Checking if I am still infected

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages

1 2 >

Checking if I am still infected

Options

Misuihc View Member Profile	Oct 22 2008, 07:23 PM Post #1
Member Group: Members Posts: 16 Joined: 1-June 07 Member No.: 134,000	Hello, B computer Problem: I was recently infected and I wanted to see if I am still infected. I had something that prevented me from opening my C drive and also a DNS trojan. Looking back at my Spyware Doctor log it indicates these infections in my quarantine folder: Vitrumonde PWS.WOW.EC downloader.agent!sd6 agent downloader.ruins downloader.popuper all of which are trojans. What I have and have done: I have a licensed version of Spyware Doctor. I also have SUPERantispyware and . I followed all the steps in the Preperation Guide prior to posting. I have installed since then: Hijack this, Sygate Personal Firewall, Spy Bot Search and Destroy and Ad-Aware. The scans I did said I was clean but I still sense a bit of fishyness. BleepingComputer fixed my last computer problems and I hope they can come save the day once again! Thank you, Love you guys Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:07:10 PM, on 10/22/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GEST] = O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdaem.exe] C:\WINDOWS\system32\kdaem.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdlng.exe] C:\WINDOWS\system32\kdlng.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdbvx.exe] C:\WINDOWS\system32\kdbvx.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: xycoah.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ljJASLby - ljJASLby.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 6575 bytes

chryssi2001 View Member Profile	Nov 8 2008, 03:35 AM Post #2
Forum Addict Group: HJT Team Posts: 1,930 Joined: 20-February 07 Member No.: 112,843	Hello Misuihc, I apologise for the delay, the forum is busy. If you still need help, post a new HijackThis log. -------------------- Private Messages for personal support will be ignored. If you need help post in the forum.

Misuihc View Member Profile	Nov 8 2008, 09:48 AM Post #3
Member Group: Members Posts: 16 Joined: 1-June 07 Member No.: 134,000	Hello, Thanks for getting back to me. Here is the hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:47:08 AM, on 11/8/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GEST] = O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: xycoah.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ljJASLby - ljJASLby.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 7271 bytes

chryssi2001 View Member Profile	Nov 8 2008, 11:34 AM Post #4
Forum Addict Group: HJT Team Posts: 1,930 Joined: 20-February 07 Member No.: 112,843	Hello Misuihc, Some infection from your 1st HijackThis log is gone, but you are still infected. Please do not run any tools yourself untill we clean this pc. --------------------------------------------- You aren't running Anti Virus Software Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software (for personal use), from one these excellent vendors NOW: 1) Antivir PersonalEditionClassic -Free anti-virus software for Windows. -Detects and removes more than 50,000 viruses. Free support. 2) avast! 4 Home Edition -Anti-virus program for Windows. -The home edition is freeware for noncommercial users. 3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows. - Available for single computer use for home and non commercial use. Update and run your newly installed Anti-Virus, let it remove/quarantee what it finds, and post a new HijackThis log so we can move on. -------------------- Private Messages for personal support will be ignored. If you need help post in the forum.

Misuihc View Member Profile	Nov 8 2008, 04:00 PM Post #5
Member Group: Members Posts: 16 Joined: 1-June 07 Member No.: 134,000	Here is an updated HijackThis log. The antivirus did not detect any viruses or unwanted programs. I used Avira AntiVirus. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:55:34 PM, on 11/8/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GEST] = O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: xycoah.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ljJASLby - ljJASLby.dll (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 7897 bytes

chryssi2001 View Member Profile	Nov 9 2008, 02:31 AM Post #6
Forum Addict Group: HJT Team Posts: 1,930 Joined: 20-February 07 Member No.: 112,843	Hello Misuihc, Download ComboFix from one of these locations: A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use. Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See this topic if you need help to disable your protection programs. Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt** in your next reply along with a HijackThis log so we can continue cleaning the system. -------------------- Private Messages for personal support will be ignored. If you need help post in the forum.

Misuihc View Member Profile	Nov 9 2008, 06:28 AM Post #7
Member Group: Members Posts: 16 Joined: 1-June 07 Member No.: 134,000	Here is the combofix log.txt you requested: combo_fix_log.txt ( 21.7k ) Number of downloads: 14 Here is the latest Hijack Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:30:19 AM, on 11/9/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\explorer.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [GEST] = O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: xycoah.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 7233 bytes This post has been edited by Misuihc: Nov 9 2008, 06:31 AM

chryssi2001 View Member Profile	Nov 9 2008, 08:39 AM Post #8
Forum Addict Group: HJT Team Posts: 1,930 Joined: 20-February 07 Member No.: 112,843	Hello Misuihc, I see you have Megaupload Toolbar installed. Read this and decide whether you wish to keep it or not. CODE "This toolbar integrates certain services from alexa internet,inc. ("Alexa"). The toolbar may exchange data with Alexa in orderto provide: (a) information to you about the web pages you view (ranking information, for example) and (b) basic information to alexa on your use of the toolbar, including the ip address of your computer, the url of the web pages you visit and, because the toolbar communicates via http, data typical of normal http communications such as user agent and operating system, will be communicated." If you decide to uninstall it, use Add/Remove programs and remove: MegauploadToolbar Let me know if you uninstalled it. so i will remove any remainants. ---------------------------------------------- P2P PROGRAMS IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer. BitLord References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/commun...protection.mspx http://www.techweb.com/wire/160500554 http://www.internetworldstats.com/articles/art053.htm See Clean/Infected P2P Programs here Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red). If you choose not to remove them, please do not use them until this computer is clean. ---------------------------------------------- I need to find where a file is located. FileLook Please download FileLook by jpshortstuff from one of the following mirrors: Link 1 Link 2 Double-click FileLook.exe to run it. (Vista users will almost certainly have to right click and select Run As Administrator) Ensure that the BBCode Ouput checkbox is checked. Copy the content of the following codebox into the main textfield: CODE xycoah.dll /s Click the FileLook button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found at C:\fl_log.txt ---------------------------------------------- Post back: FileLook report. Your decision about Megaupoload Toolbar. Please do not attach any reports i ask, just post them normally. It makes my work difficult. -------------------- Private Messages for personal support will be ignored. If you need help post in the forum.

