWatch) Symantec AntiVirus Definition Watcher [Auto | Running] -> C:\Program Files\Symantec AntiVirus\DefWatch.exe -> [2004/03/13 06:17:10 | 00,029,928 | ---- | M] (Symantec Corporation)
(SNDSrvc) Symantec Network Drivers Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -> [2004/03/12 05:58:32 | 00,193,760 | ---- | M] (Symantec Corporation)
(ccSetMgr) Symantec Settings Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -> [2004/03/01 07:44:54 | 00,242,808 | ---- | M] (Symantec Corporation)
(ccPwdSvc) Symantec Password Validation [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -> [2004/03/01 07:44:52 | 00,087,160 | ---- | M] (Symantec Corporation)
(ccEvtMgr) Symantec Event Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -> [2004/03/01 07:44:48 | 00,255,096 | ---- | M] (Symantec Corporation)
(AppToService_TuDienHND) tdict.server.VietdictServer" /Directory:"C:/Documents and Settings/Owner/My Documents/AVIXE pen drive2 stuff/TuDienHND" /Name:"TuDienHND" /Startup:A [Auto | Running] -> C:\Documents and Settings\Owner\My Documents\AVIXE pen drive2 stuff\TuDienHND\3rdparty\basta\AppToService.exe -> [1999/09/14 03:47:08 | 00,045,056 | ---- | M] (Basta Computing )
 
[Driver Services - Safe List]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091125.004\NAVEX15.SYS -> [2009/11/25 17:00:00 | 01,323,568 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091125.004\NAVENG.SYS -> [2009/11/25 17:00:00 | 00,084,912 | ---- | M] (Symantec Corporation)
(mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mcdbus.sys -> [2009/02/24 18:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.)
(NwlnkIpx) NWLink IPX/SPX/NetBIOS Compatible Transport Protocol [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\nwlnkipx.sys -> [2008/04/14 15:26:08 | 00,088,320 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2008/04/14 13:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/14 13:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\igxpmp32.sys -> [2007/12/19 11:32:12 | 05,854,688 | R--- | M] (Intel Corporation)
(STHDA) IDT High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2007/12/14 12:28:20 | 01,270,872 | ---- | M] (IDT, Inc.)
(RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Rtnicxp.sys -> [2007/07/12 11:49:16 | 00,096,384 | R--- | M] (Realtek Semiconductor Corporation                           )
(sfcure01) StarForce Cure Driver (version 1.x) [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\sfcure01.sys -> [2005/09/08 04:02:40 | 00,003,072 | ---- | M] ()
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\rtl8139.sys -> [2004/08/04 13:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(SYMTDI) SYMTDI [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\SYMTDI.SYS -> [2004/03/12 05:58:10 | 00,263,616 | ---- | M] (Symantec Corporation)
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -> [2004/03/12 05:58:08 | 00,016,288 | ---- | M] (Symantec Corporation)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Program Files\Symantec\SYMEVENT.SYS -> [2004/03/05 14:46:46 | 00,082,832 | ---- | M] (Symantec Corporation)
(SAVRT) SAVRT [Kernel | System | Running] -> C:\Program Files\Symantec AntiVirus\savrt.sys -> [2004/02/10 06:43:56 | 00,301,200 | R--- | M] (Symantec Corporation)
(SAVRTPEL) SAVRTPEL [Kernel | Auto | Running] -> C:\Program Files\Symantec AntiVirus\Savrtpel.sys -> [2004/02/10 06:43:56 | 00,037,008 | R--- | M] (Symantec Corporation)
(NwlnkNb) NWLink NetBIOS [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\nwlnknb.sys -> [2001/08/23 20:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation)
(NwlnkSpx) NWLink SPX/SPXII Protocol [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\nwlnkspx.sys -> [2001/08/23 20:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2001/08/23 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"XMLHTTP_UUID_Default" -> D5 09 00 00 61 21 96 41 9F 87 D1 FE FB DE 1C AF  [binary data] -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"XMLHTTP_UUID_Default" -> D5 09 00 00 61 21 96 41 9F 87 D1 FE FB DE 1C AF  [binary data] -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: Main\\"XMLHTTP_UUID_Default" -> D5 09 00 00 61 21 96 41 9F 87 D1 FE FB DE 1C AF  [binary data] -> 
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: Main\\"XMLHTTP_UUID_Default" -> D5 09 00 00 61 21 96 41 9F 87 D1 FE FB DE 1C AF  [binary data] -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\] > -> -> 
HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\: Main\\"Start Page" -> http://hk.yahoo.com/?p=us -> 
HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\: Main\\"XMLHTTP_UUID_Default" -> D5 09 00 00 61 21 96 41 9F 87 D1 FE FB DE 1C AF  [binary data] -> 
HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 18:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{000009D5-2161-4196-9F87-D1FEFBDE1CAf} [HKLM] -> C:\WINDOWS\System32\qestlkdp.dll [Reg Error: Value error.] -> File not found
{00000AAA-A363-466E-BEF5-9BB68697AA7F} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{01443AEC-0FD1-40fd-9C87-E93D1494C233} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/07/28 18:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2009/02/27 12:07:32 | 00,061,816 | ---- | M] (Adobe Systems Incorporated)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 12:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9C50A9AF-1506-44A1-958A-873DA3977D0C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/10/11 04:17:29 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/10/11 04:17:12 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
{F92CCA65-3301-4C6B-88B5-95ED581FF3DA} [HKLM] -> C:\WINDOWS\System32\svjfjqa.dll [] -> File not found
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2008/07/28 18:47:42 | 00,160,496 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 18:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\] > -> HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated)
"ccApp" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2004/03/01 07:44:46 | 00,066,680 | ---- | M] (Symantec Corporation)
"SDTray" -> C:\Program Files\Spyware Doctor\SDTrayApp.exe ["C:\Program Files\Spyware Doctor\SDTrayApp.exe"] -> File not found
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
"SysTrayApp" -> C:\Program Files\IDT\WDM\sttray.exe [%ProgramFiles%\IDT\WDM\sttray.exe] -> [2007/12/14 12:26:40 | 00,413,696 | ---- | M] (IDT, Inc.)
"vptray" -> C:\Program Files\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> [2004/03/13 06:18:32 | 00,124,128 | ---- | M] (Symantec Corporation)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE -> [1999/02/18 20:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 00,038,912 | ---- | M] ()
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003] > -> HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\] > -> HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> 
ʹÓÃÍøҳѸÀ×ÏÂÔØ -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
ʹÓÃÍøҳѸÀ×ÏÂÔØÈ«²¿Á´½Ó -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\] > -> HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{962EFB8E-2683-42d4-AC74-AAA4C759B9C6}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6337 domain(s) found. -> 
58 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6336 domain(s) found. -> 
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6336 domain(s) found. -> 
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\] > -> HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6336 domain(s) found. -> 
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\] > -> HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{11260943-421B-11D0-8EAC-0000C07D88CF} [HKLM] -> http://www.ipix.com/viewers/ipixx.cab [iPIX ActiveX Control] -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab [MSN Photo Upload Tool] -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{9166CDAD-553D-4FC6-8ED0-498245B2B4EE}\\DhcpNameServer -> 0.0.0.0   (Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 20:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
dsawxfot ->  -> File not found
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2007/12/19 11:07:04 | 00,208,896 | R--- | M] (Intel Corporation)
NavLogon -> C:\WINDOWS\system32\NavLogon.dll -> [2004/03/13 06:17:24 | 00,083,176 | ---- | M] (Symantec Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/05 07:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX02.984\Splinter Cell Pandora Tomorrow\pandora.exe" -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX02.984\Splinter Cell Pandora Tomorrow\pandora.exe [C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX02.984\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:pandora] -> File not found
"C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX46.921\Splinter Cell Pandora Tomorrow\pandora.exe" -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX46.921\Splinter Cell Pandora Tomorrow\pandora.exe [C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX46.921\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:pandora] -> File not found
"C:\Documents and Settings\Owner\Local Settings\Temp\xlnp\XLNetSetup.exe" -> C:\Documents and Settings\Owner\Local Settings\Temp\xlnp\XLNetSetup.exe [C:\Documents and Settings\Owner\Local Settings\Temp\xlnp\XLNetSetup.exe:*:Enabled:Thunder Net Setup Program] -> File not found
"C:\Documents and Settings\Owner\My Documents\AVIXE pen drive2 stuff\TuDienHND\3rdparty\jre\bin\jre.exe" -> C:\Documents and Settings\Owner\My Documents\AVIXE pen drive2 stuff\TuDienHND\3rdparty\jre\bin\jre.exe [C:\Documents and Settings\Owner\My Documents\AVIXE pen drive2 stuff\TuDienHND\3rdparty\jre\bin\jre.exe:*:Enabled:jre] -> [2003/04/04 09:54:26 | 00,012,288 | ---- | M] ()
"C:\games\RedFaction\RedFaction.exe" -> C:\games\RedFaction\RedFaction.exe [C:\games\RedFaction\RedFaction.exe:*:Enabled:Red Faction Launcher] -> File not found
"C:\games\RedFaction\rf.exe" -> C:\games\RedFaction\rf.exe [C:\games\RedFaction\rf.exe:*:Enabled:Red Faction] -> File not found
"C:\Program Files\Electronic Arts\EADM\Core.exe" -> C:\Program Files\Electronic Arts\EADM\Core.exe [C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager] -> File not found
"C:\Program Files\Funshion Online\Funshion\Funshion.exe" -> C:\Program Files\Funshion Online\Funshion\Funshion.exe [C:\Program Files\Funshion Online\Funshion\Funshion.exe:*:Enabled:Funshion] -> [2009/11/04 11:22:50 | 03,302,128 | ---- | M] (Funshion Online Technologies Ltd.)
"C:\Program Files\GameSpy Arcade\Aphex.exe" -> C:\Program Files\GameSpy Arcade\Aphex.exe [C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade] -> File not found
"C:\Program Files\Kolekcja Klasyki\Splinter Cell Pandora Tomorrow\Pandora.exe" -> C:\Program Files\Kolekcja Klasyki\Splinter Cell Pandora Tomorrow\Pandora.exe [C:\Program Files\Kolekcja Klasyki\Splinter Cell Pandora Tomorrow\Pandora.exe:*:Enabled:Pandora] -> File not found
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/05 07:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe" -> C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe [C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza] -> File not found
"C:\Program Files\Thunder Network\SoftManager\Program\XLSoftmgr.exe" -> C:\Program Files\Thunder Network\SoftManager\Program\XLSoftmgr.exe [C:\Program Files\Thunder Network\SoftManager\Program\XLSoftmgr.exe:*:Enabled:迅雷软件助手] -> File not found
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe" -> C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe [C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:pandora] -> File not found
"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2009/10/16 17:53:32 | 00,289,072 | ---- | M] (BitTorrent, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2008/10/15 05:52:12 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\E
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell
\E\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun
\E\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command
\E\Shell\AutoRun\command\\"" -> E:\setup.exe [E:\setup.exe] -> File not found
\G
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell
\G\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun
\G\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
\G\Shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe -a] -> File not found
\{054d65db-a261-11dd-936d-0021978387c3}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{054d65db-a261-11dd-936d-0021978387c3}\Shell\AutoRun\command
\{054d65db-a261-11dd-936d-0021978387c3}\Shell\AutoRun\command\\"" ->  [RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe] -> File not found
\{054d65db-a261-11dd-936d-0021978387c3}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{054d65db-a261-11dd-936d-0021978387c3}\Shell\open\command
\{054d65db-a261-11dd-936d-0021978387c3}\Shell\open\command\\"" ->  [RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe] -> File not found
\{324a0dbb-9aec-11dd-9365-0021978387c3}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{324a0dbb-9aec-11dd-9365-0021978387c3}\Shell
\{324a0dbb-9aec-11dd-9365-0021978387c3}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{324a0dbb-9aec-11dd-9365-0021978387c3}\Shell\AutoRun
\{324a0dbb-9aec-11dd-9365-0021978387c3}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
\{719c8b8b-a67f-11dd-9370-0021978387c3}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{719c8b8b-a67f-11dd-9370-0021978387c3}\Shell\AutoRun\command
\{719c8b8b-a67f-11dd-9370-0021978387c3}\Shell\AutoRun\command\\"" ->  [RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe] -> File not found
\{719c8b8b-a67f-11dd-9370-0021978387c3}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{719c8b8b-a67f-11dd-9370-0021978387c3}\Shell\open\command
\{719c8b8b-a67f-11dd-9370-0021978387c3}\Shell\open\command\\"" ->  [RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe] -> File not found
\{a650e583-ce1b-11dd-938b-0021978387c3}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a650e583-ce1b-11dd-938b-0021978387c3}\Shell
\{a650e583-ce1b-11dd-938b-0021978387c3}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a650e583-ce1b-11dd-938b-0021978387c3}\Shell\AutoRun
\{a650e583-ce1b-11dd-938b-0021978387c3}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a650e583-ce1b-11dd-938b-0021978387c3}\Shell\AutoRun\command
\{a650e583-ce1b-11dd-938b-0021978387c3}\Shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
 