Misuihc View Member Profile	Nov 9 2008, 03:23 PM Post #9
Member Group: Members Posts: 16 Joined: 1-June 07 Member No.: 134,000	hello. i apologize for attaching combofix log.txt i thought it would be easier for you if i attached it because it was very lengthy. here is the filelook report: FileLook.exe v2.0 by jpshortstuff Log created at 12:17 on 09/11/2008 ================================== FileSearch - "XYCOAH.DLL" ============================== =EOF= i have decided to uninstall megaupload toolbar and bitlord. i will be replacing bitlord with a safer torrent program: u torrent. This post has been edited by Misuihc: Nov 9 2008, 03:29 PM

chryssi2001 View Member Profile	Nov 10 2008, 07:43 AM Post #10
Forum Addict Group: HJT Team Posts: 1,930 Joined: 20-February 07 Member No.: 112,843	Hello Misuihc, QUOTE hello. i apologize for attaching combofix log.txt i thought it would be easier for you if i attached it because it was very lengthy. You couldn't know! QUOTE i have decided to uninstall megaupload toolbar and bitlord. i will be replacing bitlord with a safer torrent program: u torrent. Ok, i will remove Megaupload toolbar remainants. As for u Torrent, please do not install it, or use it now, untill we finish cleaning your pc. ---------------------------------------------- Disable Spyware Doctor until the computer is clean Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor: Click the Spyware Doctor icon in the System Tray. Click Settings Click Startup Settings under Pick a Category. Uncheck Run at Windows startup. Click Apply and Exit Spyware Doctor Don't forget to re-enable it, when your computer is clean. ---------------------------------------------- COMBOFIX-Script A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: CODE Folder:: c:\program files\BitLord c:\program files\MegauploadToolbar c:\documents and settings\Simon\Application Data\MegauploadToolbar c:\progra~1\MEGAUP~2 DirLook:: C:\ProgramData Registry:: [-HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}] [-HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GEST"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BitLord\\BitLord.exe"=- Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. ---------------------------------------------- It seems that this program is corrupted and not working on start up so i am removing it from start up. You can go into the program and re-enable it again. O4 - HKLM\..\Run: [GEST] = ---------------------------------------------- Post back: Combofix report. A new HijackThis log. -------------------- Private Messages for personal support will be ignored. If you need help post in the forum.

Misuihc View Member Profile	Nov 10 2008, 01:27 PM Post #11
Member Group: Members Posts: 16 Joined: 1-June 07 Member No.: 134,000	Here is the updated hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:25:08 AM, on 11/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 6315 bytes Here is the combofix log: ComboFix 08-11-09.04 - Simon 2008-11-10 10:19:13.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2783 [GMT -8:00] Running from: c:\documents and settings\Simon\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Simon\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\BitLord c:\program files\BitLord\BitLord.xml c:\program files\BitLord\Downloads.xml c:\program files\BitLord\Downloads\clip2_384[1].mpeg.bc! c:\program files\BitLord\Downloads\office 2007\Access.en-us\Access.en-us\AccessMUI.msi c:\program files\BitLord\Downloads\office 2007\Access.en-us\Access.en-us\AccessMUI.xml c:\program files\BitLord\Downloads\office 2007\Access.en-us\Access.en-us\AccLR.cab c:\program files\BitLord\Downloads\office 2007\Access.en-us\AccessMUISet.msi c:\program files\BitLord\Downloads\office 2007\Access.en-us\AccessMUISet.xml c:\program files\BitLord\Downloads\office 2007\Access.en-us\setup.xml c:\program files\BitLord\Downloads\office 2007\Admin\de-de\access12.opa c:\program files\BitLord\Downloads\office 2007\Admin\de-de\cpao12.opa c:\program files\BitLord\Downloads\office 2007\Admin\de-de\excel12.opa c:\program files\BitLord\Downloads\office 2007\Admin\de-de\groove12.opa c:\program files\BitLord\Downloads\office 2007\Admin\de-de\ic12.opa c:\program files\BitLord\Downloads\office 2007\Admin\de-de\inf12.opa c:\program files\BitLord\Downloads\office 2007\Admin\de-de\oct.chm c:\program files\BitLord\Downloads\office 2007\Admin\de-de\octres.dll c:\program files\BitLord\Downloads\office 2007\Admin\de-de\office12.opa c:\program files\BitLord\Downloads\office 2007\Admin\de-de\onent12.opa c:\program files\BitLord\Downloads\office 2007\Admin\de-de\outlk12.opa c:\program files\BitLord\Downloads\office 2007\Admin\de-de\ppt12.opa c:\program files\BitLord\Downloads\office 2007\Admin\de-de\proj12.opa c:\program files\BitLord\Downloads\office 2007\Admin\de-de\pub12.opa c:\program files\BitLord\Downloads\office 2007\Admin\de-de\spd12.opa c:\program files\BitLord\Downloads\office 2007\Admin\de-de\visio12.opa c:\program files\BitLord\Downloads\office 2007\Admin\de-de\word12.opa c:\program files\BitLord\Downloads\office 2007\Admin\en-us\access12.opa c:\program files\BitLord\Downloads\office 2007\Admin\en-us\cpao12.opa c:\program files\BitLord\Downloads\office 2007\Admin\en-us\excel12.opa c:\program files\BitLord\Downloads\office 2007\Admin\en-us\groove12.opa c:\program files\BitLord\Downloads\office 2007\Admin\en-us\ic12.opa c:\program files\BitLord\Downloads\office 2007\Admin\en-us\inf12.opa c:\program files\BitLord\Downloads\office 2007\Admin\en-us\oct.chm c:\program files\BitLord\Downloads\office 2007\Admin\en-us\octres.dll c:\program files\BitLord\Downloads\office 2007\Admin\en-us\office12.opa c:\program files\BitLord\Downloads\office 2007\Admin\en-us\onent12.opa c:\program files\BitLord\Downloads\office 2007\Admin\en-us\outlk12.opa c:\program files\BitLord\Downloads\office 2007\Admin\en-us\ppt12.opa c:\program files\BitLord\Downloads\office 2007\Admin\en-us\proj12.opa c:\program files\BitLord\Downloads\office 2007\Admin\en-us\pub12.opa c:\program files\BitLord\Downloads\office 2007\Admin\en-us\spd12.opa c:\program files\BitLord\Downloads\office 2007\Admin\en-us\visio12.opa c:\program files\BitLord\Downloads\office 2007\Admin\en-us\word12.opa c:\program files\BitLord\Downloads\office 2007\Admin\es-es\access12.opa c:\program files\BitLord\Downloads\office 2007\Admin\es-es\cpao12.opa c:\program files\BitLord\Downloads\office 2007\Admin\es-es\excel12.opa c:\program files\BitLord\Downloads\office 2007\Admin\es-es\groove12.opa c:\program files\BitLord\Downloads\office 2007\Admin\es-es\ic12.opa c:\program files\BitLord\Downloads\office 2007\Admin\es-es\inf12.opa c:\program files\BitLord\Downloads\office 2007\Admin\es-es\oct.chm c:\program files\BitLord\Downloads\office 2007\Admin\es-es\octres.dll c:\program files\BitLord\Downloads\office 2007\Admin\es-es\office12.opa c:\program files\BitLord\Downloads\office 2007\Admin\es-es\onent12.opa c:\program files\BitLord\Downloads\office 2007\Admin\es-es\outlk12.opa c:\program files\BitLord\Downloads\office 2007\Admin\es-es\ppt12.opa c:\program files\BitLord\Downloads\office 2007\Admin\es-es\proj12.opa c:\program files\BitLord\Downloads\office 2007\Admin\es-es\pub12.opa c:\program files\BitLord\Downloads\office 2007\Admin\es-es\spd12.opa c:\program files\BitLord\Downloads\office 2007\Admin\es-es\visio12.opa c:\program files\BitLord\Downloads\office 2007\Admin\es-es\word12.opa c:\program files\BitLord\Downloads\office 2007\Admin\fr-fr\access12.opa c:\program files\BitLord\Downloads\office 2007\Admin\fr-fr\cpao12.opa c:\program files\BitLord\Downloads\office 2007\Admin\fr-fr\excel12.opa c:\program files\BitLord\Downloads\office 2007\Admin\fr-fr\groove12.opa c:\program files\BitLord\Downloads\office 2007\Admin\fr-fr\ic12.opa c:\program files\BitLord\Downloads\office 2007\Admin\fr-fr\inf12.opa c:\program files\BitLord\Downloads\office 2007\Admin\fr-fr\oct.chm c:\program files\BitLord\Downloads\office 2007\Admin\fr-fr\octres.dll c:\program files\BitLord\Downloads\office 2007\Admin\fr-fr\office12.opa c:\program files\BitLord\Downloads\office 2007\Admin\fr-fr\onent12.opa c:\program files\BitLord\Downloads\office 2007\Admin\fr-fr\outlk12.opa c:\program files\BitLord\Downloads\office 2007\Admin\fr-fr\ppt12.opa c:\program files\BitLord\Downloads\office 2007\Admin\fr-fr\proj12.opa c:\program files\BitLord\Downloads\office 2007\Admin\fr-fr\pub12.opa c:\program files\BitLord\Downloads\office 2007\Admin\fr-fr\spd12.opa c:\program files\BitLord\Downloads\office 2007\Admin\fr-fr\visio12.opa c:\program files\BitLord\Downloads\office 2007\Admin\fr-fr\word12.opa c:\program files\BitLord\Downloads\office 2007\Admin\it-it\access12.opa c:\program files\BitLord\Downloads\office 2007\Admin\it-it\cpao12.opa c:\program files\BitLord\Downloads\office 2007\Admin\it-it\excel12.opa c:\program files\BitLord\Downloads\office 2007\Admin\it-it\groove12.opa c:\program files\BitLord\Downloads\office 2007\Admin\it-it\ic12.opa c:\program files\BitLord\Downloads\office 2007\Admin\it-it\inf12.opa c:\program files\BitLord\Downloads\office 2007\Admin\it-it\oct.chm c:\program files\BitLord\Downloads\office 2007\Admin\it-it\octres.dll c:\program files\BitLord\Downloads\office 2007\Admin\it-it\office12.opa c:\program files\BitLord\Downloads\office 2007\Admin\it-it\onent12.opa c:\program files\BitLord\Downloads\office 2007\Admin\it-it\outlk12.opa c:\program files\BitLord\Downloads\office 2007\Admin\it-it\ppt12.opa c:\program files\BitLord\Downloads\office 2007\Admin\it-it\proj12.opa c:\program files\BitLord\Downloads\office 2007\Admin\it-it\pub12.opa c:\program files\BitLord\Downloads\office 2007\Admin\it-it\spd12.opa c:\program files\BitLord\Downloads\office 2007\Admin\it-it\visio12.opa c:\program files\BitLord\Downloads\office 2007\Admin\it-it\word12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ja-jp\access12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ja-jp\cpao12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ja-jp\excel12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ja-jp\groove12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ja-jp\ic12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ja-jp\inf12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ja-jp\oct.chm