I will send you the remaining log following this email

Thank you
Gumpy
 
Dear Peku006:

Here is the second half of the log


[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2009/12/08 07:03:13 | 00,532,992 | ---- | C] (OldTimer Tools)
Cache -> C:\Cache -> [2009/12/06 23:52:32 | 00,000,000 | ---D | C]
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2009/12/06 10:53:33 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.)
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2009/12/06 10:53:33 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
java.exe -> C:\WINDOWS\System32\java.exe -> [2009/12/06 10:53:33 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
_OTM -> C:\_OTM -> [2009/11/29 01:24:55 | 00,000,000 | ---D | C]
OTM.exe -> C:\Documents and Settings\Owner\Desktop\OTM.exe -> [2009/11/29 01:22:46 | 00,422,912 | ---- | C] (OldTimer Tools)
cmdcons -> C:\cmdcons -> [2009/11/28 23:00:24 | 00,000,000 | RHSD | C]
SESAME STREET Fun Songs -> C:\Documents and Settings\Owner\Desktop\SESAME STREET Fun Songs -> [2009/11/28 18:59:05 | 00,000,000 | ---D | C]
ESET -> C:\Program Files\ESET -> [2009/11/28 13:22:30 | 00,000,000 | ---D | C]
TFC.exe -> C:\Documents and Settings\Owner\Desktop\TFC.exe -> [2009/11/28 12:53:40 | 00,341,504 | ---- | C] (OldTimer Tools)
pss -> C:\WINDOWS\pss -> [2009/11/26 21:49:03 | 00,000,000 | ---D | C]
temp -> C:\WINDOWS\temp -> [2009/11/26 07:57:18 | 00,000,000 | ---D | C]
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2009/11/26 06:56:09 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2009/11/26 06:56:09 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2009/11/26 06:56:09 | 00,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2009/11/26 06:56:09 | 00,031,232 | ---- | C] (NirSoft)
Qoobox -> C:\Qoobox -> [2009/11/26 06:55:03 | 00,000,000 | ---D | C]
Trend Micro -> C:\Program Files\Trend Micro -> [2009/11/26 00:08:51 | 00,000,000 | ---D | C]
ERDNT -> C:\WINDOWS\ERDNT -> [2009/11/26 00:08:41 | 00,000,000 | ---D | C]
ERUNT -> C:\Program Files\ERUNT -> [2009/11/26 00:07:59 | 00,000,000 | ---D | C]
NETVIGATOR -> C:\Program Files\NETVIGATOR -> [2009/11/24 00:42:30 | 00,000,000 | ---D | C]
Temp -> C:\Temp -> [2009/11/24 00:42:24 | 00,000,000 | ---D | C]
MSN6 -> C:\Documents and Settings\Owner\Application Data\MSN6 -> [2009/11/23 23:59:39 | 00,000,000 | ---D | C]
MSN6 -> C:\Documents and Settings\All Users\Application Data\MSN6 -> [2009/11/23 23:59:39 | 00,000,000 | ---D | C]
setup.pss -> C:\WINDOWS\setup.pss -> [2009/11/22 17:46:25 | 00,000,000 | ---D | C]
CSC -> C:\WINDOWS\CSC -> [2009/11/20 22:58:36 | 00,000,000 | -HSD | C]
Malwarebytes -> C:\Documents and Settings\Owner\Application Data\Malwarebytes -> [2009/11/20 22:41:26 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/11/20 22:41:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/11/20 22:41:15 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/11/20 22:41:15 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/11/20 22:41:15 | 00,000,000 | ---D | C]
msvcr80.dll -> C:\WINDOWS\System32\msvcr80.dll -> [2009/11/20 07:32:10 | 00,626,688 | ---- | C] (Microsoft Corporation)
Threat Expert -> C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert -> [2009/11/19 21:50:11 | 00,000,000 | ---D | C]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2009/11/19 21:31:57 | 00,000,000 | ---D | C]
Recent -> C:\Documents and Settings\Owner\Recent -> [2009/11/19 21:09:16 | 00,000,000 | RH-D | C]
Yahoo! Companion -> C:\Documents and Settings\All Users\Application Data\Yahoo! Companion -> [2009/11/19 21:00:18 | 00,000,000 | ---D | C]
Yahoo! -> C:\Documents and Settings\Owner\Application Data\Yahoo! -> [2009/11/19 21:00:18 | 00,000,000 | ---D | C]
Yahoo! -> C:\Program Files\Yahoo! -> [2009/11/19 21:00:12 | 00,000,000 | ---D | C]
ccsetup225.exe -> C:\Documents and Settings\Owner\Desktop\ccsetup225.exe -> [2009/11/19 20:59:33 | 03,310,608 | ---- | C] (Piriform Ltd)
SPSSEval -> C:\Program Files\SPSSEval -> [2009/11/15 00:56:00 | 00,000,000 | ---D | C]
SecuROM -> C:\Documents and Settings\Owner\Application Data\SecuROM -> [2009/11/11 20:03:52 | 00,000,000 | RH-D | C]
Sierra Online -> C:\Program Files\Sierra Online -> [2009/11/11 19:54:53 | 00,000,000 | ---D | C]
Ubisoft -> C:\Program Files\Ubisoft -> [2009/11/09 17:53:51 | 00,000,000 | ---D | C]
1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp ->

[Files/Folders - Modified Within 30 Days]
OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2009/12/08 07:03:39 | 00,532,992 | ---- | M] (OldTimer Tools)
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/12/08 07:00:04 | 00,000,116 | ---- | M] ()
ntuser.dat -> C:\Documents and Settings\Owner\ntuser.dat -> [2009/12/08 06:59:28 | 09,699,328 | ---- | M] ()
funshion.ini -> C:\Documents and Settings\Owner\funshion.ini -> [2009/12/07 21:09:48 | 00,003,044 | ---- | M] ()
sqmnoopt10.sqm -> C:\sqmnoopt10.sqm -> [2009/12/07 20:09:34 | 00,000,244 | -H-- | M] ()
sqmdata10.sqm -> C:\sqmdata10.sqm -> [2009/12/07 20:09:34 | 00,000,232 | -H-- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/12/07 19:09:32 | 00,002,206 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/12/07 19:09:01 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/12/07 19:08:57 | 00,002,048 | --S- | M] ()
ntuser.ini -> C:\Documents and Settings\Owner\ntuser.ini -> [2009/12/06 23:56:19 | 00,000,278 | -HS- | M] ()
sqmnoopt09.sqm -> C:\sqmnoopt09.sqm -> [2009/12/06 23:56:04 | 00,000,244 | -H-- | M] ()
sqmdata09.sqm -> C:\sqmdata09.sqm -> [2009/12/06 23:56:04 | 00,000,232 | -H-- | M] ()
sqmnoopt08.sqm -> C:\sqmnoopt08.sqm -> [2009/12/06 23:53:30 | 00,000,244 | -H-- | M] ()
sqmdata08.sqm -> C:\sqmdata08.sqm -> [2009/12/06 23:53:30 | 00,000,232 | -H-- | M] ()
sqmnoopt07.sqm -> C:\sqmnoopt07.sqm -> [2009/12/05 08:17:17 | 00,000,244 | -H-- | M] ()
sqmdata07.sqm -> C:\sqmdata07.sqm -> [2009/12/05 08:17:17 | 00,000,232 | -H-- | M] ()
sqmnoopt06.sqm -> C:\sqmnoopt06.sqm -> [2009/12/05 08:17:07 | 00,000,244 | -H-- | M] ()
sqmdata06.sqm -> C:\sqmdata06.sqm -> [2009/12/05 08:17:07 | 00,000,232 | -H-- | M] ()
sqmnoopt05.sqm -> C:\sqmnoopt05.sqm -> [2009/12/05 08:16:54 | 00,000,244 | -H-- | M] ()
sqmdata05.sqm -> C:\sqmdata05.sqm -> [2009/12/05 08:16:54 | 00,000,232 | -H-- | M] ()
sqmnoopt04.sqm -> C:\sqmnoopt04.sqm -> [2009/12/05 08:16:47 | 00,000,244 | -H-- | M] ()
sqmdata04.sqm -> C:\sqmdata04.sqm -> [2009/12/05 08:16:47 | 00,000,232 | -H-- | M] ()
09-Dec-Saturday_Duty_Roster(1).xls -> C:\Documents and Settings\Owner\Desktop\09-Dec-Saturday_Duty_Roster(1).xls -> [2009/12/05 08:12:47 | 00,022,528 | ---- | M] ()
V__THE_FINAL_BATTLE__1984__TV_Miniseries__DVDRip_.torrent -> C:\Documents and Settings\Owner\Desktop\V__THE_FINAL_BATTLE__1984__TV_Miniseries__DVDRip_.torrent -> [2009/12/04 20:30:40 | 00,012,582 | ---- | M] ()
V_The_Original_Miniseries__1983__DVDRip.torrent -> C:\Documents and Settings\Owner\Desktop\V_The_Original_Miniseries__1983__DVDRip.torrent -> [2009/12/04 20:29:47 | 00,017,069 | ---- | M] ()
V_The_Original_Mini_Series_1983_WS_DVDRip_XviD_UKi.torrent -> C:\Documents and Settings\Owner\Desktop\V_The_Original_Mini_Series_1983_WS_DVDRip_XviD_UKi.torrent -> [2009/12/04 20:28:05 | 00,014,866 | ---- | M] ()
o{SUMOTorrent.com}o_V_THE_FINAL_BATTLE_(1984)_TV_Miniseries_(DVDRip)_ST3031721.torrent -> C:\Documents and Settings\Owner\Desktop\o{SUMOTorrent.com}o_V_THE_FINAL_BATTLE_(1984)_TV_Miniseries_(DVDRip)_ST3031721.torrent -> [2009/12/04 20:25:39 | 00,012,635 | ---- | M] ()
V_(1983)_e_V_-_The_Final_Battle_(1984)_legendas_em_portugu__s.4601535.TPB.torrent -> C:\Documents and Settings\Owner\Desktop\V_(1983)_e_V_-_The_Final_Battle_(1984)_legendas_em_portugu__s.4601535.TPB.torrent -> [2009/12/04 20:22:39 | 00,018,891 | ---- | M] ()
sqmnoopt03.sqm -> C:\sqmnoopt03.sqm -> [2009/12/03 22:32:53 | 00,000,244 | -H-- | M] ()
sqmdata03.sqm -> C:\sqmdata03.sqm -> [2009/12/03 22:32:53 | 00,000,232 | -H-- | M] ()
sqmnoopt02.sqm -> C:\sqmnoopt02.sqm -> [2009/12/03 20:47:30 | 00,000,244 | -H-- | M] ()
sqmdata02.sqm -> C:\sqmdata02.sqm -> [2009/12/03 20:47:30 | 00,000,232 | -H-- | M] ()
sqmnoopt01.sqm -> C:\sqmnoopt01.sqm -> [2009/12/03 20:47:18 | 00,000,244 | -H-- | M] ()
sqmdata01.sqm -> C:\sqmdata01.sqm -> [2009/12/03 20:47:18 | 00,000,232 | -H-- | M] ()
sqmnoopt00.sqm -> C:\sqmnoopt00.sqm -> [2009/12/03 20:46:59 | 00,000,244 | -H-- | M] ()
sqmdata00.sqm -> C:\sqmdata00.sqm -> [2009/12/03 20:46:59 | 00,000,232 | -H-- | M] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
IconCache.db -> C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db -> [2009/12/03 00:33:43 | 06,388,430 | -H-- | M] ()
funshion.ini -> C:\WINDOWS\System32\funshion.ini -> [2009/12/02 23:07:02 | 00,002,356 | ---- | M] ()
Funshion.lnk -> C:\Documents and Settings\All Users\Desktop\Funshion.lnk -> [2009/12/02 23:07:01 | 00,001,826 | ---- | M] ()
Pop Game Corpora.lnk -> C:\Documents and Settings\All Users\Desktop\Pop Game Corpora.lnk -> [2009/12/02 23:07:01 | 00,001,591 | ---- | M] ()
funshionplugin2.INI -> C:\WINDOWS\funshionplugin2.INI -> [2009/12/02 20:50:31 | 00,000,028 | ---- | M] ()
ntuser.bak -> C:\Documents and Settings\Owner\ntuser.bak -> [2009/12/02 19:10:35 | 09,682,944 | ---- | M] ()
1259587280331-integrated.jnlp -> C:\Documents and Settings\Owner\Desktop\1259587280331-integrated.jnlp -> [2009/11/30 21:21:29 | 00,001,947 | ---- | M] ()
ERUNT AutoBackup.lnk -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/11/29 21:47:31 | 00,000,767 | ---- | M] ()
NTREGOPT.lnk -> C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk -> [2009/11/29 21:47:28 | 00,000,611 | ---- | M] ()
ERUNT.lnk -> C:\Documents and Settings\Owner\Desktop\ERUNT.lnk -> [2009/11/29 21:47:28 | 00,000,592 | ---- | M] ()
atapi.sys -> C:\WINDOWS\System32\dllcache\atapi.sys -> [2009/11/29 20:49:45 | 00,096,512 | ---- | M] (Microsoft Corporation)
OTM.exe -> C:\Documents and Settings\Owner\Desktop\OTM.exe -> [2009/11/29 01:23:47 | 00,422,912 | ---- | M] (OldTimer Tools)
system.ini -> C:\WINDOWS\system.ini -> [2009/11/29 00:56:48 | 00,000,227 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2009/11/29 00:56:01 | 00,000,027 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2009/11/28 23:00:34 | 00,000,281 | RHS- | M] ()
ComboFix.exe -> C:\Documents and Settings\Owner\Desktop\ComboFix.exe -> [2009/11/28 22:50:48 | 03,578,697 | R--- | M] ()
TFC.exe -> C:\Documents and Settings\Owner\Desktop\TFC.exe -> [2009/11/28 12:53:46 | 00,341,504 | ---- | M] (OldTimer Tools)
sqmnoopt19.sqm -> C:\sqmnoopt19.sqm -> [2009/11/26 22:28:20 | 00,000,244 | -H-- | M] ()
sqmdata19.sqm -> C:\sqmdata19.sqm -> [2009/11/26 22:28:20 | 00,000,232 | -H-- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/11/26 22:16:04 | 00,001,393 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/11/26 21:10:31 | 00,243,712 | ---- | M] ()
HijackThis.lnk -> C:\Documents and Settings\Owner\Desktop\HijackThis.lnk -> [2009/11/26 00:08:51 | 00,001,734 | ---- | M] ()
NETVIGATOR BROADBAND.lnk -> C:\Documents and Settings\Owner\Desktop\NETVIGATOR BROADBAND.lnk -> [2009/11/24 00:42:30 | 00,000,865 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/11/20 22:41:21 | 00,000,696 | ---- | M] ()
muzika.xm -> C:\WINDOWS\System32\muzika.xm -> [2009/11/20 07:34:00 | 00,051,355 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/11/20 07:33:59 | 00,356,120 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/11/20 07:33:59 | 00,311,604 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/11/20 07:33:59 | 00,039,992 | ---- | M] ()
cc_20091119_211035 Registry backup.reg -> C:\Documents and Settings\Owner\My Documents\cc_20091119_211035 Registry backup.reg -> [2009/11/19 21:10:58 | 00,226,396 | ---- | M] ()
CCleaner.lnk -> C:\Documents and Settings\Owner\Desktop\CCleaner.lnk -> [2009/11/19 21:00:07 | 00,001,548 | ---- | M] ()
ccsetup225.exe -> C:\Documents and Settings\Owner\Desktop\ccsetup225.exe -> [2009/11/19 20:59:42 | 03,310,608 | ---- | M] (Piriform Ltd)
I want to turn off Windows.doc -> C:\Documents and Settings\Owner\My Documents\I want to turn off Windows.doc -> [2009/11/19 18:03:20 | 00,024,576 | ---- | M] ()
Microsoft Word.lnk -> C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk -> [2009/11/19 18:02:36 | 00,002,473 | ---- | M] ()
sqmnoopt18.sqm -> C:\sqmnoopt18.sqm -> [2009/11/18 22:16:51 | 00,000,244 | -H-- | M] ()
sqmdata18.sqm -> C:\sqmdata18.sqm -> [2009/11/18 22:16:51 | 00,000,232 | -H-- | M] ()
STEVEYONG200910.doc -> C:\Documents and Settings\Owner\My Documents\STEVEYONG200910.doc -> [2009/11/18 22:15:50 | 00,034,816 | ---- | M] ()
STEVEYONG200911.doc -> C:\Documents and Settings\Owner\My Documents\STEVEYONG200911.doc -> [2009/11/18 22:15:22 | 00,035,328 | ---- | M] ()
sqmnoopt17.sqm -> C:\sqmnoopt17.sqm -> [2009/11/18 22:12:30 | 00,000,244 | -H-- | M] ()
sqmdata17.sqm -> C:\sqmdata17.sqm -> [2009/11/18 22:12:30 | 00,000,232 | -H-- | M] ()
sqmnoopt16.sqm -> C:\sqmnoopt16.sqm -> [2009/11/18 22:08:38 | 00,000,244 | -H-- | M] ()
sqmdata16.sqm -> C:\sqmdata16.sqm -> [2009/11/18 22:08:38 | 00,000,232 | -H-- | M] ()
sqmdata15.sqm -> C:\sqmdata15.sqm -> [2009/11/18 22:08:19 | 00,000,232 | -H-- | M] ()
sqmnoopt15.sqm -> C:\sqmnoopt15.sqm -> [2009/11/18 22:08:18 | 00,000,244 | -H-- | M] ()
sqmnoopt14.sqm -> C:\sqmnoopt14.sqm -> [2009/11/17 22:45:24 | 00,000,244 | -H-- | M] ()
sqmdata14.sqm -> C:\sqmdata14.sqm -> [2009/11/17 22:45:24 | 00,000,232 | -H-- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/11/17 13:23:30 | 00,139,648 | ---- | M] ()
sqmnoopt13.sqm -> C:\sqmnoopt13.sqm -> [2009/11/16 21:04:46 | 00,000,244 | -H-- | M] ()
sqmdata13.sqm -> C:\sqmdata13.sqm -> [2009/11/16 21:04:46 | 00,000,232 | -H-- | M] ()
sqmnoopt12.sqm -> C:\sqmnoopt12.sqm -> [2009/11/16 21:03:35 | 00,000,244 | -H-- | M] ()
sqmdata12.sqm -> C:\sqmdata12.sqm -> [2009/11/16 21:03:35 | 00,000,232 | -H-- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/11/15 01:11:17 | 00,030,784 | ---- | M] ()
ssprs.tgz -> C:\WINDOWS\System32\ssprs.tgz -> [2009/11/15 01:00:11 | 00,000,000 | ---- | M] ()
nsprs.tgz -> C:\WINDOWS\System32\nsprs.tgz -> [2009/11/15 01:00:11 | 00,000,000 | ---- | M] ()
sqmnoopt11.sqm -> C:\sqmnoopt11.sqm -> [2009/11/14 17:18:59 | 00,000,244 | -H-- | M] ()
sqmdata11.sqm -> C:\sqmdata11.sqm -> [2009/11/14 17:18:59 | 00,000,232 | -H-- | M] ()
[isoHunt] History books.torrent -> C:\Documents and Settings\Owner\Desktop\[isoHunt] History books.torrent -> [2009/11/14 16:29:15 | 00,024,237 | ---- | M] ()
Law Abiding Citizen (2009).dvd-HQ-Xvid.btz.torrent -> C:\Documents and Settings\Owner\My Documents\Law Abiding Citizen (2009).dvd-HQ-Xvid.btz.torrent -> [2009/11/14 12:23:09 | 00,222,980 | ---- | M] ()
CME program for Jan-Jun 2010 SCAN8566_000.pdf -> C:\Documents and Settings\Owner\My Documents\CME program for Jan-Jun 2010 SCAN8566_000.pdf -> [2009/11/14 11:11:20 | 00,062,321 | ---- | M] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/11/14 01:47:57 | 00,260,608 | ---- | M] ()
CmdLineExt.dll -> C:\WINDOWS\System32\CmdLineExt.dll -> [2009/11/11 20:03:51 | 00,107,888 | ---- | M] (Sony DADC Austria AG.)
TERESA TANG.doc -> C:\Documents and Settings\Owner\Desktop\TERESA TANG.doc -> [2009/11/10 22:12:26 | 00,152,576 | ---- | M] ()
hosts.20091119-203640.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20091119-203640.backup -> [2009/11/10 06:47:51 | 00,350,753 | R--- | M] ()
5 C:\Documents and Settings\Owner\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\temp\*.tmp ->
5 C:\Documents and Settings\Owner\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\temp\*.tmp ->
5 C:\Documents and Settings\Owner\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\temp\*.tmp ->
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp ->