c:\program files\BitLord\Downloads\office 2007\Admin\ja-jp\octres.dll c:\program files\BitLord\Downloads\office 2007\Admin\ja-jp\office12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ja-jp\onent12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ja-jp\outlk12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ja-jp\ppt12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ja-jp\proj12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ja-jp\pub12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ja-jp\spd12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ja-jp\visio12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ja-jp\word12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ko-kr\access12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ko-kr\cpao12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ko-kr\excel12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ko-kr\groove12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ko-kr\ic12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ko-kr\inf12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ko-kr\oct.chm c:\program files\BitLord\Downloads\office 2007\Admin\ko-kr\octres.dll c:\program files\BitLord\Downloads\office 2007\Admin\ko-kr\office12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ko-kr\onent12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ko-kr\outlk12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ko-kr\ppt12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ko-kr\proj12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ko-kr\pub12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ko-kr\spd12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ko-kr\visio12.opa c:\program files\BitLord\Downloads\office 2007\Admin\ko-kr\word12.opa c:\program files\BitLord\Downloads\office 2007\Admin\oct.dll c:\program files\BitLord\Downloads\office 2007\Admin\octca.dll c:\program files\BitLord\Downloads\office 2007\Admin\zh-cn\access12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-cn\cpao12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-cn\excel12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-cn\groove12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-cn\ic12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-cn\inf12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-cn\oct.chm c:\program files\BitLord\Downloads\office 2007\Admin\zh-cn\octres.dll c:\program files\BitLord\Downloads\office 2007\Admin\zh-cn\office12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-cn\onent12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-cn\outlk12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-cn\ppt12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-cn\proj12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-cn\pub12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-cn\spd12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-cn\visio12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-cn\word12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-tw\access12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-tw\cpao12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-tw\excel12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-tw\groove12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-tw\ic12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-tw\inf12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-tw\oct.chm c:\program files\BitLord\Downloads\office 2007\Admin\zh-tw\octres.dll c:\program files\BitLord\Downloads\office 2007\Admin\zh-tw\office12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-tw\onent12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-tw\outlk12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-tw\ppt12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-tw\proj12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-tw\pub12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-tw\spd12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-tw\visio12.opa c:\program files\BitLord\Downloads\office 2007\Admin\zh-tw\word12.opa c:\program files\BitLord\Downloads\office 2007\autorun.inf c:\program files\BitLord\Downloads\office 2007\Catalog\files12.cat c:\program files\BitLord\Downloads\office 2007\Enterprise.WW\config.xml c:\program files\BitLord\Downloads\office 2007\Enterprise.WW\EnterpriseWW.msi c:\program files\BitLord\Downloads\office 2007\Enterprise.WW\EnterpriseWW.xml c:\program files\BitLord\Downloads\office 2007\Enterprise.WW\EnterWW.cab c:\program files\BitLord\Downloads\office 2007\Enterprise.WW\ID_00030.DPC c:\program files\BitLord\Downloads\office 2007\Enterprise.WW\Office64WW.msi c:\program files\BitLord\Downloads\office 2007\Enterprise.WW\Office64WW.xml c:\program files\BitLord\Downloads\office 2007\Enterprise.WW\ose.exe c:\program files\BitLord\Downloads\office 2007\Enterprise.WW\osetup.dll c:\program files\BitLord\Downloads\office 2007\Enterprise.WW\OWOW64WW.cab c:\program files\BitLord\Downloads\office 2007\Enterprise.WW\setup.xml c:\program files\BitLord\Downloads\office 2007\Excel.en-us\ExcelLR.cab c:\program files\BitLord\Downloads\office 2007\Excel.en-us\ExcelMUI.msi c:\program files\BitLord\Downloads\office 2007\Excel.en-us\ExcelMUI.xml c:\program files\BitLord\Downloads\office 2007\Excel.en-us\setup.xml c:\program files\BitLord\Downloads\office 2007\Groove.en-us\Groove.en-us\GrooveLR.cab c:\program files\BitLord\Downloads\office 2007\Groove.en-us\Groove.en-us\GrooveMUI.msi c:\program files\BitLord\Downloads\office 2007\Groove.en-us\Groove.en-us\GrooveMUI.xml c:\program files\BitLord\Downloads\office 2007\Groove.en-us\GrooveMUISet.msi c:\program files\BitLord\Downloads\office 2007\Groove.en-us\GrooveMUISet.xml c:\program files\BitLord\Downloads\office 2007\Groove.en-us\setup.xml c:\program files\BitLord\Downloads\office 2007\InfoPath.en-us\InfLR.cab c:\program files\BitLord\Downloads\office 2007\InfoPath.en-us\InfoPathMUI.msi c:\program files\BitLord\Downloads\office 2007\InfoPath.en-us\InfoPathMUI.xml c:\program files\BitLord\Downloads\office 2007\InfoPath.en-us\setup.xml c:\program files\BitLord\Downloads\office 2007\Office.en-us\1033\dwintl20.dll c:\program files\BitLord\Downloads\office 2007\Office.en-us\branding.xml c:\program files\BitLord\Downloads\office 2007\Office.en-us\DW20.EXE c:\program files\BitLord\Downloads\office 2007\Office.en-us\dwdcw20.dll c:\program files\BitLord\Downloads\office 2007\Office.en-us\dwtrig20.exe c:\program files\BitLord\Downloads\office 2007\Office.en-us\Microsoft.VC80.CRT.manifest c:\program files\BitLord\Downloads\office 2007\Office.en-us\msvcr80.dll c:\program files\BitLord\Downloads\office 2007\Office.en-us\OfficeLR.cab c:\program files\BitLord\Downloads\office 2007\Office.en-us\OfficeMUI.msi c:\program files\BitLord\Downloads\office 2007\Office.en-us\OfficeMUI.xml c:\program files\BitLord\Downloads\office 2007\Office.en-us\OfficeMUISet.msi c:\program files\BitLord\Downloads\office 2007\Office.en-us\OfficeMUISet.xml c:\program files\BitLord\Downloads\office 2007\Office.en-us\osetupui.dll c:\program files\BitLord\Downloads\office 2007\Office.en-us\pss10r.chm c:\program files\BitLord\Downloads\office 2007\Office.en-us\setup.chm c:\program files\BitLord\Downloads\office 2007\Office.en-us\setup.xml c:\program files\BitLord\Downloads\office 2007\Office.en-us\ShellUI.MST c:\program files\BitLord\Downloads\office 2007\Office64.en-us\Office64MUI.msi c:\program files\BitLord\Downloads\office 2007\Office64.en-us\Office64MUI.xml c:\program files\BitLord\Downloads\office 2007\Office64.en-us\Office64MUISet.msi c:\program files\BitLord\Downloads\office 2007\Office64.en-us\Office64MUISet.xml c:\program files\BitLord\Downloads\office 2007\Office64.en-us\OWOW64LR.cab c:\program files\BitLord\Downloads\office 2007\Office64.en-us\setup.xml c:\program files\BitLord\Downloads\office 2007\OneNote.en-us\OneNoteMUI.msi c:\program files\BitLord\Downloads\office 2007\OneNote.en-us\OneNoteMUI.xml c:\program files\BitLord\Downloads\office 2007\OneNote.en-us\OnoteLR.cab c:\program files\BitLord\Downloads\office 2007\OneNote.en-us\setup.xml c:\program files\BitLord\Downloads\office 2007\Outlook.en-us\OutlkLR.cab c:\program files\BitLord\Downloads\office 2007\Outlook.en-us\OutlookMUI.msi c:\program files\BitLord\Downloads\office 2007\Outlook.en-us\OutlookMUI.xml c:\program files\BitLord\Downloads\office 2007\Outlook.en-us\setup.xml c:\program files\BitLord\Downloads\office 2007\PowerPoint.en-us\PowerPointMUI.msi c:\program files\BitLord\Downloads\office 2007\PowerPoint.en-us\PowerPointMUI.xml c:\program files\BitLord\Downloads\office 2007\PowerPoint.en-us\PptLR.cab c:\program files\BitLord\Downloads\office 2007\PowerPoint.en-us\setup.xml c:\program files\BitLord\Downloads\office 2007\Proofing.en-us\Proof.en\Proof.cab c:\program files\BitLord\Downloads\office 2007\Proofing.en-us\Proof.en\Proof.msi c:\program files\BitLord\Downloads\office 2007\Proofing.en-us\Proof.en\Proof.xml c:\program files\BitLord\Downloads\office 2007\Proofing.en-us\Proof.es\Proof.cab c:\program files\BitLord\Downloads\office 2007\Proofing.en-us\Proof.es\Proof.msi c:\program files\BitLord\Downloads\office 2007\Proofing.en-us\Proof.es\Proof.xml c:\program files\BitLord\Downloads\office 2007\Proofing.en-us\Proof.fr\Proof.cab c:\program files\BitLord\Downloads\office 2007\Proofing.en-us\Proof.fr\Proof.msi c:\program files\BitLord\Downloads\office 2007\Proofing.en-us\Proof.fr\Proof.xml c:\program files\BitLord\Downloads\office 2007\Proofing.en-us\Proofing.msi c:\program files\BitLord\Downloads\office 2007\Proofing.en-us\Proofing.xml c:\program files\BitLord\Downloads\office 2007\Proofing.en-us\setup.xml c:\program files\BitLord\Downloads\office 2007\Publisher.en-us\PublisherMUI.msi c:\program files\BitLord\Downloads\office 2007\Publisher.en-us\PublisherMUI.xml c:\program files\BitLord\Downloads\office 2007\Publisher.en-us\PubLR.cab c:\program files\BitLord\Downloads\office 2007\Publisher.en-us\setup.xml c:\program files\BitLord\Downloads\office 2007\README.HTM c:\program files\BitLord\Downloads\office 2007\Rosebud.en-us\RbudLR.cab c:\program files\BitLord\Downloads\office 2007\Rosebud.en-us\RosebudMUI.msi c:\program files\BitLord\Downloads\office 2007\Rosebud.en-us\RosebudMUI.xml c:\program files\BitLord\Downloads\office 2007\Rosebud.en-us\setup.xml c:\program files\BitLord\Downloads\office 2007\Serial.txt c:\program files\BitLord\Downloads\office 2007\setup.exe c:\program files\BitLord\Downloads\office 2007\Updates\README.TXT c:\program files\BitLord\Downloads\office 2007\Word.en-us\setup.xml c:\program files\BitLord\Downloads\office 2007\Word.en-us\WordLR.cab c:\program files\BitLord\Downloads\office 2007\Word.en-us\WordMUI.msi c:\program files\BitLord\Downloads\office 2007\Word.en-us\WordMUI.xml c:\program files\BitLord\lang\lang_ar_ae.xml c:\program files\BitLord\lang\lang_bg_bg.xml c:\program files\BitLord\lang\lang_ca_es.xml c:\program files\BitLord\lang\lang_cz_cz.xml c:\program files\BitLord\lang\lang_da_dk.xml c:\program files\BitLord\lang\lang_de_de.xml c:\program files\BitLord\lang\lang_el_gr.xml c:\program files\BitLord\lang\lang_en_us.xml c:\program files\BitLord\lang\lang_es_ar.xml c:\program files\BitLord\lang\lang_es_es.xml c:\program files\BitLord\lang\lang_et_ee.xml c:\program files\BitLord\lang\lang_fi_fi.xml c:\program files\BitLord\lang\lang_fr_fr.xml c:\program files\BitLord\lang\lang_gl_es.xml c:\program files\BitLord\lang\lang_he_il.xml c:\program files\BitLord\lang\lang_hu_hu.xml c:\program files\BitLord\lang\lang_it_it.xml c:\program files\BitLord\lang\lang_jp_jp.xml c:\program files\BitLord\lang\lang_ko_kr.xml c:\program files\BitLord\lang\lang_nb_no.xml c:\program files\BitLord\lang\lang_nl_nl.xml c:\program files\BitLord\lang\lang_pl_pl.xml c:\program files\BitLord\lang\lang_pt_br.xml c:\program files\BitLord\lang\lang_pt_pt.xml c:\program files\BitLord\lang\lang_ro_ro.xml c:\program files\BitLord\lang\lang_ru_ru.xml c:\program files\BitLord\lang\lang_sk_sk.xml c:\program files\BitLord\lang\lang_sl_si.xml c:\program files\BitLord\lang\lang_sr_sr.xml c:\program files\BitLord\lang\lang_sv_se.xml c:\program files\BitLord\lang\lang_th_th.xml c:\program files\BitLord\lang\lang_tr_tr.xml c:\program files\BitLord\lang\lang_va_es.xml c:\program files\BitLord\lang\lang_zh_tw.xml c:\program files\BitLord\rules\ipfilter.dat c:\program files\BitLord\Torrents\ATI Far Cry 2 Hotfix - Optimised.torrent c:\program files\BitLord\Torrents\clip2_384[1].mpeg.torrent c:\program files\BitLord\Torrents\clip2_384[1].mpeg.xml c:\program files\BitLord\Torrents\DIET ANALYSIS PLUS 8.0.torrent c:\program files\BitLord\Torrents\DirectX 10 for Xp.torrent c:\program files\BitLord\Torrents\DirectX.10.for.XP.rar.torrent c:\program files\BitLord\Torrents\jacks.too.bu.ku.2-tia ling.avi.torrent c:\program files\BitLord\Torrents\JB4944 - Cum In My Mouth Please.wmv.torrent c:\program files\BitLord\Torrents\MS Office Enterprise 2007 (Registered)a12.rar.torrent c:\program files\BitLord\Torrents\NBA.2K9-RELOADED.torrent c:\program files\BitLord\Torrents\NBA.2K9-RELOADED[0].torrent c:\program files\BitLord\Torrents\NBA.2K9-RELOADED[1].torrent c:\program files\BitLord\Torrents\office 2007.torrent c:\program files\BitLord\Torrents\Pirates.Stagnettis.Revenge.XXX.DVDRiP.XviD-POSSESSED.torrent c:\program files\BitLord\Torrents\RAZOR1911 [WEB SEED] FAR CRY 2 CRACK - REAL 100% FULLY WORKING.rar.torrent c:\program files\BitLord\Torrents\Stoya & Katsumi - Katsuni Video Nasty 4.avi.torrent c:\program files\BitLord\Torrents\Teanna Kai & Ed Powers.mpeg.torrent c:\program files\BitLord\Torrents\The Sims 2 Kitchen & Bath Interior Design Stuff - Crack.exe.torrent c:\program files\BitLord\Torrents\WM Recorder 12 Demo to Full Patch.torrent . ((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 ))))))))))))))))))))))))))))))) . 2008-11-08 12:12 . 2008-11-08 12:12 <DIR> d-------- c:\program files\Avira 2008-11-08 12:12 . 2008-11-08 12:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2008-11-08 06:46 . 2008-11-08 06:46 <DIR> d-------- c:\program files\Trend Micro 2008-11-06 17:58 . 2008-11-06 17:58 <DIR> d-------- c:\documents and settings\Simon\.realobjects 2008-11-06 17:57 . 2008-11-06 17:57 <DIR> d-------- c:\windows\Sun 2008-11-06 17:17 . 2008-11-06 17:17 <DIR> d-------- c:\program files\Java 2008-11-06 17:17 . 2008-11-06 17:17 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-06 17:17 . 2008-11-06 17:17 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-06 01:23 . 2008-11-06 14:04 <DIR> d-------- c:\program files\EA GAMES 2008-11-06 01:23 . 