[Files - No Company Name]
astroboy.1980s.27.the.robot.stuntman-dvdrip.xvid.avi -> C:\Documents and Settings\Owner\Desktop\astroboy.1980s.27.the.robot.stuntman-dvdrip.xvid.avi -> [2009/12/06 19:31:01 | 17,821,4912 | ---- | C] ()
astroboy.1980s.28.the.great.meltdown-dvdrip.xvid.[merchant].avi -> C:\Documents and Settings\Owner\Desktop\astroboy.1980s.28.the.great.meltdown-dvdrip.xvid.[merchant].avi -> [2009/12/06 19:30:36 | 17,822,9248 | ---- | C] ()
astroboy.1980s.29.urans.twin-dvdrip.xvid.[merchant].avi -> C:\Documents and Settings\Owner\Desktop\astroboy.1980s.29.urans.twin-dvdrip.xvid.[merchant].avi -> [2009/12/06 19:30:30 | 17,821,9008 | ---- | C] ()
astroboy.1980s.25.the.robot.vikings-dvdrip.xvid.[merchant].avi -> C:\Documents and Settings\Owner\Desktop\astroboy.1980s.25.the.robot.vikings-dvdrip.xvid.[merchant].avi -> [2009/12/06 19:30:21 | 17,824,3584 | ---- | C] ()
09-Dec-Saturday_Duty_Roster(1).xls -> C:\Documents and Settings\Owner\Desktop\09-Dec-Saturday_Duty_Roster(1).xls -> [2009/12/05 08:12:45 | 00,022,528 | ---- | C] ()
V__THE_FINAL_BATTLE__1984__TV_Miniseries__DVDRip_.torrent -> C:\Documents and Settings\Owner\Desktop\V__THE_FINAL_BATTLE__1984__TV_Miniseries__DVDRip_.torrent -> [2009/12/04 20:30:39 | 00,012,582 | ---- | C] ()
V_The_Original_Mini_Series_1983_WS_DVDRip_XviD_UKi.torrent -> C:\Documents and Settings\Owner\Desktop\V_The_Original_Mini_Series_1983_WS_DVDRip_XviD_UKi.torrent -> [2009/12/04 20:27:45 | 00,014,866 | ---- | C] ()
o{SUMOTorrent.com}o_V_THE_FINAL_BATTLE_(1984)_TV_Miniseries_(DVDRip)_ST3031721.torrent -> C:\Documents and Settings\Owner\Desktop\o{SUMOTorrent.com}o_V_THE_FINAL_BATTLE_(1984)_TV_Miniseries_(DVDRip)_ST3031721.torrent -> [2009/12/04 20:25:37 | 00,012,635 | ---- | C] ()
V_(1983)_e_V_-_The_Final_Battle_(1984)_legendas_em_portugu__s.4601535.TPB.torrent -> C:\Documents and Settings\Owner\Desktop\V_(1983)_e_V_-_The_Final_Battle_(1984)_legendas_em_portugu__s.4601535.TPB.torrent -> [2009/12/04 20:22:33 | 00,018,891 | ---- | C] ()
V_The_Original_Miniseries__1983__DVDRip.torrent -> C:\Documents and Settings\Owner\Desktop\V_The_Original_Miniseries__1983__DVDRip.torrent -> [2009/12/04 20:20:43 | 00,017,069 | ---- | C] ()
Funshion.lnk -> C:\Documents and Settings\All Users\Desktop\Funshion.lnk -> [2009/12/02 23:07:01 | 00,001,826 | ---- | C] ()
Pop Game Corpora.lnk -> C:\Documents and Settings\All Users\Desktop\Pop Game Corpora.lnk -> [2009/12/02 23:07:01 | 00,001,591 | ---- | C] ()
1259587280331-integrated.jnlp -> C:\Documents and Settings\Owner\Desktop\1259587280331-integrated.jnlp -> [2009/11/30 21:21:27 | 00,001,947 | ---- | C] ()
NTREGOPT.lnk -> C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk -> [2009/11/29 21:47:28 | 00,000,611 | ---- | C] ()
Boot.bak -> C:\Boot.bak -> [2009/11/28 23:00:34 | 00,000,211 | ---- | C] ()
cmldr -> C:\cmldr -> [2009/11/28 23:00:27 | 00,260,272 | ---- | C] ()
9C50A9AF-1506-44A1-958A-873DA3977D0C.txt -> C:\Documents and Settings\Owner\Local Settings\Application Data\9C50A9AF-1506-44A1-958A-873DA3977D0C.txt -> [2009/11/28 13:47:51 | 00,003,898 | ---- | C] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/11/26 06:56:09 | 00,260,608 | ---- | C] ()
sed.exe -> C:\WINDOWS\sed.exe -> [2009/11/26 06:56:09 | 00,098,816 | ---- | C] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2009/11/26 06:56:09 | 00,080,412 | ---- | C] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2009/11/26 06:56:09 | 00,077,312 | ---- | C] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2009/11/26 06:56:09 | 00,068,096 | ---- | C] ()
ComboFix.exe -> C:\Documents and Settings\Owner\Desktop\ComboFix.exe -> [2009/11/26 06:54:27 | 03,578,697 | R--- | C] ()
HijackThis.lnk -> C:\Documents and Settings\Owner\Desktop\HijackThis.lnk -> [2009/11/26 00:08:51 | 00,001,734 | ---- | C] ()
ERUNT AutoBackup.lnk -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/11/26 00:08:17 | 00,000,767 | ---- | C] ()
ERUNT.lnk -> C:\Documents and Settings\Owner\Desktop\ERUNT.lnk -> [2009/11/26 00:08:00 | 00,000,592 | ---- | C] ()
UnGins.exe -> C:\WINDOWS\UnGins.exe -> [2009/11/24 00:42:30 | 00,122,880 | ---- | C] ()
NETVIGATOR BROADBAND.lnk -> C:\Documents and Settings\Owner\Desktop\NETVIGATOR BROADBAND.lnk -> [2009/11/24 00:42:30 | 00,000,865 | ---- | C] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/11/23 23:50:17 | 00,001,393 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/11/20 22:41:21 | 00,000,696 | ---- | C] ()
muzika.xm -> C:\WINDOWS\System32\muzika.xm -> [2009/11/20 07:34:00 | 00,051,355 | ---- | C] ()
cc_20091119_211035 Registry backup.reg -> C:\Documents and Settings\Owner\My Documents\cc_20091119_211035 Registry backup.reg -> [2009/11/19 21:10:48 | 00,226,396 | ---- | C] ()
I want to turn off Windows.doc -> C:\Documents and Settings\Owner\My Documents\I want to turn off Windows.doc -> [2009/11/19 18:03:20 | 00,024,576 | ---- | C] ()
F92CCA65-3301-4C6B-88B5-95ED581FF3DA.txt -> C:\Documents and Settings\Owner\Local Settings\Application Data\F92CCA65-3301-4C6B-88B5-95ED581FF3DA.txt -> [2009/11/19 04:49:27 | 00,003,898 | ---- | C] ()
STEVEYONG200910.doc -> C:\Documents and Settings\Owner\My Documents\STEVEYONG200910.doc -> [2009/11/18 22:15:47 | 00,034,816 | ---- | C] ()
STEVEYONG200911.doc -> C:\Documents and Settings\Owner\My Documents\STEVEYONG200911.doc -> [2009/11/18 22:15:21 | 00,035,328 | ---- | C] ()
ssprs.tgz -> C:\WINDOWS\System32\ssprs.tgz -> [2009/11/15 01:00:11 | 00,000,000 | ---- | C] ()
nsprs.tgz -> C:\WINDOWS\System32\nsprs.tgz -> [2009/11/15 01:00:11 | 00,000,000 | ---- | C] ()
[isoHunt] History books.torrent -> C:\Documents and Settings\Owner\Desktop\[isoHunt] History books.torrent -> [2009/11/14 16:29:00 | 00,024,237 | ---- | C] ()
Law Abiding Citizen (2009).dvd-HQ-Xvid.btz.torrent -> C:\Documents and Settings\Owner\My Documents\Law Abiding Citizen (2009).dvd-HQ-Xvid.btz.torrent -> [2009/11/14 12:22:57 | 00,222,980 | ---- | C] ()
CME program for Jan-Jun 2010 SCAN8566_000.pdf -> C:\Documents and Settings\Owner\My Documents\CME program for Jan-Jun 2010 SCAN8566_000.pdf -> [2009/11/14 11:11:09 | 00,062,321 | ---- | C] ()
sfcure01.sys -> C:\WINDOWS\System32\drivers\sfcure01.sys -> [2009/10/17 14:21:10 | 00,003,072 | ---- | C] ()
BASSMOD.dll -> C:\WINDOWS\System32\BASSMOD.dll -> [2009/10/17 13:59:24 | 00,034,308 | ---- | C] ()
nsis_loader.dll -> C:\WINDOWS\System32\nsis_loader.dll -> [2009/02/04 17:50:32 | 00,024,576 | ---- | C] ()
funshionplugin2.INI -> C:\WINDOWS\funshionplugin2.INI -> [2009/01/08 21:47:51 | 00,000,028 | ---- | C] ()
PhotoSnapViewer.INI -> C:\WINDOWS\PhotoSnapViewer.INI -> [2008/12/25 11:47:58 | 00,000,151 | ---- | C] ()
ipixActivex.ini -> C:\WINDOWS\ipixActivex.ini -> [2008/11/04 08:15:45 | 00,000,037 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2008/10/17 06:50:16 | 00,000,116 | ---- | C] ()
VPC32.INI -> C:\WINDOWS\VPC32.INI -> [2008/10/17 06:23:40 | 00,000,000 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2008/10/15 06:24:53 | 00,000,376 | ---- | C] ()
igfxCoIn_v4906.dll -> C:\WINDOWS\System32\igfxCoIn_v4906.dll -> [2008/10/15 06:24:26 | 00,147,456 | R--- | C] ()
physxcudart_20.dll -> C:\WINDOWS\System32\physxcudart_20.dll -> [2008/10/07 09:13:30 | 00,197,912 | ---- | C] ()
AgCPanelTraditionalChinese.dll -> C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll -> [2008/10/07 09:13:22 | 00,058,648 | ---- | C] ()
AgCPanelSwedish.dll -> C:\WINDOWS\System32\AgCPanelSwedish.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelSpanish.dll -> C:\WINDOWS\System32\AgCPanelSpanish.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelSimplifiedChinese.dll -> C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelPortugese.dll -> C:\WINDOWS\System32\AgCPanelPortugese.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelKorean.dll -> C:\WINDOWS\System32\AgCPanelKorean.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelJapanese.dll -> C:\WINDOWS\System32\AgCPanelJapanese.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelGerman.dll -> C:\WINDOWS\System32\AgCPanelGerman.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelFrench.dll -> C:\WINDOWS\System32\AgCPanelFrench.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
xlive.dll.cat -> C:\WINDOWS\System32\xlive.dll.cat -> [2007/04/17 15:34:40 | 00,135,716 | ---- | C] ()
funshion.ini -> C:\WINDOWS\System32\funshion.ini -> [2007/03/14 10:29:00 | 00,002,356 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2006/07/18 00:00:00 | 00,761,856 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2006/07/18 00:00:00 | 00,180,224 | ---- | C] ()
ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2006/05/26 21:29:14 | 00,005,120 | ---- | C] ()
ff_vfw.dll.manifest -> C:\WINDOWS\System32\ff_vfw.dll.manifest -> [2006/04/03 20:26:36 | 00,000,547 | ---- | C] ()
Smab.dll -> C:\WINDOWS\System32\Smab.dll -> [2005/12/23 11:23:08 | 00,399,360 | ---- | C] ()
AVSredirect.dll -> C:\WINDOWS\System32\AVSredirect.dll -> [2005/07/15 03:31:20 | 00,027,648 | ---- | C] ()
cygz.dll -> C:\WINDOWS\System32\cygz.dll -> [2005/06/22 13:37:42 | 00,045,568 | RHS- | C] ()
nitobprt.dll -> C:\WINDOWS\System32\nitobprt.dll -> [2001/08/23 20:00:00 | 00,147,968 | ---- | C] ()
MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/23 18:46:58 | 00,065,536 | ---- | C] ()