2004-08-17 19:14 442,368 -ra------ c:\windows\system32\vp6vfw.dll 2008-11-05 18:58 . 2008-11-05 18:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2008-11-05 18:52 . 2008-11-05 18:52 <DIR> d--h----- c:\program files\Zero G Registry 2008-11-05 18:52 . 2008-11-05 23:00 <DIR> d-------- c:\program files\Britannica 8.0 2008-11-05 18:51 . 2008-11-05 18:51 <DIR> d--h----- c:\documents and settings\Simon\InstallAnywhere 2008-10-30 15:48 . 2008-10-30 15:57 <DIR> d-------- c:\documents and settings\Simon\Application Data\Red Alert 3 2008-10-28 16:16 . 2007-07-30 18:19 271,224 --a------ c:\windows\system32\mucltui.dll 2008-10-28 16:16 . 2007-07-30 18:19 207,736 --a------ c:\windows\system32\muweb.dll 2008-10-28 16:16 . 2007-07-30 18:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui 2008-10-28 14:45 . 2008-10-28 14:45 <DIR> d-------- c:\program files\Bethesda Softworks 2008-10-28 14:45 . 2008-10-28 14:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3 2008-10-28 14:41 . 2008-10-28 14:41 <DIR> d-------- c:\windows\system32\XPSViewer 2008-10-28 14:41 . 2008-10-28 14:41 <DIR> d-------- c:\program files\Reference Assemblies 2008-10-28 14:41 . 2006-06-29 12:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-10-27 22:07 . 2008-10-27 22:07 <DIR> d-------- c:\program files\Windows Live 2008-10-27 22:07 . 2008-10-27 22:07 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller 2008-10-27 22:07 . 2008-10-27 22:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller 2008-10-27 03:07 . 2008-10-27 03:07 <DIR> d-------- c:\documents and settings\Simon\Application Data\Thomson Learning 2008-10-27 03:04 . 2008-11-08 16:17 <DIR> d-------- c:\program files\Diet Analysis Plus 8.0 2008-10-27 00:56 . 2008-10-27 00:56 <DIR> d-------- c:\program files\Electronic Arts 2008-10-25 18:29 . 2008-10-25 18:29 <DIR> d-------- C:\ProgramData 2008-10-25 18:28 . 2008-10-25 18:28 <DIR> d-------- c:\documents and settings\Simon\Application Data\Leadertech 2008-10-25 09:11 . 2008-10-25 09:11 <DIR> d-------- c:\documents and settings\Simon\Application Data\2K Sports 2008-10-25 08:46 . 2008-10-25 18:05 <DIR> d-------- c:\program files\NBA 2K9 2008-10-24 21:11 . 2008-10-24 21:11 <DIR> d-------- c:\program files\Sega 2008-10-24 00:30 . 2008-03-09 06:25 236 --ah----- c:\program files\Common Files\dx.reg 2008-10-24 00:18 . 2008-10-24 00:18 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2008-10-24 00:17 . 2008-10-24 00:17 2,250,024 --a------ c:\windows\system32\pbsvc.exe 2008-10-24 00:17 . 2008-10-24 00:18 107,832 --a------ c:\windows\system32\PnkBstrB.exe 2008-10-24 00:17 . 2008-10-24 00:17 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2008-10-24 00:04 . 2008-10-24 00:04 <DIR> d-------- c:\program files\CCleaner 2008-10-24 00:00 . 2008-10-24 00:00 <DIR> d-------- c:\documents and settings\Simon\Application Data\Uniblue 2008-10-23 18:29 . 2008-10-31 15:17 <DIR> d-------- c:\windows\system32\LogFiles 2008-10-23 18:29 . 2008-10-24 00:18 22,328 --a------ c:\documents and settings\Simon\Application Data\PnkBstrK.sys 2008-10-23 05:02 . 2008-10-23 05:02 <DIR> d-------- c:\program files\Common Files\DirectX 2008-10-22 15:32 . 2008-10-22 15:32 <DIR> d-------- c:\program files\Sygate 2008-10-22 15:32 . 2004-10-15 17:32 83,096 --a------ c:\windows\system32\SSSensor.dll 2008-10-22 15:32 . 2004-10-15 17:17 60,496 --a------ c:\windows\system32\drivers\Teefer.sys 2008-10-22 15:32 . 2004-10-15 17:18 21,075 --a------ c:\windows\system32\drivers\wpsdrvnt.sys 2008-10-22 15:32 . 2004-10-15 17:32 14,568 --a------ c:\windows\system32\drivers\wg6n.sys 2008-10-22 15:32 . 2004-10-15 17:32 14,568 --a------ c:\windows\system32\drivers\wg5n.sys 2008-10-22 15:32 . 2004-10-15 17:32 14,568 --a------ c:\windows\system32\drivers\wg4n.sys 2008-10-22 15:32 . 2004-10-15 17:32 14,568 --a------ c:\windows\system32\drivers\wg3n.sys 2008-10-22 15:19 . 2008-10-24 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-22 15:12 . 2008-10-22 15:12 <DIR> d-------- c:\program files\Lavasoft 2008-10-22 15:12 . 2008-10-22 15:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-10-22 14:36 . 2008-08-14 02:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-22 14:36 . 2008-08-14 02:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-22 14:36 . 2008-08-14 01:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-22 14:36 . 2008-08-14 01:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-22 09:40 . 2008-10-22 09:40 <DIR> d-------- c:\documents and settings\Simon\Application Data\Malwarebytes 2008-10-22 09:40 . 2008-10-22 09:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-10-22 09:25 . 2008-10-22 09:37 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-10-22 09:25 . 2008-10-22 09:25 <DIR> d-------- c:\documents and settings\Simon\Application Data\SUPERAntiSpyware.com 2008-10-22 09:25 . 2008-10-22 09:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-22 04:02 . 2008-10-22 09:37 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys 2008-10-22 03:15 . 2008-10-22 03:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\KONAMI 2008-10-22 02:51 . 2008-10-22 02:51 <DIR> d-------- c:\program files\KONAMI 2008-10-22 00:32 . 2008-10-22 00:32 <DIR> d-------- c:\program files\Real Alternative 2008-10-22 00:32 . 2008-10-22 00:32 <DIR> d-------- c:\documents and settings\Simon\Application Data\Media Player Classic 2008-10-20 00:10 . 2008-10-20 00:10 <DIR> d-------- c:\program files\AGEIA Technologies 2008-10-19 15:08 . 2008-10-19 15:08 <DIR> dr-h----- c:\documents and settings\Simon\Application Data\SecuROM 2008-10-19 12:16 . 2008-10-19 12:16 <DIR> d-------- c:\windows\system32\AGEIA 2008-10-19 12:16 . 2008-10-24 00:15 <DIR> d-------- c:\program files\Ubisoft 2008-10-19 12:16 . 2008-10-24 14:23 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-10-19 11:45 . 2008-11-01 00:09 <DIR> d-------- c:\documents and settings\Simon\Application Data\dvdcss 2008-10-18 23:46 . 2008-10-18 23:46 <DIR> d-------- c:\windows\system32\xlive 2008-10-18 23:11 . 2008-09-23 20:05 593,920 --------- c:\windows\system32\ati2sgag.exe 2008-10-18 23:08 . 2008-10-18 23:08 10 --a------ c:\windows\WININIT.INI 2008-10-18 22:48 . 2008-04-12 17:13 1,029,126 --a------ c:\windows\system32\d3d10.dll 2008-10-18 22:48 . 2007-04-19 00:59 519,912 --a------ c:\windows\system32\d3dx10d_33.dll 2008-10-18 22:48 . 2007-04-19 00:59 519,912 --a------ c:\windows\system32\d3dx10d.dll 2008-10-18 22:48 . 2006-11-29 13:06 440,080 --a------ c:\windows\system32\d3dx10.dll 2008-10-18 22:48 . 2008-04-22 20:59 167,948 --a------ c:\windows\system32\dxgi.dll 2008-10-18 22:48 . 2007-12-22 19:30 34,854 --a------ c:\windows\system32\directx10logo.bmp 2008-10-18 22:48 . 2007-04-18 01:13 25,037 --a------ c:\windows\system32\Nucleus.dll 2008-10-18 22:26 . 2008-10-19 01:41 <DIR> d-------- c:\documents and settings\Simon\Application Data\Microsoft Games 2008-10-18 21:45 . 2008-10-18 21:45 319 --a------ c:\windows\game.ini 2008-10-18 21:40 . 2008-10-18 21:40 <DIR> d-------- c:\program files\Activision 2008-10-18 21:34 . 2008-10-18 21:34 <DIR> d--hs---- c:\windows\ftpcache 2008-10-18 09:00 . 2008-10-18 09:00 <DIR> d-------- c:\windows\Logs 2008-10-18 02:25 . 2005-07-14 09:30 30,664 --a------ c:\windows\system32\oemlogo.mrt 2008-10-18 02:25 . 2005-01-01 19:00 1,017 --a------ c:\windows\system32\oeminfo.mrt 2008-10-18 00:51 . 