[Files/Folders - Unicode - All]
C:\Documents and Settings\Owner\My Documents\????.torrent -> C:\Documents and Settings\Owner\My Documents\绝代双骄.torrent -> [2009/04/08 19:22:22 | 00,094,681 | ---- | C] ()
C:\Documents and Settings\Owner\My Documents\????.torrent -> C:\Documents and Settings\Owner\My Documents\绝代双骄.torrent -> [2009/04/08 19:22:24 | 00,094,681 | ---- | M] ()
C:\Documents and Settings\Owner\Desktop\Yahoo!?? - ??.url -> C:\Documents and Settings\Owner\Desktop\Yahoo!字典 - 瀏覽.url -> [2009/10/18 10:19:11 | 00,000,268 | ---- | C] ()
C:\Documents and Settings\Owner\Desktop\Yahoo!?? - ??.url -> C:\Documents and Settings\Owner\Desktop\Yahoo!字典 - 瀏覽.url -> [2009/10/18 10:19:11 | 00,000,268 | ---- | M] ()
C:\Documents and Settings\Owner\Desktop\????.rmvb -> C:\Documents and Settings\Owner\Desktop\末日病毒.rmvb -> [2009/12/02 20:51:16 | 33,503,6742 | ---- | C] ()
C:\Documents and Settings\Owner\Desktop\????4.rmvb -> C:\Documents and Settings\Owner\Desktop\死神来了4.rmvb -> [2009/12/02 20:52:07 | 34,061,6246 | ---- | C] ()
C:\Documents and Settings\Owner\Desktop\????.rmvb -> C:\Documents and Settings\Owner\Desktop\战火围城.rmvb -> [2009/12/02 20:52:22 | 35,344,0218 | ---- | C] ()
C:\Documents and Settings\Owner\Desktop\????.rmvb -> C:\Documents and Settings\Owner\Desktop\世界之巅.rmvb -> [2009/12/02 20:53:55 | 34,867,0493 | ---- | C] ()
C:\Documents and Settings\Owner\Desktop\????.rmvb -> C:\Documents and Settings\Owner\Desktop\战火围城.rmvb -> [2009/12/02 21:48:27 | 35,344,0218 | ---- | M] ()
C:\Documents and Settings\Owner\Desktop\????.rmvb -> C:\Documents and Settings\Owner\Desktop\世界之巅.rmvb -> [2009/12/02 21:57:47 | 34,867,0493 | ---- | M] ()
C:\Documents and Settings\Owner\Desktop\????4.rmvb -> C:\Documents and Settings\Owner\Desktop\死神来了4.rmvb -> [2009/12/02 22:28:48 | 34,061,6246 | ---- | M] ()
C:\Documents and Settings\Owner\Desktop\????.rmvb -> C:\Documents and Settings\Owner\Desktop\末日病毒.rmvb -> [2009/12/03 21:28:36 | 33,503,6742 | ---- | M] ()

[Alternate Data Streams]
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Owner\My Documents\Shareaza Downloads:Shareaza.GUID
< End of report >
[/code]


Thank you
Gumpy
 
Hi Gumpy

Re-Run the ComboFix

Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log

Thanks peku006
 
Dear Peku006:

My Combofix log:

ComboFix 09-12-07.07 - Owner 12/08/2009 20:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.168 [GMT 8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\svjfjqa.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDEFKLNA
-------\Service_tdefklna


((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-12-06 15:52 . 2009-12-06 15:52 -------- d-----w- C:\Cache
2009-12-06 15:47 . 2009-12-06 15:47 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-06 02:52 . 2009-12-06 02:52 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 17:24 . 2009-11-28 17:24 -------- d-----w- C:\_OTM
2009-11-28 05:22 . 2009-11-28 05:22 -------- d-----w- c:\program files\ESET
2009-11-26 14:36 . 2009-12-06 02:51 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-25 16:08 . 2009-11-25 16:08 -------- d-----w- c:\program files\Trend Micro
2009-11-25 16:07 . 2009-11-29 13:47 -------- d-----w- c:\program files\ERUNT
2009-11-23 16:42 . 2009-11-23 16:42 -------- d-----w- c:\program files\NETVIGATOR
2009-11-23 16:42 . 2000-12-08 13:59 122880 ----a-w- c:\windows\UnGins.exe
2009-11-23 16:42 . 2009-12-07 15:34 -------- d-----w- C:\Temp
2009-11-23 15:59 . 2009-11-23 16:17 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2009-11-23 15:59 . 2009-11-23 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2009-11-22 10:01 . 2009-11-22 10:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-11-20 14:41 . 2009-11-20 14:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-11-20 14:41 . 2009-12-03 08:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-20 14:41 . 2009-12-06 15:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 14:41 . 2009-12-03 08:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-20 14:41 . 2009-11-20 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-20 11:39 . 2009-11-20 11:39 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-11-20 11:12 . 2009-11-20 11:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-11-20 11:12 . 2009-11-20 11:12 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-19 23:32 . 2005-09-23 00:29 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-11-19 13:51 . 2009-11-19 13:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-19 13:50 . 2009-11-19 13:50 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2009-11-19 13:31 . 2009-11-19 14:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-19 13:00 . 2009-11-19 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-19 13:00 . 2009-11-19 13:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2009-11-19 13:00 . 2009-11-19 13:00 -------- d-----w- c:\program files\Yahoo!
2009-11-14 16:56 . 2009-11-14 17:00 -------- d-----w- c:\program files\SPSSEval
2009-11-12 13:38 . 2008-05-02 02:41 3493888 ---ha-w- c:\documents and settings\Owner\Application Data\U3\temp\Launchpad Removal.exe
2009-11-11 12:03 . 2009-11-11 12:03 -------- d--h--r- c:\documents and settings\Owner\Application Data\SecuROM
2009-11-11 11:54 . 2009-11-11 11:54 -------- d-----w- c:\program files\Sierra Online
2009-11-09 09:53 . 2009-11-09 09:53 -------- d-----w- c:\program files\Ubisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 12:32 . 2008-10-14 23:00 -------- d-----w- c:\program files\Symantec AntiVirus
2009-12-07 23:03 . 2008-10-16 23:09 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-12-06 15:40 . 2008-10-16 22:38 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-12-06 02:53 . 2009-05-26 23:40 -------- d-----w- c:\program files\Java
2009-11-29 12:49 . 2001-08-23 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-28 17:26 . 2009-04-18 05:03 -------- d-----w- c:\program files\0FF6FB7D
2009-11-20 12:36 . 2008-11-05 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-19 13:00 . 2008-10-16 22:40 -------- d-----w- c:\program files\CCleaner
2009-11-19 09:56 . 2008-11-05 16:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-14 17:11 . 2008-10-14 22:19 30784 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 12:15 . 2008-10-14 22:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-11 12:03 . 2009-10-14 14:12 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-05 22:56 . 2009-11-05 22:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Sports Interactive
2009-10-26 13:37 . 2009-09-28 23:33 -------- d-----w- c:\program files\GameSpy Arcade
2009-10-26 06:17 . 2009-10-24 06:01 -------- d-----w- c:\program files\Temporary Game file
2009-10-25 17:17 . 2009-10-24 22:57 -------- d-----w- c:\program files\Zombie Shooter
2009-10-24 22:56 . 2009-10-24 22:56 -------- d-----w- c:\program files\ReflexiveArcade
2009-10-24 13:56 . 2009-10-24 13:52 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-10-24 13:56 . 2009-10-24 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-10-24 13:55 . 2009-10-24 13:55 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Pro
2009-10-17 05:06 . 2008-10-26 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-17 04:00 . 2009-10-17 04:00 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-17 03:27 . 2009-10-17 03:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-17 01:10 . 2009-10-17 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-10-17 01:10 . 2009-10-16 16:32 -------- d-----w- c:\program files\Electronic Arts
2009-10-16 16:32 . 2009-10-16 16:32 662 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-10-16 16:32 . 2008-10-14 22:21 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-16 14:32 . 2009-10-16 14:32 1962544 ----a-w- c:\program files\install_flash_player_ax.exe
2009-10-16 14:27 . 2009-10-16 14:27 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-14 13:19 . 2009-07-06 12:59 -------- d-----w- c:\program files\MagicISO
2009-10-14 13:19 . 2009-10-14 13:19 3067375 ----a-w- c:\program files\Setup_MagicISO.exe
2009-10-14 13:08 . 2009-10-14 13:08 -------- d-----w- c:\program files\MagicDisc
2009-10-14 13:08 . 2009-10-14 13:08 1352435 ----a-w- c:\program files\setup_magicdisc.exe
2009-10-10 20:17 . 2009-05-26 23:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-05 07:34 . 2009-10-05 07:34 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-09-11 14:18 . 2001-08-23 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2008-07-19 22:08 . 2008-10-16 22:40 266544 ----a-w- c:\program files\uTorrent.exe
2005-05-14 00:12 . 2005-05-14 00:12 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 18:13 . 2005-10-24 18:13 66560 --sha-r- c:\windows\MOTA113.exe
2005-06-26 22:32 . 2005-06-26 22:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 05:37 . 2005-06-22 05:37 45568 --sha-r- c:\windows\system32\cygz.dll
2006-05-03 09:06 . 2009-09-15 15:05 163328 --sh--r- c:\windows\system32\flvDX.dll
2004-01-25 07:00 . 2004-01-25 07:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2007-02-21 10:47 . 2009-09-15 15:05 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-09-15 15:05 216064 --sh--r- c:\windows\system32\nbDX.dll
2005-02-28 20:16 . 2005-02-28 20:16 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 07:00 . 2004-01-25 07:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{000009D5-2161-4196-9F87-D1FEFBDE1CAf}]
c:\windows\system32\qestlkdp.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F92CCA65-3301-4C6B-88B5-95ED581FF3DA}]
c:\windows\system32\svjfjqa.dll [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2007-12-14 413696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
@="[6cFgE][S?û?d, ?ìdeô ??d gª?è ¢o?tr?l?è?š !!! !!! !]"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
@="Portable Media Devices"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-17 02:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLV Downloader]
2009-05-27 08:37 3644928 ----a-w- c:\program files\Moyea\YouTube FLV Downloader\FLVDownloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
2008-10-01 04:00 5723136 ----a-w- c:\program files\Shareaza\Shareaza.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 08:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Funshion Online\\Funshion\\Funshion.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\AVIXE pen drive2 stuff\\TuDienHND\\3rdparty\\jre\\bin\\jre.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:shareaza

S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S1 jqi0d17;jqi0d17;c:\windows\system32\drivers\jqi0d17.sys --> c:\windows\system32\drivers\jqi0d17.sys [?]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe --> c:\program files\Spyware Doctor\svcntaux.exe [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/13/2004 6:18 AM 169192]
SUnknown AppToService_TuDienHND;AppToService_TuDienHND; [x]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hk.yahoo.com/?p=us
IE: ʹÓÃÍøҳѸÀ×ÏÂÔØ
IE: ʹÓÃÍøҳѸÀ×ÏÂÔØÈ«²¿Á´½Ó
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
.
- - - - ORPHANS REMOVED - - - -

BHO-{9C50A9AF-1506-44A1-958A-873DA3977D0C} - (no file)
HKLM-Run-SDTray - c:\program files\Spyware Doctor\SDTrayApp.exe
MSConfigStartUp-CTFMON - (no file)
AddRemove-Spyware Doctor - c:\program files\Spyware Doctor\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 20:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppToService_TuDienHND]
"ImagePath"="c:\documents and settings\Owner\My Documents\AVIXE pen drive2 stuff\TuDienHND\3rdparty\basta\AppToService.exe /sys \"C:/Documents and Settings/Owner/My Documents/AVIXE pen drive2 stuff/TuDienHND/3rdparty/jre/bin/jrew.exe\" /Arguments:\"-mx64m -cp vietdict.jar vietdict.server.vietdictserver\" /Directory:\"c:/documents and settings/owner/my documents/avixe pen drive2 stuff/tudienhnd\" /Name:\"tudienhnd\" /Startup:A"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bf,61,9c,87,c7,11,f9,a3,3d,3a,b8,09,f4,ba,38,70,93,f8,3b,56,bb,78,30,
ae,94,f6,6f,9a,93,9a,c4,bf,d2,f6,37,ec,4e,59,19,69,b8,c8,c2,4c,02,0f,44,1b,\
"??"=hex:6a,d4,43,5c,8e,72,8a,6a,02,82,58,4c,bd,6d,7e,5d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(784)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-08 20:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-08 12:37
ComboFix2.txt 2009-11-28 17:03
ComboFix3.txt 2009-11-25 23:57

Pre-Run: 57,669,140,480 bytes free
Post-Run: 57,781,407,744 bytes free

- - End Of File - - 0CF4301AC94CE22460B283AE19DDCA23

Thank you
Gumpy
 
Dear Peku006:

This is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:01 PM, on 12/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hk.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {000009D5-2161-4196-9F87-D1FEFBDE1CAf} - C:\WINDOWS\system32\qestlkdp.dll (file missing)
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - (no file)
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F92CCA65-3301-4C6B-88B5-95ED581FF3DA} - c:\windows\system32\svjfjqa.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A3E8348-D9F6-42BF-A07B-C98609F62123}: NameServer = 203.198.23.208 205.252.144.126
O23 - Service: tdict.server.VietdictServer" /Directory:"C:/Documents and Settings/Owner/My Documents/AVIXE pen drive2 stuff/TuDienHND" /Name:"TuDienHND" /Startup:A (AppToService_TuDienHND) - Basta Computing - C:\Documents and Settings\Owner\My Documents\AVIXE pen drive2 stuff\TuDienHND\3rdparty\basta\AppToService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7576 bytes

Thank you.
Gumpy
 
Hi GUMPY

1 - Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O2 - BHO: (no name) - {000009D5-2161-4196-9F87-D1FEFBDE1CAf} - C:\WINDOWS\system32\qestlkdp.dll (file missing)
      O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - (no file)
      O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {F92CCA65-3301-4C6B-88B5-95ED581FF3DA} - c:\windows\system32\svjfjqa.dll (file missing)
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

2 - Run CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\meta4.exe
c:\windows\system32\qestlkdp.dll
c:\windows\system32\svjfjqa.dll
c:\windows\system32\drivers\jqi0d17.sys

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{000009D5-2161-4196-9F87-D1FEFBDE1CAf}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F92CCA65-3301-4C6B-88B5-95ED581FF3DA}]

Driver::
jqi0d17
Click to expand...

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log
description of any problems you are having with your PC

Thanks peku006
 
CFScript.txt

Dear Peku006:

This is the CFScript.txt:
ComboFix 09-12-08.04 - Owner 12/09/2009 20:39:57.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.193 [GMT 8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

FILE ::
"c:\windows\meta4.exe"
"c:\windows\system32\drivers\jqi0d17.sys"
"c:\windows\system32\qestlkdp.dll"
"c:\windows\system32\svjfjqa.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\meta4.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_jqi0d17


((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 )))))))))))))))))))))))))))))))
.

2009-12-06 15:52 . 2009-12-06 15:52 -------- d-----w- C:\Cache
2009-12-06 15:47 . 2009-12-06 15:47 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-06 02:52 . 2009-12-06 02:52 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 17:24 . 2009-11-28 17:24 -------- d-----w- C:\_OTM
2009-11-28 05:22 . 2009-11-28 05:22 -------- d-----w- c:\program files\ESET
2009-11-26 14:36 . 2009-12-06 02:51 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-25 16:08 . 2009-11-25 16:08 -------- d-----w- c:\program files\Trend Micro
2009-11-25 16:07 . 2009-11-29 13:47 -------- d-----w- c:\program files\ERUNT
2009-11-23 16:42 . 2009-11-23 16:42 -------- d-----w- c:\program files\NETVIGATOR
2009-11-23 16:42 . 2000-12-08 13:59 122880 ----a-w- c:\windows\UnGins.exe
2009-11-23 16:42 . 2009-12-07 15:34 -------- d-----w- C:\Temp
2009-11-23 15:59 . 2009-11-23 16:17 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2009-11-23 15:59 . 2009-11-23 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2009-11-22 10:01 . 2009-11-22 10:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-11-20 14:41 . 2009-11-20 14:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-11-20 14:41 . 2009-12-03 08:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-20 14:41 . 2009-12-06 15:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 14:41 . 2009-12-03 08:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-20 14:41 . 2009-11-20 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-20 11:39 . 2009-11-20 11:39 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-11-20 11:12 . 2009-11-20 11:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-11-20 11:12 . 2009-11-20 11:12 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-19 23:32 . 2005-09-23 00:29 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-11-19 13:51 . 2009-11-19 13:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-19 13:50 . 2009-11-19 13:50 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2009-11-19 13:31 . 2009-11-19 14:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-19 13:00 . 2009-11-19 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-19 13:00 . 2009-11-19 13:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2009-11-19 13:00 . 2009-11-19 13:00 -------- d-----w- c:\program files\Yahoo!
2009-11-14 16:56 . 2009-11-14 17:00 -------- d-----w- c:\program files\SPSSEval
2009-11-12 13:38 . 2008-05-02 02:41 3493888 ---ha-w- c:\documents and settings\Owner\Application Data\U3\temp\Launchpad Removal.exe
2009-11-11 12:03 . 2009-11-11 12:03 -------- d--h--r- c:\documents and settings\Owner\Application Data\SecuROM
2009-11-11 11:54 . 2009-11-11 11:54 -------- d-----w- c:\program files\Sierra Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 12:46 . 2008-10-14 23:00 -------- d-----w- c:\program files\Symantec AntiVirus
2009-12-07 23:03 . 2008-10-16 23:09 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-12-06 15:40 . 2008-10-16 22:38 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-12-06 02:53 . 2009-05-26 23:40 -------- d-----w- c:\program files\Java
2009-11-29 12:49 . 2001-08-23 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-28 17:26 . 2009-04-18 05:03 -------- d-----w- c:\program files\0FF6FB7D
2009-11-20 12:36 . 2008-11-05 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-19 13:00 . 2008-10-16 22:40 -------- d-----w- c:\program files\CCleaner
2009-11-19 09:56 . 2008-11-05 16:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-14 17:11 . 2008-10-14 22:19 30784 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 12:15 . 2008-10-14 22:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-11 12:03 . 2009-10-14 14:12 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-09 09:53 . 2009-11-09 09:53 -------- d-----w- c:\program files\Ubisoft
2009-11-05 22:56 . 2009-11-05 22:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Sports Interactive
2009-10-26 13:37 . 2009-09-28 23:33 -------- d-----w- c:\program files\GameSpy Arcade
2009-10-26 06:17 . 2009-10-24 06:01 -------- d-----w- c:\program files\Temporary Game file
2009-10-25 17:17 . 2009-10-24 22:57 -------- d-----w- c:\program files\Zombie Shooter
2009-10-24 22:56 . 2009-10-24 22:56 -------- d-----w- c:\program files\ReflexiveArcade
2009-10-24 13:56 . 2009-10-24 13:52 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-10-24 13:56 . 2009-10-24 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-10-24 13:55 . 2009-10-24 13:55 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Pro
2009-10-17 05:06 . 2008-10-26 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-17 04:00 . 2009-10-17 04:00 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-17 03:27 . 2009-10-17 03:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-17 01:10 . 2009-10-17 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-10-17 01:10 . 2009-10-16 16:32 -------- d-----w- c:\program files\Electronic Arts
2009-10-16 16:32 . 2009-10-16 16:32 662 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-10-16 16:32 . 2008-10-14 22:21 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-16 14:32 . 2009-10-16 14:32 1962544 ----a-w- c:\program files\install_flash_player_ax.exe
2009-10-16 14:27 . 2009-10-16 14:27 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-14 13:19 . 2009-07-06 12:59 -------- d-----w- c:\program files\MagicISO
2009-10-14 13:19 . 2009-10-14 13:19 3067375 ----a-w- c:\program files\Setup_MagicISO.exe
2009-10-14 13:08 . 2009-10-14 13:08 -------- d-----w- c:\program files\MagicDisc
2009-10-14 13:08 . 2009-10-14 13:08 1352435 ----a-w- c:\program files\setup_magicdisc.exe
2009-10-10 20:17 . 2009-05-26 23:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-05 07:34 . 2009-10-05 07:34 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-09-11 14:18 . 2001-08-23 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2008-07-19 22:08 . 2008-10-16 22:40 266544 ----a-w- c:\program files\uTorrent.exe
2005-10-24 18:13 . 2005-10-24 18:13 66560 --sha-r- c:\windows\MOTA113.exe
2005-06-26 22:32 . 2005-06-26 22:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 05:37 . 2005-06-22 05:37 45568 --sha-r- c:\windows\system32\cygz.dll
2006-05-03 09:06 . 2009-09-15 15:05 163328 --sh--r- c:\windows\system32\flvDX.dll
2004-01-25 07:00 . 2004-01-25 07:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2007-02-21 10:47 . 2009-09-15 15:05 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-09-15 15:05 216064 --sh--r- c:\windows\system32\nbDX.dll
2005-02-28 20:16 . 2005-02-28 20:16 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 07:00 . 2004-01-25 07:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-12-08_12.32.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-09 12:46 . 2009-12-09 12:46 16384 c:\windows\temp\Perflib_Perfdata_1fc.dat
+ 2007-03-14 02:29 . 2007-03-14 02:29 24576 c:\windows\system32\fscheck.dll
+ 2009-12-09 08:36 . 2009-12-09 08:36 245760 c:\windows\ERDNT\AutoBackup\12-9-2009\Users\00000002\UsrClass.dat
+ 2009-12-09 08:36 . 2005-10-20 04:02 163328 c:\windows\ERDNT\AutoBackup\12-9-2009\ERDNT.EXE
+ 2009-12-09 08:36 . 2009-12-09 08:36 9539584 c:\windows\ERDNT\AutoBackup\12-9-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2007-12-14 413696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
@="[6cFgE][S?û?d, ?ìdeô ??d gª?è ¢o?tr?l?è?š !!! !!! !]"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
@="Portable Media Devices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-17 02:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLV Downloader]
2009-05-27 08:37 3644928 ----a-w- c:\program files\Moyea\YouTube FLV Downloader\FLVDownloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
2008-10-01 04:00 5723136 ----a-w- c:\program files\Shareaza\Shareaza.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 08:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Funshion Online\\Funshion\\Funshion.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\AVIXE pen drive2 stuff\\TuDienHND\\3rdparty\\jre\\bin\\jre.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:shareaza

RUnknown AppToService_TuDienHND;AppToService_TuDienHND; [x]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe --> c:\program files\Spyware Doctor\svcntaux.exe [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/13/2004 6:18 AM 169192]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hk.yahoo.com/?p=us
IE: ʹÓÃÍøҳѸÀ×ÏÂÔØ
IE: ʹÓÃÍøҳѸÀ×ÏÂÔØÈ«²¿Á´½Ó
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
TCP: {8A3E8348-D9F6-42BF-A07B-C98609F62123} = 203.198.23.208 205.252.144.126
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-09 20:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppToService_TuDienHND]
"ImagePath"="c:\documents and settings\Owner\My Documents\AVIXE pen drive2 stuff\TuDienHND\3rdparty\basta\AppToService.exe /sys \"C:/Documents and Settings/Owner/My Documents/AVIXE pen drive2 stuff/TuDienHND/3rdparty/jre/bin/jrew.exe\" /Arguments:\"-mx64m -cp vietdict.jar vietdict.server.vietdictserver\" /Directory:\"c:/documents and settings/owner/my documents/avixe pen drive2 stuff/tudienhnd\" /Name:\"tudienhnd\" /Startup:A"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-507921405-179605362-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bf,61,9c,87,c7,11,f9,a3,3d,3a,b8,09,f4,ba,38,70,93,f8,3b,56,bb,78,30,
ae,94,f6,6f,9a,93,9a,c4,bf,d2,f6,37,ec,4e,59,19,69,b8,c8,c2,4c,02,0f,44,1b,\
"??"=hex:6a,d4,43,5c,8e,72,8a,6a,02,82,58,4c,bd,6d,7e,5d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3004)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\documents and settings\Owner\My Documents\AVIXE pen drive2 stuff\TuDienHND\3rdparty\basta\AppToService.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\documents and settings\Owner\My Documents\AVIXE pen drive2 stuff\TuDienHND\3rdparty\jre\bin\jrew.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-09 20:51:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-09 12:51
ComboFix2.txt 2009-12-08 12:37
ComboFix3.txt 2009-11-28 17:03
ComboFix4.txt 2009-11-25 23:57

Pre-Run: 53,927,849,984 bytes free
Post-Run: 53,913,120,768 bytes free

- - End Of File - - C0C23B9FA3F7EC21B4C6321A6F2FAF7D

The hijackthis will follow later.
Thanks
Gumpy
 
Hijackthis.log

Dear Peku006:

The Hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:47 PM, on 12/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner\My Documents\AVIXE pen drive2 stuff\TuDienHND\3rdparty\basta\AppToService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\Owner\My Documents\AVIXE pen drive2 stuff\TuDienHND\3rdparty\jre\bin\jrew.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hk.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A3E8348-D9F6-42BF-A07B-C98609F62123}: NameServer = 203.198.23.208 205.252.144.126
O23 - Service: tdict.server.VietdictServer" /Directory:"C:/Documents and Settings/Owner/My Documents/AVIXE pen drive2 stuff/TuDienHND" /Name:"TuDienHND" /Startup:A (AppToService_TuDienHND) - Basta Computing - C:\Documents and Settings\Owner\My Documents\AVIXE pen drive2 stuff\TuDienHND\3rdparty\basta\AppToService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7129 bytes

Thank very much.
Gumpy
 
How to enable autologon at startup?

Dear Peku006:

Thanks to you the computer is running smoothly.
However, I tried and failed to enable autologon when Windows startup
eveytime I turn on the computer, before my desktop appears, a logon to windows panel will appear asking for ID and PW.
My default ID is Owner, but there is no PW. All I do is click on OK or Enter and Windows starts.
Please teach me step by step how to activate Autologon. I tried the Microsoft's instructions playing around with Regedit but the computer did not allow autologon.

Thank you once again
Gumpy
 
Hi GUMPY

Click Start, Run and type CONTROL USERPASSWORDS2, and click Ok. Select the user account from the list (the account to which you want to automatically logon). Uncheck Users must enter a user name and password to use this computer option, and click Ok. Type the user account password and complete the process.


Or here

http://www.kellys-korner-xp.com/win_xp_passwords.htm

post back if it helped.

Thanks peku006[/
 
Backdoor.Tidserv!inf

Dear Peku006:
New problem. Backdoor.Tidserv!inf Not even Symantec antivirus can remove.
I need your help again.

atapi.sys.vir Backdoor.Tidserv!inf File Left alone OWNER-GMHV9JQLQ Owner C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ Infected C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ Clean virus from file Quarantine infected file Manual scan The file was left unchanged.
atapi.sys.vir Backdoor.Tidserv!inf File Left alone OWNER-GMHV9JQLQ Owner C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ Infected C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ Clean virus from file Quarantine infected file Auto-Protect scan The file was left unchanged.
atapi.sys.vir Backdoor.Tidserv!inf File Left alone OWNER-GMHV9JQLQ Owner C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ Infected C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ Clean virus from file Quarantine infected file Auto-Protect scan The file was left unchanged.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:52 PM, on 12/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\My Documents\AVIXE pen drive2 stuff\TuDienHND\3rdparty\basta\AppToService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\Owner\My Documents\AVIXE pen drive2 stuff\TuDienHND\3rdparty\jre\bin\jrew.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hk.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A3E8348-D9F6-42BF-A07B-C98609F62123}: NameServer = 203.198.23.208 205.252.144.126
O23 - Service: tdict.server.VietdictServer" /Directory:"C:/Documents and Settings/Owner/My Documents/AVIXE pen drive2 stuff/TuDienHND" /Name:"TuDienHND" /Startup:A (AppToService_TuDienHND) - Basta Computing - C:\Documents and Settings\Owner\My Documents\AVIXE pen drive2 stuff\TuDienHND\3rdparty\basta\AppToService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7261 bytes


Thank you
Gumpy
 
Hi GUMPY

they are in combofix "quarantine-folder" (C:\Qoobox), they are no active and we will remove it later

all the logs look good , how's the computer running now?, any problems?

Thanks peku006
 
PostW32.IRCbot

Dear Peku006:
Thank you very much. The computer is running normally.
I haven't tried the autologon yet that you mentioned because I'm not sure which option to choose from the website.
Seems all of them apply to me.

Gumpy
 
Hi GUMPY

I am sorry that I can not help you with "autologon- problem"
This page might help you

what the tech




Your log now appears to be clean. Congratulations! :yahoo:

To remove all of the tools we used and the files and folders they created do the following:

Delete TDSSKiller , SystemLook and SecurityCheck from your desktop.

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
  • Reboot.
Turn ON System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.
This will remove all restore points except the new one you just created.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Here are some things that I think are worth having a look at if you don't already know a bout them:.

Spybot Search and Destroy
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

FireTrust SiteHound
You can find information and download it from here

MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.


Happy safe surfing! :bigthumb:
 
You must log in or register to reply here.
Back
Top