2008-10-19 15:08 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2008-10-17 23:02 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\d3dx9_37.dll 2008-10-17 23:02 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll 2008-10-17 23:02 . 2008-03-05 14:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll 2008-10-17 23:02 . 2007-10-12 14:14 1,374,232 --a------ c:\windows\system32\D3DCompiler_36.dll 2008-10-17 23:02 . 2008-03-05 15:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll 2008-10-17 23:02 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll 2008-10-17 23:02 . 2007-10-02 09:56 444,776 --a------ c:\windows\system32\d3dx10_36.dll 2008-10-17 23:02 . 2007-10-22 02:39 267,272 --a------ c:\windows\system32\xactengine2_10.dll 2008-10-17 23:02 . 2007-07-19 23:57 267,112 --a------ c:\windows\system32\xactengine2_9.dll 2008-10-17 23:02 . 2008-03-05 15:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll 2008-10-17 23:02 . 2008-03-05 15:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll 2008-10-17 23:01 . 2008-10-17 23:01 <DIR> d-------- c:\program files\CAPCOM 2008-10-16 22:56 . 2008-10-22 03:11 50 --a------ c:\windows\MegaManager.INI 2008-10-16 21:59 . 2008-10-16 21:59 <DIR> d-------- c:\documents and settings\Simon\Application Data\Megaupload 2008-10-16 21:59 . 2008-10-16 21:59 <DIR> d-------- c:\documents and settings\Simon\Application Data\EmailNotifier 2008-10-16 21:59 . 2008-10-16 21:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Megaupload 2008-10-16 21:59 . 2008-10-16 21:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\EmailNotifier 2008-10-16 21:58 . 2008-10-16 21:58 <DIR> d-------- c:\program files\Megaupload 2008-10-16 15:14 . 2008-10-28 23:23 <DIR> d-------- c:\program files\Foxit Software 2008-10-16 12:49 . 2006-10-26 18:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2008-10-16 12:48 . 2008-10-28 14:43 <DIR> d-------- c:\program files\MSBuild 2008-10-16 12:48 . 2008-10-16 12:48 <DIR> d-------- c:\program files\Microsoft Works 2008-10-16 12:47 . 2008-10-16 12:47 <DIR> d-------- c:\program files\Microsoft.NET 2008-10-16 12:46 . 2008-10-21 12:36 <DIR> d-------- c:\windows\SHELLNEW 2008-10-16 12:46 . 2008-10-21 01:09 <DIR> d-------- c:\program files\Microsoft Visual Studio 8 2008-10-16 12:45 . 2008-10-16 12:45 <DIR> dr-h----- C:\MSOCache 2008-10-16 12:45 . 2008-10-21 12:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2008-10-16 12:37 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll 2008-10-16 12:37 . 2007-07-19 17:14 1,358,192 --a------ c:\windows\system32\D3DCompiler_35.dll 2008-10-16 12:37 . 2007-07-19 18:14 444,776 --a------ c:\windows\system32\d3dx10_35.dll 2008-10-16 12:30 . 2008-10-16 12:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2008-10-16 12:30 . 2008-10-16 12:30 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-10 09:15 --------- d-----w c:\program files\Steam 2008-10-28 22:45 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-24 02:22 --------- d-----w c:\program files\DAEMON Tools Lite 2008-10-22 08:46 --------- d-----w c:\program files\Windows Media Connect 2 2008-10-19 04:01 --------- d-----w c:\documents and settings\Simon\Application Data\Bioshock 2008-10-16 20:01 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-16 19:48 --------- d-----w c:\program files\microsoft frontpage 2008-10-16 19:40 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-10-16 19:40 --------- d-----w c:\documents and settings\Simon\Application Data\DAEMON Tools 2008-10-16 19:22 --------- d-----w c:\documents and settings\Simon\Application Data\vlc 2008-10-16 19:11 --------- d-----w c:\program files\VideoLAN 2008-10-16 17:46 --------- d-----w c:\program files\ATI Technologies 2008-10-16 08:30 --------- d-----w c:\program files\Microsoft IntelliType Pro 2008-10-16 08:30 --------- d-----w c:\program files\Microsoft IntelliPoint 2008-09-24 03:09 3,331,072 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2008-09-24 02:18 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll 2008-09-24 02:17 311,296 ----a-w c:\windows\system32\ati2dvag.dll 2008-09-24 02:09 10,772,480 ----a-w c:\windows\system32\atioglxx.dll 2008-09-24 02:07 188,416 ----a-w c:\windows\system32\atipdlxx.dll 2008-09-24 02:06 43,520 ----a-w c:\windows\system32\ati2edxx.dll 2008-09-24 02:06 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe 2008-09-24 02:06 143,360 ----a-w c:\windows\system32\Oemdspif.dll 2008-09-24 02:06 143,360 ----a-w c:\windows\system32\ati2evxx.dll 2008-09-24 02:04 581,632 ----a-w c:\windows\system32\ati2evxx.exe 2008-09-24 02:03 53,248 ----a-w c:\windows\system32\ATIDDC.DLL 2008-09-24 01:56 307,200 ----a-w c:\windows\system32\atiiiexx.dll 2008-09-24 01:54 4,008,864 ----a-w c:\windows\system32\ati3duag.dll 2008-09-24 01:38 2,399,744 ----a-w c:\windows\system32\ativvaxx.dll 2008-09-24 01:24 48,640 ----a-w c:\windows\system32\amdpcom32.dll 2008-09-24 01:20 380,928 ----a-w c:\windows\system32\atikvmag.dll 2008-09-24 01:19 39,424 ----a-w c:\windows\system32\atiadlxx.dll 2008-09-24 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2008-09-24 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll 2008-09-24 01:18 17,408 ----a-w c:\windows\system32\atitvo32.dll 2008-09-24 01:12 573,440 ----a-w c:\windows\system32\ati2cqag.dll 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\ProgramData ---- 2008-10-25 18:35 3228 --a------ c:\programdata\Electronic Arts\EADM\cache\Prefs.ead 2008-03-20 11:55 57382 -ra------ c:\programdata\Electronic Arts\EADM\cache\logs\LogReader.html ((((((((((((((((((((((((((((( snapshot@2008-11-09_ 3.22.18.23 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-09 11:20:34 16,608 ----a-w c:\windows\gdrv.sys + 2008-11-10 05:01:04 16,608 ----a-w c:\windows\gdrv.sys + 2008-11-10 05:01:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_140.dat + 2008-11-10 05:01:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_ac.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD}"= "c:\windows\system32\dvmurl.dll" [2008-05-02 146528] [HKEY_CLASSES_ROOT\clsid\{0063bf63-bfff-4b8f-9d26-4267df7f17dd}] [HKEY_CLASSES_ROOT\dvmurl.DvmIEGoogleSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "RTHDCPL"="RTHDCPL.EXE" [2008-06-26 c:\windows\RTHDCPL.exe] "SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\alcwzrd.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] c:\documents and settings\Simon\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\GIGABYTE\\EnergySaver\\run.exe"= "c:\\Program Files\\Steam\\steamapps\\aznblacklabel\\team fortress 2\\hl2.exe"= "c:\\Program Files\\Steam\\steamapps\\aznblacklabel\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"= R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-10-16 160792] R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2008-07-11 80392] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-05-20 93696] . Contents of the 'Scheduled Tasks' folder 2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [] . - - - - ORPHANS REMOVED - - - - WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file) ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-10 10:21:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant] "ImagePath"="" . Completion time: 2008-11-10 10:22:11 ComboFix-quarantined-files.txt 2008-11-10 18:22:05 ComboFix2.txt 2008-11-09 11:22:33 Pre-Run: 456,792,420,352 bytes free Post-Run: 456,730,931,200 bytes free 576 --- E O F --- 2008-11-10 11:52:57

chryssi2001 View Member Profile	Nov 10 2008, 01:39 PM Post #12
Forum Addict Group: HJT Team Posts: 1,930 Joined: 20-February 07 Member No.: 112,843	Hello Misuihc, Malwarebytes' Anti-Malware Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform full scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt Post that log back here. -------------------- Private Messages for personal support will be ignored. If you need help post in the forum.

Misuihc View Member Profile	Nov 10 2008, 02:06 PM Post #13
Member Group: Members Posts: 16 Joined: 1-June 07 Member No.: 134,000	Here is the Malwarebyte log: Malwarebytes' Anti-Malware 1.30 Database version: 1380 Windows 5.1.2600 Service Pack 3 11/10/2008 11:05:54 AM mbam-log-2008-11-10 (11-05-54).txt Scan type: Full Scan (C:\\|) Objects scanned: 102087 Time elapsed: 15 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

chryssi2001 View Member Profile	Nov 11 2008, 01:25 AM Post #14
Forum Addict Group: HJT Team Posts: 1,930 Joined: 20-February 07 Member No.: 112,843	Hello MIsuihc, JavaRa Please download JavaRa and unzip it to your desktop. *Please close any instances of Internet Explorer before continuing!* Double-click on JavaRa.exe to start the program. From the drop-down menu, choose English and click on Select. JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer. Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK. A logfile will pop up. Please save it to a convenient location, and copy/paste it back in this topic. In case the logfile doesn't pop up, you can find it here: C:\JavaRa.log ---------------------------------------------- Update Java Runtime You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 7. Go to http://java.sun.com/products/archive/j2se/6u7/index.html Click on Download JRE In Platform box choose Windows. Check the box to Accept License Agreement and click Continue. Click on Windows Offline Installation, click on the link under it which says "jre-6u7-windows-i586-p.exe" and save the downloaded file to your desktop. Go to Start => Control Panel => Add or Remove Programs Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE) Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions. Reboot your computer ---------------------------------------------- Run Kaspersky Online AV Scanner Note: Internet Explorer should be used. Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan and then put the kettle on! Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button. Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving. -------------------- Private Messages for personal support will be ignored. If you need help post in the forum.

Misuihc View Member Profile	Nov 11 2008, 06:21 AM Post #15
Member Group: Members Posts: 16 Joined: 1-June 07 Member No.: 134,000	Hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:19:19 AM, on 11/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 7094 bytes Scan report: KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, November 11, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, November 11, 2008 07:34:08 Records in database: 1379422 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area Folder Scan statistics Files scanned 55940 Threat name 0 Infected objects 0 Suspicious objects 0 Duration of the scan 00:58:15 No malware has been detected. The scan area is clean. The selected area was scanned. PC is running great, no choke ups, slowing down, or weird pop ups.

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 8th November 2009 - 08:39 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides