Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Irritating Pop-ups/slower Computer


  • Please log in to reply
11 replies to this topic

#1 anirudh215

anirudh215

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 28 August 2007 - 01:13 AM

I have no idea whats wrong with my computer. It is damn irritating. Here is my HijackThis log ::

Logfile of HijackThis v1.99.1
Scan saved at 11:35:51 AM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Avast!\aswUpdSv.exe
D:\Program Files\Avast!\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Avast!\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Avast!\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Java\bin\jusched.exe
D:\Program Files\Itunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
D:\PROGRA~1\Avast!\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/ig?hl=en
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast!\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo Messenger\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with Star Downloader - D:\PROGRA~1\STARDO~1\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Avast!\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Avast!\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Plase tell me what to do.

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 28 August 2007 - 04:47 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum anirudh215 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Now go to:
C:\Program Files\HijackThis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#3 anirudh215

anirudh215
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 28 August 2007 - 09:41 AM

Here's the VundoFix.txt file::

VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 8:01:18 PM 8/28/2007

Listing files found while scanning....

C:\WINDOWS\system32\rttss.bak1
C:\WINDOWS\system32\rttss.bak2
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\ssttr.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\rttss.bak1
C:\WINDOWS\system32\rttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rttss.bak2
C:\WINDOWS\system32\rttss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\rttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\ssttr.dll Has been deleted!

Performing Repairs to the registry.
Done!


What a lot of gibberish!

And here's the abc.bat(HijackThis) log file::

Logfile of HijackThis v1.99.1
Scan saved at 8:09:34 PM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Avast!\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Avast!\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Java\bin\jusched.exe
D:\Program Files\Itunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
D:\PROGRA~1\Avast!\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Avast!\ashMaiSv.exe
D:\Program Files\Avast!\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\abc.bat

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/ig?hl=en
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {40954C60-C169-43A2-A706-243594AEC241} - C:\WINDOWS\system32\ssttr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\system32\opnmklj.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast!\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo Messenger\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with Star Downloader - D:\PROGRA~1\STARDO~1\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: opnmklj - C:\WINDOWS\SYSTEM32\opnmklj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Avast!\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Avast!\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 28 August 2007 - 09:48 AM

Download KillBox,unzip/extract it to your desktop.
http://download.bleepingcomputer.com/spyware/KillBox.exe
Start up Killbox and place a check in 'Delete on Reboot'.
In the 'Full path of file to delete' box,copy and paste:
C:\WINDOWS\system32\opnmklj.dll
Then press the red button with the white cross.
It will then provide a window for you to confirm the delete.
Next it will ask if you now wish to reboot,select YES.
Allow it to reboot.
If it does'nt reboot automatically,reboot manually.

Download Systemscan and save it to your desktop.
Double-click on Systemscan.exe to run the tool.
A warning box will appear. Please read and click Ok.
When SystemScan opens, click the "Unselect all" button.
Important: under "Make your choice and than click..." check the boxes next to:

PC accounts
Recent files (60 days)
Hidden Objects


Everything else should be unchecked.
Click "Scan Now".
Another warning box will appear. Please follow the instructions and click Ok.
Systemscan will scan your computer and create a folder at C:\suspectfile to save the log files. Please be patient while the scan is in progress.
When the scan is complete, Notepad will automatically open a log file named report.txt.
This log file will show a list of all user accounts, all files/folders created in the last 60 days and any Hidden files that were found.
Copy and paste the contents of report.txt in your next reply.

Also post a new Hijackthis log.
Posted Image
Posted Image

#5 anirudh215

anirudh215
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 29 August 2007 - 08:47 AM

SystemScan - www.suspectfile.com - ver. 3.2.0

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 8/29/2007
Time: 7:12:37 PM

Output limited to:
-Recent files
-PC accounts
-Hidden objects

===================== Accounts on this PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| Guest (Disabled)
| HelpAssistant (Disabled)
Yes | KN
| SUPPORT_388945a0 (Disabled)

### users folders

18/07/2007 11:17:21 (DIR) 0 byte 42 days old -- All Users
18/07/2007 11:18:45 (DIR) 0 byte 42 days old -- Default User
18/07/2007 11:29:14 (DIR) 0 byte 42 days old -- NetworkService
18/07/2007 11:29:30 (DIR) 0 byte 42 days old -- LocalService
25/08/2007 11:27:28 (DIR) 0 byte 4 days old -- KN

===================== Recent files (60 days old)=====================

----- recent files in C:\
18/07/2007 11:18:36 0 byte 42 days old -- CONFIG.SYS
18/07/2007 11:18:36 0 byte 42 days old -- IO.SYS
18/07/2007 11:18:36 0 byte 42 days old -- MSDOS.SYS
18/07/2007 11:18:36 0 byte 42 days old -- AUTOEXEC.BAT
18/07/2007 11:29:33 (DIR) 0 byte 42 days old -- System Volume Information
18/07/2007 11:30:18 (DIR) 0 byte 42 days old -- Documents and Settings
18/07/2007 11:36:10 90 byte 42 days old -- INF.log
18/07/2007 11:39:03 90 byte 42 days old -- GFX.log
18/07/2007 11:41:15 391 byte 42 days old -- RtlSetup.log
18/07/2007 11:41:21 206 byte 42 days old -- Realtek.log
18/07/2007 11:43:38 224 byte 42 days old -- LAN.log
18/07/2007 11:45:46 (DIR) 0 byte 42 days old -- TempEI4
18/07/2007 12:58:18 (DIR) 0 byte 42 days old -- RECYCLER
18/07/2007 18:41:58 146 byte 42 days old -- YServer.txt
18/07/2007 22:32:12 268 byte 42 days old -- sqmdata00.sqm
18/07/2007 22:32:12 244 byte 42 days old -- sqmnoopt00.sqm
19/07/2007 11:33:55 244 byte 41 days old -- sqmnoopt01.sqm
19/07/2007 11:33:55 268 byte 41 days old -- sqmdata01.sqm
19/07/2007 11:33:57 268 byte 41 days old -- sqmdata02.sqm
19/07/2007 11:33:57 244 byte 41 days old -- sqmnoopt02.sqm
19/07/2007 20:50:08 268 byte 41 days old -- sqmdata03.sqm
19/07/2007 20:50:08 244 byte 41 days old -- sqmnoopt03.sqm
21/07/2007 14:32:18 (DIR) 0 byte 39 days old -- Converted Video
22/08/2007 17:05:16 (DIR) 0 byte 7 days old -- WINDOWS
24/08/2007 13:57:03 211 byte 5 days old -- boot.ini
25/08/2007 11:28:04 (DIR) 0 byte 4 days old -- SDFix
25/08/2007 11:28:05 (DIR) 0 byte 4 days old -- Program Files
28/08/2007 20:01:18 (DIR) 0 byte 1 days old -- VundoFix Backups
28/08/2007 20:03:44 835 byte 1 days old -- VundoFix.txt
29/08/2007 19:06:25 (DIR) 0 byte 0 days old -- !KillBox
29/08/2007 19:09:02 805306368 byte 0 days old -- pagefile.sys
29/08/2007 19:12:37 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
02/08/2007 15:09:00 (DIR) 0 byte 27 days old -- Sun
05/08/2007 20:14:12 7343 byte 24 days old -- yacs.log
18/07/2007 11:08:28 200 byte 42 days old -- cmsetacl.log
18/07/2007 11:11:54 (DIR) 0 byte 42 days old -- Cursors
18/07/2007 11:12:25 133 byte 42 days old -- DtcInstall.log
18/07/2007 11:12:33 37 byte 42 days old -- vbaddin.ini
18/07/2007 11:12:33 36 byte 42 days old -- vb.ini
18/07/2007 11:13:11 1022 byte 42 days old -- sessmgr.setup.log
18/07/2007 11:14:09 (DIR) 0 byte 42 days old -- pchealth
18/07/2007 11:16:39 (DIR) 0 byte 42 days old -- srchasst
18/07/2007 11:17:02 749 byte 42 days old -- WindowsShell.Manifest
18/07/2007 11:17:09 (DIR) 0 byte 42 days old -- Offline Web Pages
18/07/2007 11:17:12 (DIR) 0 byte 42 days old -- Web
18/07/2007 11:18:09 (DIR) 0 byte 42 days old -- Registration
18/07/2007 11:18:14 4161 byte 42 days old -- ODBCINST.INI
18/07/2007 11:18:36 0 byte 42 days old -- control.ini
18/07/2007 11:19:01 (DIR) 0 byte 42 days old -- repair
18/07/2007 11:19:02 (DIR) 0 byte 42 days old -- ime
18/07/2007 11:28:25 4382 byte 42 days old -- imsins.BAK
18/07/2007 11:29:17 8192 byte 42 days old -- REGLOCS.OLD
18/07/2007 11:30:15 747833 byte 42 days old -- setuplog.txt
18/07/2007 11:30:33 833 byte 42 days old -- OEWABLog.txt
18/07/2007 11:37:31 807 byte 42 days old -- DirectX.log
18/07/2007 11:40:17 (DIR) 0 byte 42 days old -- $NtUninstallKB888111WXPSP2$
18/07/2007 11:40:27 12012 byte 42 days old -- msmqinst.log
18/07/2007 11:40:33 17721 byte 42 days old -- FaxSetup.log
18/07/2007 11:40:33 17648 byte 42 days old -- ocgen.log
18/07/2007 11:40:33 1180 byte 42 days old -- msgsocm.log
18/07/2007 11:40:33 3873 byte 42 days old -- netfxocm.log
18/07/2007 11:40:33 1912 byte 42 days old -- MedCtrOC.log
18/07/2007 11:40:33 4523 byte 42 days old -- KB888111.log
18/07/2007 11:40:34 13008 byte 42 days old -- tsoc.log
18/07/2007 11:40:34 1563 byte 42 days old -- tabletoc.log
18/07/2007 11:40:34 55113 byte 42 days old -- iis6.log
18/07/2007 11:40:34 9269 byte 42 days old -- ntdtcsetup.log
18/07/2007 11:40:34 1227 byte 42 days old -- ocmsn.log
18/07/2007 11:40:34 1374 byte 42 days old -- imsins.log
18/07/2007 11:40:34 18182 byte 42 days old -- comsetup.log
18/07/2007 11:43:20 (DIR) 0 byte 42 days old -- OPTIONS
18/07/2007 12:10:31 (DIR) 0 byte 42 days old -- system
18/07/2007 12:12:25 (DIR) 0 byte 42 days old -- Fonts
18/07/2007 12:13:17 (DIR) 0 byte 42 days old -- ShellNew
18/07/2007 12:15:04 376 byte 42 days old -- ODBC.INI
18/07/2007 13:22:08 (DIR) 0 byte 42 days old -- SoftwareDistribution
18/07/2007 13:35:51 10872 byte 42 days old -- ModemLog_D-Link DMF-560TXD DirectPort PC Card (Modem).txt
18/07/2007 13:43:18 (DIR) 0 byte 42 days old -- msdownld.tmp
18/07/2007 13:44:40 (DIR) 0 byte 42 days old -- nview
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- Config
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- Provisioning
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- Connection Wizard
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- addins
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- Resources
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- msapps
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- Driver Cache
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- java
18/07/2007 16:18:46 (DIR) 0 byte 42 days old -- twain_32
18/07/2007 16:25:21 (DIR) 0 byte 42 days old -- msagent
18/07/2007 16:25:59 (DIR) 0 byte 42 days old -- PeerNet
18/07/2007 16:26:16 (DIR) 0 byte 42 days old -- Media
18/07/2007 16:26:24 (DIR) 0 byte 42 days old -- mui
18/07/2007 16:26:24 (DIR) 0 byte 42 days old -- ehome
18/07/2007 16:26:36 (DIR) 0 byte 42 days old -- AppPatch
18/07/2007 16:29:06 (DIR) 0 byte 42 days old -- Debug
18/07/2007 16:29:08 0 byte 42 days old -- setuperr.log
18/07/2007 16:31:10 1052 byte 42 days old -- regopt.log
18/07/2007 16:35:36 0 byte 42 days old -- Sti_Trace.log
18/07/2007 18:07:01 (DIR) 0 byte 42 days old -- Downloaded Program Files
18/07/2007 18:18:55 316640 byte 42 days old -- WMSysPr9.prx
18/07/2007 18:20:04 (DIR) 0 byte 42 days old -- RegisteredPackages
18/07/2007 18:20:29 237 byte 42 days old -- wmsetup10.log
18/07/2007 18:51:23 (DIR) 0 byte 42 days old -- WinSxS
18/07/2007 18:51:34 6150 byte 42 days old -- DPINST.LOG
19/07/2007 11:00:01 (DIR) 0 byte 41 days old -- inf
19/07/2007 21:46:39 (DIR) 0 byte 41 days old -- security
20/07/2007 17:26:49 49 byte 40 days old -- wiaservc.log
20/07/2007 20:44:43 792 byte 40 days old -- wiadebug.log
21/07/2007 18:18:05 (DIR) 0 byte 39 days old -- Help
22/07/2007 12:09:51 1954 byte 38 days old -- ModemLog_Standard Modem over Bluetooth link.txt
22/07/2007 14:28:44 (DIR) 0 byte 38 days old -- pss
14/08/2007 14:39:37 620428 byte 15 days old -- setupapi.log
24/08/2007 10:34:39 (DIR) 0 byte 5 days old -- Tasks
24/08/2007 13:57:03 602 byte 5 days old -- win.ini
24/08/2007 13:57:03 227 byte 5 days old -- system.ini
24/08/2007 20:48:38 116 byte 5 days old -- NeroDigital.ini
25/08/2007 11:28:05 (DIR) 0 byte 4 days old -- Installer
28/08/2007 11:33:11 167409 byte 1 days old -- setupact.log
28/08/2007 21:16:45 68569 byte 1 days old -- wmsetup.log
29/08/2007 16:36:33 13266 byte 0 days old -- ModemLog_Conexant ACF External PnP v92 Data Fax Voice Speakerphone Modem.txt
29/08/2007 19:08:23 32560 byte 0 days old -- SchedLgU.Txt
29/08/2007 19:09:04 2048 byte 0 days old -- bootstat.dat
29/08/2007 19:10:02 0 byte 0 days old -- 0.log
29/08/2007 19:10:03 408249 byte 0 days old -- WindowsUpdate.log
29/08/2007 19:10:26 (DIR) 0 byte 0 days old -- Temp
29/08/2007 19:12:35 (DIR) 0 byte 0 days old -- system32
29/08/2007 19:12:38 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\WINDOWS\Downloaded Program Files\
18/07/2007 11:17:09 65 byte 42 days old -- desktop.ini

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
18/07/2007 11:08:24 (DIR) 0 byte 42 days old -- spool
18/07/2007 11:12:25 (DIR) 0 byte 42 days old -- MsDtc
18/07/2007 11:12:46 21640 byte 42 days old -- emptyregdb.dat
18/07/2007 11:12:48 (DIR) 0 byte 42 days old -- Com
18/07/2007 11:14:36 (DIR) 0 byte 42 days old -- Macromed
18/07/2007 11:16:02 (DIR) 0 byte 42 days old -- oobe
18/07/2007 11:16:22 (DIR) 0 byte 42 days old -- DirectX
18/07/2007 11:17:02 749 byte 42 days old -- wuaucpl.cpl.manifest
18/07/2007 11:17:02 749 byte 42 days old -- sapi.cpl.manifest
18/07/2007 11:17:02 749 byte 42 days old -- ncpa.cpl.manifest
18/07/2007 11:17:02 749 byte 42 days old -- cdplayer.exe.manifest
18/07/2007 11:17:02 749 byte 42 days old -- nwc.cpl.manifest
18/07/2007 11:17:09 488 byte 42 days old -- WindowsLogon.manifest
18/07/2007 11:17:09 488 byte 42 days old -- logonui.exe.manifest
18/07/2007 11:19:02 (DIR) 0 byte 42 days old -- xircom
18/07/2007 11:19:02 (DIR) 0 byte 42 days old -- wbem
18/07/2007 11:28:19 261 byte 42 days old -- $winnt$.inf
18/07/2007 11:29:30 (DIR) 0 byte 42 days old -- Microsoft
18/07/2007 11:35:59 (DIR) 0 byte 42 days old -- ReinstallBackups
18/07/2007 11:41:15 (DIR) 0 byte 42 days old -- RTCOM
18/07/2007 11:43:21 146650 byte 42 days old -- BuzzingBee.wav
18/07/2007 11:43:21 940794 byte 42 days old -- LoopyMusic.wav
18/07/2007 12:17:46 110192 byte 42 days old -- FNTCACHE.DAT
18/07/2007 14:27:28 (DIR) 0 byte 42 days old -- ias
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- export
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- mui
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- inetsrv
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- IME
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- 1037
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- 1041
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- 1042
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- 1025
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- 1028
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- 1031
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- 1054
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- dhcp
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- wins
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- ShellExt
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- 3076
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- 2052
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- 3com_dmi
18/07/2007 16:17:03 (DIR) 0 byte 42 days old -- 1033
18/07/2007 16:18:25 (DIR) 0 byte 42 days old -- icsxml
18/07/2007 16:18:35 (DIR) 0 byte 42 days old -- ras
18/07/2007 16:25:32 (DIR) 0 byte 42 days old -- npp
18/07/2007 16:27:00 (DIR) 0 byte 42 days old -- usmt
18/07/2007 16:27:31 (DIR) 0 byte 42 days old -- Setup
18/07/2007 16:37:49 0 byte 42 days old -- h323log.txt
18/07/2007 18:19:55 16832 byte 42 days old -- amcompat.tlb
18/07/2007 18:19:55 23392 byte 42 days old -- nscompat.tlb
18/07/2007 18:20:17 (DIR) 0 byte 42 days old -- CatRoot
18/07/2007 18:21:32 0 byte 42 days old -- jupdate-1.5.0_03-b07.log
18/07/2007 18:23:21 6579 byte 42 days old -- jupdate-1.5.0_06-b05.log
18/07/2007 18:51:32 (DIR) 0 byte 42 days old -- DRVSTORE
19/07/2007 21:30:03 (DIR) 0 byte 41 days old -- dllcache
24/07/2007 21:54:20 (DIR) 0 byte 36 days old -- config
25/07/2007 15:40:57 (DIR) 0 byte 35 days old -- drivers
27/07/2007 12:12:53 2617 byte 33 days old -- CONFIG.NT
31/07/2007 21:48:26 147456 byte 29 days old -- vbzip10.dll
14/08/2007 14:39:35 (DIR) 0 byte 15 days old -- CatRoot2
15/08/2007 12:20:25 356120 byte 14 days old -- PerfStringBackup.INI
15/08/2007 12:20:25 311934 byte 14 days old -- perfh009.dat
15/08/2007 12:20:25 40196 byte 14 days old -- perfc009.dat
16/08/2007 10:42:10 2206 byte 13 days old -- wpa.dbl
17/08/2007 20:06:22 43542 byte 12 days old -- opnmklj.dll
24/08/2007 10:34:08 26176 byte 5 days old -- it561tnm.exe
25/08/2007 11:27:16 (DIR) 0 byte 4 days old -- Restore
28/08/2007 20:09:41 298080 byte 1 days old -- gebcc.dll
28/08/2007 20:09:49 6448 byte 1 days old -- ccbeg.bak1
29/08/2007 14:17:18 636376 byte 0 days old -- ccbeg.bak2
29/08/2007 14:18:14 75328 byte 0 days old -- egjlwuvg.exe
29/08/2007 19:09:18 26682 byte 0 days old -- nvapps.xml
29/08/2007 19:09:45 (DIR) 0 byte 0 days old -- Lang
29/08/2007 19:12:35 640113 byte 0 days old -- ccbeg.ini
10/07/2007 00:35:28 124472 byte 50 days old -- DivXCodecUpdateChecker.exe
10/07/2007 00:35:28 12288 byte 50 days old -- DivXWMPExtType.dll
10/07/2007 00:35:48 352401 byte 50 days old -- DivXMedia.ax
10/07/2007 00:35:49 638976 byte 50 days old -- divxdec.ax
10/07/2007 00:35:54 740442 byte 50 days old -- DivX.dll
10/07/2007 00:35:54 802816 byte 50 days old -- divx_xx11.dll
10/07/2007 00:35:54 823296 byte 50 days old -- divx_xx07.dll
10/07/2007 00:35:54 823296 byte 50 days old -- divx_xx0c.dll
10/07/2007 00:35:56 294912 byte 50 days old -- dpu10.dll
10/07/2007 00:35:56 294912 byte 50 days old -- dpu11.dll
10/07/2007 00:35:56 344064 byte 50 days old -- dpus11.dll
10/07/2007 00:35:56 57344 byte 50 days old -- dpv11.dll
10/07/2007 00:35:56 593920 byte 50 days old -- dpuGUI11.dll
10/07/2007 00:35:57 53248 byte 50 days old -- dpuGUI10.dll
10/07/2007 00:35:58 73728 byte 50 days old -- dpl100.dll
10/07/2007 00:35:58 196608 byte 50 days old -- dtu100.dll
10/07/2007 00:37:44 1044480 byte 50 days old -- libdivx.dll
10/07/2007 00:37:44 200704 byte 50 days old -- ssldivx.dll
10/07/2007 00:37:47 39672 byte 50 days old -- vxblock.dll
10/07/2007 00:37:47 116472 byte 50 days old -- pxcpyi64.exe
10/07/2007 00:37:47 502520 byte 50 days old -- pxdrv.dll
10/07/2007 00:37:47 64760 byte 50 days old -- pxcpya64.exe
10/07/2007 00:37:47 527096 byte 50 days old -- px.dll
10/07/2007 00:37:47 129784 byte 50 days old -- pxafs.dll
10/07/2007 00:37:47 64760 byte 50 days old -- pxinsa64.exe
10/07/2007 00:37:47 1329912 byte 50 days old -- pxsfs.dll
10/07/2007 00:37:47 118520 byte 50 days old -- pxinsi64.exe
10/07/2007 00:37:48 379640 byte 50 days old -- pxwave.dll
10/07/2007 00:37:48 72440 byte 50 days old -- pxhpinst.exe
10/07/2007 00:37:48 183032 byte 50 days old -- pxmas.dll
10/07/2007 00:37:50 3596288 byte 50 days old -- qt-dx331.dll
10/07/2007 00:37:53 4816 byte 50 days old -- divxsm.tlb
10/07/2007 00:37:53 524288 byte 50 days old -- DivXsm.exe

----- recent files in C:\WINDOWS\system32\drivers\
18/07/2007 16:10:42 (DIR) 0 byte 42 days old -- disdn
18/07/2007 16:18:30 (DIR) 0 byte 42 days old -- etc
10/07/2007 00:37:47 36624 byte 50 days old -- PxHelp20.sys
10/07/2007 00:37:47 2432 byte 50 days old -- cdr4_xp.sys
10/07/2007 00:37:48 2560 byte 50 days old -- cdralw2k.sys

----- recent files in C:\WINDOWS\temp\
01/08/2007 10:37:01 16384 byte 28 days old -- Perflib_Perfdata_5a8.dat
24/07/2007 19:16:48 16384 byte 36 days old -- Perflib_Perfdata_138.dat
29/07/2007 05:59:01 16384 byte 31 days old -- Perflib_Perfdata_5b4.dat
30/07/2007 09:55:11 16384 byte 30 days old -- Perflib_Perfdata_520.dat
30/07/2007 19:32:48 16384 byte 30 days old -- Perflib_Perfdata_51c.dat
13/08/2007 13:27:26 16384 byte 16 days old -- Perflib_Perfdata_640.dat
14/08/2007 09:54:43 16384 byte 15 days old -- Perflib_Perfdata_648.dat
18/08/2007 09:58:02 16384 byte 11 days old -- Perflib_Perfdata_634.dat
23/08/2007 08:04:16 16384 byte 6 days old -- Perflib_Perfdata_5e4.dat
23/08/2007 20:26:58 16384 byte 6 days old -- Perflib_Perfdata_684.dat
24/08/2007 10:34:08 26176 byte 5 days old -- svcipa.exe
27/08/2007 09:06:48 16384 byte 2 days old -- Perflib_Perfdata_69c.dat
28/08/2007 19:33:45 16384 byte 1 days old -- Perflib_Perfdata_690.dat
28/08/2007 20:04:56 16384 byte 1 days old -- Perflib_Perfdata_664.dat
29/08/2007 18:19:51 0 byte 0 days old -- srs
29/08/2007 19:09:34 16384 byte 0 days old -- Perflib_Perfdata_680.dat
29/08/2007 19:11:14 (DIR) 0 byte 0 days old -- _avast4_

----- recent files in C:\Program Files\
18/07/2007 11:10:16 (DIR) 0 byte 42 days old -- MSN
18/07/2007 11:11:43 (DIR) 0 byte 42 days old -- Windows NT
18/07/2007 11:11:59 (DIR) 0 byte 42 days old -- MSN Gaming Zone
18/07/2007 11:12:13 (DIR) 0 byte 42 days old -- Messenger
18/07/2007 11:12:36 (DIR) 0 byte 42 days old -- ComPlus Applications
18/07/2007 11:14:26 (DIR) 0 byte 42 days old -- Movie Maker
18/07/2007 11:14:59 (DIR) 0 byte 42 days old -- Outlook Express
18/07/2007 11:15:07 (DIR) 0 byte 42 days old -- NetMeeting
18/07/2007 11:16:52 (DIR) 0 byte 42 days old -- Online Services
18/07/2007 11:16:56 (DIR) 0 byte 42 days old -- WindowsUpdate
18/07/2007 11:17:08 (DIR) 0 byte 42 days old -- Internet Explorer
18/07/2007 11:19:02 (DIR) 0 byte 42 days old -- xerox
18/07/2007 11:19:02 (DIR) 0 byte 42 days old -- microsoft frontpage
18/07/2007 11:30:29 (DIR) 0 byte 42 days old -- Uninstall Information
18/07/2007 11:35:05 (DIR) 0 byte 42 days old -- MSXML 4.0
18/07/2007 11:39:24 (DIR) 0 byte 42 days old -- Realtek
18/07/2007 11:43:17 (DIR) 0 byte 42 days old -- InstallShield Installation Information
18/07/2007 12:12:47 (DIR) 0 byte 42 days old -- Microsoft Office
18/07/2007 12:14:22 (DIR) 0 byte 42 days old -- Microsoft ActiveSync
18/07/2007 13:42:59 (DIR) 0 byte 42 days old -- Windows Media Components
18/07/2007 13:42:59 (DIR) 0 byte 42 days old -- Mingjong
18/07/2007 14:37:10 (DIR) 0 byte 42 days old -- Nero
18/07/2007 18:20:04 (DIR) 0 byte 42 days old -- Windows Media Player
18/07/2007 18:21:32 (DIR) 0 byte 42 days old -- Java
18/07/2007 18:24:56 (DIR) 0 byte 42 days old -- Common Files
18/07/2007 18:42:24 (DIR) 0 byte 42 days old -- Yahoo!
18/07/2007 18:51:24 (DIR) 0 byte 42 days old -- MSN Messenger
19/07/2007 20:34:19 (DIR) 0 byte 41 days old -- Apple Software Update
19/07/2007 20:34:59 (DIR) 0 byte 41 days old -- QuickTime
19/07/2007 20:35:14 (DIR) 0 byte 41 days old -- iPod
21/07/2007 14:39:35 (DIR) 0 byte 39 days old -- Adobe
25/07/2007 15:41:25 (DIR) 0 byte 35 days old -- Mozilla Firefox
25/07/2007 15:48:11 (DIR) 0 byte 35 days old -- K-Lite Codec Pack
28/08/2007 20:09:09 (DIR) 0 byte 1 days old -- HijackThis

----- recent files in C:\Program Files\Common Files\
18/07/2007 11:14:56 (DIR) 0 byte 42 days old -- MSSoap
18/07/2007 11:15:05 (DIR) 0 byte 42 days old -- Services
18/07/2007 11:39:12 (DIR) 0 byte 42 days old -- InstallShield
18/07/2007 12:12:43 (DIR) 0 byte 42 days old -- System
18/07/2007 12:13:46 (DIR) 0 byte 42 days old -- Designer
18/07/2007 12:14:19 (DIR) 0 byte 42 days old -- Microsoft Shared
18/07/2007 14:40:55 (DIR) 0 byte 42 days old -- Ahead
18/07/2007 16:31:11 (DIR) 0 byte 42 days old -- SpeechEngines
18/07/2007 16:31:17 (DIR) 0 byte 42 days old -- ODBC
18/07/2007 18:18:54 (DIR) 0 byte 42 days old -- Java
18/07/2007 18:24:56 (DIR) 0 byte 42 days old -- Wise Installation Wizard
21/07/2007 14:39:43 (DIR) 0 byte 39 days old -- Adobe

----- recent files in C:\Documents and Settings\KN\Application Data\
02/08/2007 15:09:00 (DIR) 0 byte 27 days old -- Sun
18/07/2007 11:30:30 (DIR) 0 byte 42 days old -- Identities
18/07/2007 11:57:13 (DIR) 0 byte 42 days old -- Adobe
18/07/2007 12:02:52 (DIR) 0 byte 42 days old -- AdobeUM
18/07/2007 16:30:22 62 byte 42 days old -- desktop.ini
18/07/2007 18:07:02 (DIR) 0 byte 42 days old -- Macromedia
18/07/2007 18:42:50 (DIR) 0 byte 42 days old -- Yahoo!
19/07/2007 20:35:25 (DIR) 0 byte 41 days old -- Apple Computer
20/07/2007 08:06:49 (DIR) 0 byte 40 days old -- Microsoft
20/07/2007 08:07:44 17144 byte 40 days old -- GDIPFONTCACHEV1.DAT
20/07/2007 15:37:03 (DIR) 0 byte 40 days old -- vlc
24/07/2007 19:38:26 (DIR) 0 byte 36 days old -- Ahead
25/07/2007 15:41:37 (DIR) 0 byte 35 days old -- Mozilla
25/07/2007 15:41:42 (DIR) 0 byte 35 days old -- Talkback
29/07/2007 13:27:05 (DIR) 0 byte 31 days old -- DivX
20/08/2007 16:03:53 (DIR) 0 byte 9 days old -- Lavasoft
24/08/2007 07:46:03 (DIR) 0 byte 5 days old -- LimeWire
25/08/2007 11:27:53 (DIR) 0 byte 4 days old -- uTorrent

----- recent files in C:\DOCUME~1\KN\LOCALS~1\Temp\
01/08/2007 10:36:57 16384 byte 28 days old -- ~DFBA88.tmp
01/08/2007 10:38:13 49152 byte 28 days old -- ~DF560E.tmp
01/08/2007 19:55:08 16384 byte 28 days old -- ~DF3F39.tmp
01/08/2007 19:56:47 16384 byte 28 days old -- ~DFAA0B.tmp
01/08/2007 21:18:41 16384 byte 28 days old -- ~DFA9EA.tmp
02/08/2007 09:45:14 16384 byte 27 days old -- ~DF7F83.tmp
02/08/2007 21:11:14 16384 byte 27 days old -- ~DF61AE.tmp
03/08/2007 10:44:08 16384 byte 26 days old -- ~DF6F1F.tmp
03/08/2007 10:53:28 49152 byte 26 days old -- ~DFB948.tmp
03/08/2007 14:30:38 16384 byte 26 days old -- ~DF6EBB.tmp
03/08/2007 15:21:09 16384 byte 26 days old -- ~DF6E18.tmp
03/08/2007 17:54:18 16384 byte 26 days old -- ~DF6DAF.tmp
03/08/2007 17:57:11 49152 byte 26 days old -- ~DF925B.tmp
04/08/2007 10:26:54 16384 byte 25 days old -- ~DF67D9.tmp
04/08/2007 10:27:36 49152 byte 25 days old -- ~DFFCF8.tmp
04/08/2007 12:32:09 16384 byte 25 days old -- ~DF70CC.tmp
04/08/2007 19:30:24 16384 byte 25 days old -- ~DF6967.tmp
05/08/2007 10:54:05 16384 byte 24 days old -- ~DF6D2D.tmp
05/08/2007 11:04:04 0 byte 24 days old -- jupdate1.5.0.xml
05/08/2007 17:02:02 16384 byte 24 days old -- ~DF5EF2.tmp
05/08/2007 17:03:37 16384 byte 24 days old -- ~DFCC6E.tmp
05/08/2007 19:53:33 16384 byte 24 days old -- ~DF58CC.tmp
06/08/2007 10:37:17 16384 byte 23 days old -- ~DF6DFC.tmp
06/08/2007 10:46:40 49152 byte 23 days old -- ~DFB087.tmp
06/08/2007 19:55:04 16384 byte 23 days old -- ~DFA0FE.tmp
06/08/2007 20:08:01 16384 byte 23 days old -- ~DF2143.tmp
07/08/2007 09:25:50 16384 byte 22 days old -- ~DF9558.tmp
07/08/2007 09:31:21 49152 byte 22 days old -- ~DFB955.tmp
07/08/2007 09:31:42 16384 byte 22 days old -- ~DFF6F0.tmp
07/08/2007 19:56:42 16384 byte 22 days old -- ~DF9D6D.tmp
18/07/2007 11:39:13 (DIR) 0 byte 42 days old -- isp5.tmp
18/07/2007 12:11:42 33702 byte 42 days old -- offcln10.log
18/07/2007 12:15:11 11526686 byte 42 days old -- Office XP Professional with FrontPage Setup(0001)_Task(0001).txt
18/07/2007 12:15:15 3379 byte 42 days old -- Office XP Professional with FrontPage Setup(0001).txt
18/07/2007 13:38:44 (DIR) 0 byte 42 days old -- iss1C.tmp
18/07/2007 14:29:42 426 byte 42 days old -- IMT29.xml
18/07/2007 14:29:42 1994 byte 42 days old -- IMT28.xml
18/07/2007 14:29:42 707348 byte 42 days old -- IMT2A.xml
18/07/2007 14:35:43 (DIR) 0 byte 42 days old -- nro.log
18/07/2007 17:18:20 (DIR) 0 byte 42 days old -- CDM
18/07/2007 18:20:39 3584 byte 42 days old -- 4f4660.mst
18/07/2007 18:21:25 998 byte 42 days old -- MSIf4664.LOG
18/07/2007 18:21:38 19462 byte 42 days old -- jrelog.txt
18/07/2007 18:22:14 3584 byte 42 days old -- 50b85f.mst
18/07/2007 18:23:05 46964 byte 42 days old -- java_install.log
18/07/2007 18:42:45 (DIR) 0 byte 42 days old -- 6326332
18/07/2007 18:58:10 32768 byte 42 days old -- ~DFBAF8.tmp
19/07/2007 08:35:48 (DIR) 0 byte 41 days old -- Excel8.0
19/07/2007 08:35:48 (DIR) 0 byte 41 days old -- VBE
19/07/2007 16:06:35 0 byte 41 days old -- c61c_appcompat.txt
19/07/2007 20:35:00 3371 byte 41 days old -- qtplugin.log
19/07/2007 20:35:00 1248 byte 41 days old -- QTInstallCode.log
19/07/2007 20:35:29 1244 byte 41 days old -- GEARInstall.log
20/07/2007 09:59:17 32768 byte 40 days old -- ~DF9426.tmp
20/07/2007 11:57:10 1994 byte 40 days old -- IMT72.xml
20/07/2007 11:57:10 426 byte 40 days old -- IMT73.xml
20/07/2007 11:57:10 707348 byte 40 days old -- IMT74.xml
21/07/2007 18:18:03 1994 byte 39 days old -- IMT6.xml
21/07/2007 18:18:03 426 byte 39 days old -- IMT7.xml
21/07/2007 18:18:03 707348 byte 39 days old -- IMT8.xml
21/07/2007 18:18:28 426 byte 39 days old -- IMT18.xml
21/07/2007 18:18:28 1994 byte 39 days old -- IMT17.xml
21/07/2007 18:18:28 707348 byte 39 days old -- IMT19.xml
21/07/2007 18:18:32 426 byte 39 days old -- IMT1B.xml
21/07/2007 18:18:32 707348 byte 39 days old -- IMT1C.xml
21/07/2007 18:18:32 1994 byte 39 days old -- IMT1A.xml
21/07/2007 18:18:34 426 byte 39 days old -- IMT1E.xml
21/07/2007 18:18:34 1994 byte 39 days old -- IMT1D.xml
21/07/2007 18:18:34 707348 byte 39 days old -- IMT1F.xml
21/07/2007 18:18:36 1994 byte 39 days old -- IMT20.xml
21/07/2007 18:18:36 426 byte 39 days old -- IMT21.xml
21/07/2007 18:18:36 707348 byte 39 days old -- IMT22.xml
21/07/2007 18:18:45 707348 byte 39 days old -- IMT25.xml
21/07/2007 18:18:45 1994 byte 39 days old -- IMT23.xml
21/07/2007 18:18:45 426 byte 39 days old -- IMT24.xml
22/07/2007 15:02:27 32768 byte 38 days old -- ~DF1814.tmp
23/07/2007 18:37:21 32768 byte 37 days old -- ~DFB04C.tmp
23/07/2007 20:22:20 46021 byte 37 days old -- TFR1C.tmp
23/07/2007 20:22:21 21122 byte 37 days old -- TFR28.tmp
23/07/2007 20:22:21 67994 byte 37 days old -- TFR29.tmp
23/07/2007 20:22:21 62753 byte 37 days old -- TFR2D.tmp
23/07/2007 20:22:21 23427 byte 37 days old -- TFR35.tmp
23/07/2007 20:22:21 23262 byte 37 days old -- TFR34.tmp
23/07/2007 20:22:21 46660 byte 37 days old -- TFR1D.tmp
23/07/2007 20:22:21 59218 byte 37 days old -- TFR24.tmp
24/07/2007 19:52:27 0 byte 36 days old -- ypt1C.tmp
24/07/2007 19:52:34 8118 byte 36 days old -- doodle.bmp
24/07/2007 19:52:35 16384 byte 36 days old -- ~DF8277.tmp
24/07/2007 19:52:35 8118 byte 36 days old -- peanuts.bmp
24/07/2007 19:52:36 1571 byte 36 days old -- ymsgr2
24/07/2007 21:54:58 16384 byte 36 days old -- ~DFCCB9.tmp
25/07/2007 06:59:13 49152 byte 35 days old -- ~DFB8A0.tmp
25/07/2007 15:44:22 0 byte 35 days old -- aax35.tmp
25/07/2007 15:44:22 (DIR) 0 byte 35 days old -- mod34.tmp
25/07/2007 15:44:23 0 byte 35 days old -- aax36.tmp
25/07/2007 15:44:36 0 byte 35 days old -- aax37.tmp
25/07/2007 15:50:53 32768 byte 35 days old -- ~DF6529.tmp
25/07/2007 16:26:46 16384 byte 35 days old -- ~DF8D3C.tmp
25/07/2007 17:09:28 16384 byte 35 days old -- ~DFA8EC.tmp
25/07/2007 20:48:38 16384 byte 35 days old -- ~DF1468.tmp
26/07/2007 20:07:33 0 byte 34 days old -- aaxC.tmp
26/07/2007 20:07:34 0 byte 34 days old -- aaxD.tmp
26/07/2007 20:08:08 0 byte 34 days old -- aaxE.tmp
26/07/2007 20:08:16 0 byte 34 days old -- aaxF.tmp
26/07/2007 20:08:17 0 byte 34 days old -- aax10.tmp
26/07/2007 20:08:21 0 byte 34 days old -- aax11.tmp
26/07/2007 20:08:35 (DIR) 0 byte 34 days old -- mod12.tmp
26/07/2007 20:08:35 0 byte 34 days old -- aax13.tmp
26/07/2007 20:08:36 0 byte 34 days old -- aax14.tmp
26/07/2007 20:08:39 0 byte 34 days old -- aax15.tmp
30/07/2007 19:34:33 16384 byte 30 days old -- ~DF6A92.tmp
31/07/2007 21:48:29 16384 byte 29 days old -- ~DF3C8E.tmp
08/08/2007 06:35:36 16384 byte 21 days old -- ~DF7CC5.tmp
08/08/2007 09:43:00 16384 byte 21 days old -- ~DF8BEA.tmp
08/08/2007 15:50:06 59218 byte 21 days old -- TFR3A5.tmp
08/08/2007 15:50:06 46021 byte 21 days old -- TFR3A3.tmp
08/08/2007 15:50:06 46660 byte 21 days old -- TFR3A4.tmp
08/08/2007 15:50:07 21122 byte 21 days old -- TFR3A7.tmp
08/08/2007 15:50:07 67994 byte 21 days old -- TFR3AB.tmp
08/08/2007 15:50:07 23427 byte 21 days old -- TFR3BA.tmp
08/08/2007 15:50:07 23262 byte 21 days old -- TFR3B5.tmp
08/08/2007 15:50:07 62753 byte 21 days old -- TFR3B4.tmp
08/08/2007 19:48:52 16384 byte 21 days old -- ~DF97ED.tmp
08/08/2007 21:19:49 49152 byte 21 days old -- ~DFC466.tmp
13/08/2007 09:58:58 16384 byte 16 days old -- ~DFA689.tmp
13/08/2007 10:10:24 16384 byte 16 days old -- ~DF59D1.tmp
13/08/2007 13:27:20 16384 byte 16 days old -- ~DF8EF2.tmp
13/08/2007 13:31:50 49152 byte 16 days old -- ~DFEDEA.tmp
13/08/2007 19:39:37 16384 byte 16 days old -- ~DF9EE9.tmp
13/08/2007 19:59:27 16384 byte 16 days old -- ~DF8ED0.tmp
14/08/2007 09:54:35 16384 byte 15 days old -- ~DF997B.tmp
14/08/2007 17:26:27 49152 byte 15 days old -- ~DF8B05.tmp
15/08/2007 13:03:37 16384 byte 14 days old -- ~DFEEE5.tmp
16/08/2007 10:43:12 16384 byte 13 days old -- ~DF17BC.tmp
16/08/2007 14:11:36 32768 byte 13 days old -- ~DF3651.tmp
16/08/2007 17:48:17 16384 byte 13 days old -- ~DFCF32.tmp
16/08/2007 18:55:37 16384 byte 13 days old -- ~DF8BF7.tmp
17/08/2007 15:44:51 32768 byte 12 days old -- ~DF4D80.tmp
17/08/2007 20:02:35 51130 byte 12 days old -- f0e1_appcompat.txt
17/08/2007 20:06:31 49152 byte 12 days old -- ~DF4885.tmp
17/08/2007 20:57:56 16384 byte 12 days old -- ~DF5737.tmp
18/08/2007 10:15:51 49152 byte 11 days old -- ~DF3A97.tmp
18/08/2007 11:48:45 1571 byte 11 days old -- ymsgr3
18/08/2007 12:16:53 16384 byte 11 days old -- ~DFD958.tmp
19/08/2007 10:17:33 49152 byte 10 days old -- ~DF2679.tmp
19/08/2007 10:24:08 16384 byte 10 days old -- ~DF9349.tmp
19/08/2007 14:36:46 16384 byte 10 days old -- ~DF15DB.tmp
19/08/2007 14:54:42 (DIR) 0 byte 10 days old -- _avast4_
19/08/2007 20:28:22 27520 byte 10 days old -- 9b1d_appcompat.txt
19/08/2007 20:29:24 32768 byte 10 days old -- ~DF3EAA.tmp
19/08/2007 20:30:14 32768 byte 10 days old -- ~DFC55F.tmp
19/08/2007 20:30:22 4147 byte 10 days old -- java_install_reg.log
20/08/2007 10:20:21 49152 byte 9 days old -- ~DFD4F1.tmp
20/08/2007 10:21:05 16384 byte 9 days old -- ~DFA5EE.tmp
20/08/2007 10:27:39 16384 byte 9 days old -- ~DFF241.tmp
20/08/2007 16:35:25 (DIR) 0 byte 9 days old -- Word8.0
20/08/2007 16:46:32 (DIR) 0 byte 9 days old -- hsperfdata_KN
20/08/2007 21:36:06 16384 byte 9 days old -- ~DF63E6.tmp
21/08/2007 10:22:27 49152 byte 8 days old -- ~DFE773.tmp
21/08/2007 11:47:55 (DIR) 0 byte 8 days old -- audacity_1_2_temp
22/08/2007 08:14:39 16384 byte 7 days old -- ~DFF0B9.tmp
22/08/2007 11:38:43 16384 byte 7 days old -- ~DFFBBD.tmp
22/08/2007 11:40:04 16384 byte 7 days old -- ~DF54FE.tmp
22/08/2007 11:44:46 49152 byte 7 days old -- ~DFBD92.tmp
22/08/2007 15:14:37 65536 byte 7 days old -- ~DFAFD1.tmp
22/08/2007 19:27:21 49152 byte 7 days old -- ~DFE600.tmp
22/08/2007 19:36:04 81920 byte 7 days old -- ~DF45A1.tmp
23/08/2007 08:06:38 16384 byte 6 days old -- ~DFE911.tmp
23/08/2007 14:31:23 32768 byte 6 days old -- ~DF52F4.tmp
23/08/2007 20:27:51 49152 byte 6 days old -- ~DF79FE.tmp
23/08/2007 20:28:56 46021 byte 6 days old -- TFR2.tmp
23/08/2007 20:28:56 46660 byte 6 days old -- TFR3.tmp
23/08/2007 20:28:57 23427 byte 6 days old -- TFR1B.tmp
23/08/2007 20:28:57 23262 byte 6 days old -- TFR1A.tmp
23/08/2007 20:28:57 21122 byte 6 days old -- TFRB.tmp
23/08/2007 20:28:57 59218 byte 6 days old -- TFR4.tmp
23/08/2007 20:28:57 67994 byte 6 days old -- TFR12.tmp
23/08/2007 20:28:57 62753 byte 6 days old -- TFR16.tmp
23/08/2007 22:17:00 16384 byte 6 days old -- ~DF49FD.tmp
24/08/2007 07:42:30 32768 byte 5 days old -- ~DF1F97.tmp
24/08/2007 10:27:31 49152 byte 5 days old -- ~DF1B23.tmp
24/08/2007 10:34:38 0 byte 5 days old -- 7OYvkLgAj.hdi
24/08/2007 20:56:47 32768 byte 5 days old -- ~DF9505.tmp
25/08/2007 09:19:00 49152 byte 4 days old -- ~DF3BCB.tmp
25/08/2007 09:43:40 (DIR) 0 byte 4 days old -- msohtml1
26/08/2007 10:19:56 49152 byte 3 days old -- ~DFEB6A.tmp
26/08/2007 11:00:28 81920 byte 3 days old -- ~DF2B58.tmp
26/08/2007 14:34:29 49152 byte 3 days old -- ~DF9481.tmp
26/08/2007 14:34:31 0 byte 3 days old -- 14C76D7.dmp
26/08/2007 20:15:33 32768 byte 3 days old -- ~DF5E87.tmp
27/08/2007 10:36:14 32768 byte 2 days old -- ~DF6DED.tmp
27/08/2007 10:36:54 32768 byte 2 days old -- ~DFC47A.tmp
27/08/2007 11:19:30 (DIR) 0 byte 2 days old -- MessengerCache
27/08/2007 11:21:18 49152 byte 2 days old -- ~DF931E.tmp
27/08/2007 16:07:14 32768 byte 2 days old -- ~DFDCCC.tmp
27/08/2007 16:27:27 49152 byte 2 days old -- ~DF220E.tmp
27/08/2007 16:34:25 51130 byte 2 days old -- 6095_appcompat.txt
27/08/2007 20:02:24 16384 byte 2 days old -- ~DF4FD7.tmp
27/08/2007 20:04:09 49152 byte 2 days old -- ~DFDAEA.tmp
28/08/2007 11:21:43 49152 byte 1 days old -- ~DFF4D3.tmp
28/08/2007 19:45:55 16384 byte 1 days old -- Perflib_Perfdata_7ec.dat
28/08/2007 19:46:02 16384 byte 1 days old -- ~DF475B.tmp
28/08/2007 19:48:26 49152 byte 1 days old -- ~DFC046.tmp
28/08/2007 19:58:10 512 byte 1 days old -- ~DF3E7F.tmp
28/08/2007 19:58:10 196608 byte 1 days old -- ~DF3E73.tmp
28/08/2007 19:58:20 196608 byte 1 days old -- ~DF772A.tmp
28/08/2007 19:58:20 512 byte 1 days old -- ~DF7736.tmp
28/08/2007 19:58:23 32768 byte 1 days old -- ~DF696F.tmp
28/08/2007 19:58:41 41960 byte 1 days old -- 5142_appcompat.txt
28/08/2007 19:58:42 73996 byte 1 days old -- 175ED9.dmp
28/08/2007 20:01:10 32768 byte 1 days old -- ~DFDEF9.tmp
28/08/2007 21:16:43 12818 byte 1 days old -- control.xml
29/08/2007 12:21:02 16384 byte 0 days old -- ~DF3891.tmp
29/08/2007 14:20:10 49152 byte 0 days old -- ~DF23A7.tmp
29/08/2007 16:34:27 28143 byte 0 days old -- jusched.log
29/08/2007 18:58:19 32768 byte 0 days old -- ~DF9DC8.tmp
29/08/2007 19:06:24 16384 byte 0 days old -- ~DFF827.tmp
29/08/2007 19:06:31 49152 byte 0 days old -- ~DF2665.tmp
29/08/2007 19:10:35 32768 byte 0 days old -- ~DF4218.tmp
29/08/2007 19:11:45 16384 byte 0 days old -- ~DF1B1E.tmp
29/08/2007 19:12:38 (DIR) 0 byte 0 days old -- nsi3.tmp
09/08/2007 06:38:53 16384 byte 20 days old -- ~DF6A73.tmp
09/08/2007 06:39:50 49152 byte 20 days old -- ~DF5DC.tmp
09/08/2007 10:25:14 16384 byte 20 days old -- ~DF7708.tmp
09/08/2007 11:10:26 16384 byte 20 days old -- ~DF6DAB.tmp
09/08/2007 17:11:25 16384 byte 20 days old -- ~DF7F75.tmp
10/08/2007 09:52:58 16384 byte 19 days old -- ~DF7C19.tmp
10/08/2007 09:53:42 49152 byte 19 days old -- ~DFF579.tmp
10/08/2007 10:06:30 16384 byte 19 days old -- ~DF7D61.tmp
10/08/2007 20:41:16 16384 byte 19 days old -- ~DFA6DA.tmp
11/08/2007 08:20:27 16384 byte 18 days old -- ~DF79F7.tmp
11/08/2007 19:03:10 16384 byte 18 days old -- ~DFAAFE.tmp
11/08/2007 19:07:50 16384 byte 18 days old -- ~DFA16C.tmp
11/08/2007 22:04:25 16384 byte 18 days old -- ~DF9E3C.tmp
12/08/2007 10:43:59 16384 byte 17 days old -- ~DFB268.tmp
12/08/2007 16:34:49 16384 byte 17 days old -- ~DFB4A1.tmp
12/08/2007 19:33:11 16384 byte 17 days old -- ~DFAA85.tmp

===================== Hidden Objects =====================

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-29 19:13:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


===================== Checking Rustock rootkit =====================



==========================================
Scan completed in 3.4 minutes
End of report

AND

Logfile of HijackThis v1.99.1
Scan saved at 7:17:18 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Avast!\aswUpdSv.exe
D:\Program Files\Avast!\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Java\bin\jusched.exe
D:\Program Files\Itunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
D:\PROGRA~1\Avast!\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\egjlwuvg.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Avast!\ashMaiSv.exe
D:\Program Files\Avast!\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\KN\Desktop\sys63256.exe
C:\DOCUME~1\KN\LOCALS~1\Temp\nsi3.tmp\runme.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\abc.bat

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/ig?hl=en
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29F93B92-4205-4E4A-9CDA-07FDFF380ABF} - C:\WINDOWS\system32\gebcc.dll
O2 - BHO: (no name) - {40954C60-C169-43A2-A706-243594AEC241} - C:\WINDOWS\system32\ssttr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\system32\opnmklj.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast!\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo Messenger\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with Star Downloader - D:\PROGRA~1\STARDO~1\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebcc - C:\WINDOWS\system32\gebcc.dll
O20 - Winlogon Notify: opnmklj - C:\WINDOWS\SYSTEM32\opnmklj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Avast!\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Avast!\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\egjlwuvg.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 29 August 2007 - 02:33 PM

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#7 anirudh215

anirudh215
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 02 September 2007 - 03:23 AM

ComboFix 07-08-30.3 - "KN" 2007-09-02 13:43:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.199 [GMT 5.5:30]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\KN\Desktop\internet explorer.lnk
C:\WINDOWS\system32\attooovl.exe
C:\WINDOWS\system32\ccbeg.bak1
C:\WINDOWS\system32\ccbeg.bak2
C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\drivers\UIUSetup.exe
C:\WINDOWS\system32\egjlwuvg.exe
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\opnmklj.dll
C:\WINDOWS\system32\xmydgfrv.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-08-02 to 2007-09-02 )))))))))))))))))))))))))))))))


2007-09-02 13:43 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-29 19:06 <DIR> d-------- C:\!KillBox
2007-08-28 20:01 <DIR> d-------- C:\VundoFix Backups
2007-08-20 16:03 <DIR> d-------- C:\DOCUME~1\KN\APPLIC~1\Lavasoft
2007-08-19 14:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-14 09:56 209 --a------ C:\DOCUME~1\KN\2860.bat
2007-08-10 10:07 209 --a------ C:\DOCUME~1\KN\9590.bat
2007-08-10 09:54 209 --a------ C:\DOCUME~1\KN\1498.bat
2007-08-09 17:28 167 --a------ C:\DOCUME~1\KN\6663.bat
2007-08-09 11:12 167 --a------ C:\DOCUME~1\KN\1519.bat
2007-08-09 06:40 167 --a------ C:\DOCUME~1\KN\8702.bat
2007-08-08 21:20 167 --a------ C:\DOCUME~1\KN\1276.bat
2007-08-08 19:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-07 20:05 167 --a------ C:\DOCUME~1\KN\6725.bat
2007-08-07 09:31 167 --a------ C:\DOCUME~1\KN\2250.bat
2007-08-06 19:57 167 --a------ C:\DOCUME~1\KN\5889.bat
2007-08-06 10:46 167 --a------ C:\DOCUME~1\KN\7172.bat
2007-08-05 19:55 167 --a------ C:\DOCUME~1\KN\3214.bat
2007-08-05 17:03 167 --a------ C:\DOCUME~1\KN\3601.bat
2007-08-05 10:57 167 --a------ C:\DOCUME~1\KN\1600.bat
2007-08-04 19:32 167 --a------ C:\DOCUME~1\KN\3909.bat
2007-08-04 12:32 167 --a------ C:\DOCUME~1\KN\4523.bat
2007-08-04 10:32 167 --a------ C:\DOCUME~1\KN\1896.bat
2007-08-03 17:57 167 --a------ C:\DOCUME~1\KN\8867.bat
2007-08-03 14:32 167 --a------ C:\DOCUME~1\KN\3992.bat
2007-08-03 10:53 167 --a------ C:\DOCUME~1\KN\7984.bat
2007-08-02 21:13 167 --a------ C:\DOCUME~1\KN\5953.bat
2007-08-02 21:13 128 --a------ C:\DOCUME~1\KN\ps.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 06:56 --------- d-------- C:\DOCUME~1\KN\APPLIC~1\uTorrent
2007-08-24 07:46 --------- d-------- C:\DOCUME~1\KN\APPLIC~1\LimeWire
2007-07-31 21:48 147456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-07-29 13:27 --------- d-------- C:\DOCUME~1\KN\APPLIC~1\DivX
2007-07-25 15:48 --------- d-------- C:\Program Files\K-Lite Codec Pack
2007-07-25 15:41 --------- d-------- C:\DOCUME~1\KN\APPLIC~1\Talkback
2007-07-24 19:38 --------- d-------- C:\DOCUME~1\KN\APPLIC~1\Ahead
2007-07-20 15:37 --------- d-------- C:\DOCUME~1\KN\APPLIC~1\vlc
2007-07-19 20:35 --------- d-------- C:\Program Files\iPod
2007-07-19 20:35 --------- d-------- C:\DOCUME~1\KN\APPLIC~1\Apple Computer
2007-07-19 20:35 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-19 20:34 --------- d-------- C:\Program Files\QuickTime
2007-07-19 20:34 --------- d-------- C:\Program Files\Apple Software Update
2007-07-18 22:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-07-18 18:51 --------- d-------- C:\Program Files\MSN Messenger
2007-07-18 18:42 --------- d-------- C:\Program Files\Yahoo!
2007-07-18 18:42 --------- d-------- C:\DOCUME~1\KN\APPLIC~1\Yahoo!
2007-07-18 18:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-07-18 18:24 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-18 14:40 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-18 14:37 --------- d-------- C:\Program Files\Nero
2007-07-18 13:42 --------- d-------- C:\Program Files\Windows Media Components
2007-07-18 13:42 --------- d-------- C:\Program Files\Mingjong
2007-07-18 12:14 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-07-18 12:02 --------- d-------- C:\DOCUME~1\KN\APPLIC~1\AdobeUM
2007-07-18 11:43 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-18 11:39 --------- d-------- C:\Program Files\Realtek
2007-07-18 11:39 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-18 11:35 --------- d-------- C:\Program Files\MSXML 4.0
2007-07-18 11:19 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-10 00:37 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-10 00:37 36624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-10 00:37 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-10 00:37 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-10 00:37 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-10 00:37 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-10 00:37 129784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-07-10 00:37 118520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-07-10 00:37 116472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-07-10 00:37 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-10 00:35 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-10 00:35 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-10 00:35 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-10 00:35 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-10 00:35 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-10 00:35 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-10 00:35 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-10 00:35 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-10 00:35 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-10 00:35 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-10 00:35 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-10 00:35 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-10 00:35 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-10 00:35 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40954C60-C169-43A2-A706-243594AEC241}]
C:\WINDOWS\system32\ssttr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-23 02:06 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 14:50]
"nwiz"="nwiz.exe" [2005-06-15 14:50 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 14:50]
"NWEReboot"="" []
"SunJavaUpdateSched"="D:\Program Files\Java\bin\jusched.exe" [2005-11-10 13:03]
"iTunesHelper"="D:\Program Files\Itunes\iTunesHelper.exe" [2007-04-27 11:25]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINDOWS\system32\bthprops.cpl]
"avast!"="D:\PROGRA~1\Avast!\ashDisp.exe" [2007-04-30 21:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32]
"Yahoo! Pager"="D:\Program Files\Yahoo Messenger\Messenger\YahooMessenger.exe" [2007-07-16 15:17]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"D:\Program Files\Yahoo Messenger\Messenger\YahooMessenger.exe" -quiet

S3 acfva;acfva;C:\WINDOWS\system32\DRIVERS\acfva.sys
S3 pwalker;Process Walker Driver;\??\C:\DOCUME~1\KN\LOCALS~1\Temp\nsi3.tmp\pwalker.sys


Contents of the 'Scheduled Tasks' folder
2007-08-25 05:19:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-02 13:48:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-02 13:50:35 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-02 13:50

--- E O F ---

AND

Logfile of HijackThis v1.99.1
Scan saved at 1:53:31 PM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Avast!\aswUpdSv.exe
D:\Program Files\Avast!\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Java\bin\jusched.exe
D:\Program Files\Itunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
D:\PROGRA~1\Avast!\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\Avast!\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Avast!\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\abc.bat

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/ig?hl=en
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {40954C60-C169-43A2-A706-243594AEC241} - C:\WINDOWS\system32\ssttr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast!\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with Star Downloader - D:\PROGRA~1\STARDO~1\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Avast!\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Avast!\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 12 September 2007 - 12:09 PM

Make sure all hidden files are showing:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {40954C60-C169-43A2-A706-243594AEC241} - C:\WINDOWS\system32\ssttr.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Exit Hijackthis.

Find and delete:
C:\WINDOWS\system32\vbzip10.dll

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.


Please run this online virus scan:Activescan using Internet Explorer.
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on Local Disks to start the scan
When the scan completes,click the See Report button, then Save Report, and save it to your desktop.

Post the Activescan report in your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#9 anirudh215

anirudh215
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 24 September 2007 - 02:53 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/23/2007 at 10:07 PM

Application Version : 3.9.1008

Core Rules Database Version : 3311
Trace Rules Database Version: 1315

Scan type : Complete Scan
Total Scan Time : 00:57:58

Memory items scanned : 188
Memory threats detected : 0
Registry items scanned : 5091
Registry threats detected : 0
File items scanned : 22894
File threats detected : 103

Adware.Tracking Cookie
C:\Documents and Settings\KN\Cookies\kn@advertising[1].txt
C:\Documents and Settings\KN\Cookies\kn@www.winantiviruspro[1].txt
C:\Documents and Settings\KN\Cookies\kn@brightcove.112.2o7[1].txt
C:\Documents and Settings\KN\Cookies\kn@www.warezquality[1].txt
C:\Documents and Settings\KN\Cookies\kn@login.tracking101[2].txt
C:\Documents and Settings\KN\Cookies\kn@stats1.reliablestats[2].txt
C:\Documents and Settings\KN\Cookies\kn@media.adrevolver[1].txt
C:\Documents and Settings\KN\Cookies\kn@winantivirus[1].txt
C:\Documents and Settings\KN\Cookies\kn@track.jobsahead[2].txt
C:\Documents and Settings\KN\Cookies\kn@ads.monster[1].txt
C:\Documents and Settings\KN\Cookies\kn@toplist[1].txt
C:\Documents and Settings\KN\Cookies\kn@perf.overture[1].txt
C:\Documents and Settings\KN\Cookies\kn@clicktorrent[2].txt
C:\Documents and Settings\KN\Cookies\kn@tracking.sms[1].txt
C:\Documents and Settings\KN\Cookies\kn@yadro[1].txt
C:\Documents and Settings\KN\Cookies\kn@ads.ozonemedia.co[2].txt
C:\Documents and Settings\KN\Cookies\kn@ad.yieldmanager[2].txt
C:\Documents and Settings\KN\Cookies\kn@ad1.clickhype[1].txt
C:\Documents and Settings\KN\Cookies\kn@snapfish.112.2o7[1].txt
C:\Documents and Settings\KN\Cookies\kn@adserver.adreactor[1].txt
C:\Documents and Settings\KN\Cookies\kn@tacoda[1].txt
C:\Documents and Settings\KN\Cookies\kn@adinterax[1].txt
C:\Documents and Settings\KN\Cookies\kn@smileycentral[1].txt
C:\Documents and Settings\KN\Cookies\kn@asp.elitefts[2].txt
C:\Documents and Settings\KN\Cookies\kn@1066553193[1].txt
C:\Documents and Settings\KN\Cookies\kn@a.websponsors[2].txt
C:\Documents and Settings\KN\Cookies\kn@azjmp[2].txt
C:\Documents and Settings\KN\Cookies\kn@statse.webtrendslive[2].txt
C:\Documents and Settings\KN\Cookies\kn@optimost[1].txt
C:\Documents and Settings\KN\Cookies\kn@cgi-bin[2].txt
C:\Documents and Settings\KN\Cookies\kn@realmedia[2].txt
C:\Documents and Settings\KN\Cookies\kn@server.iad.liveperson[2].txt
C:\Documents and Settings\KN\Cookies\kn@www.clickxchange[1].txt
C:\Documents and Settings\KN\Cookies\kn@clickaider[2].txt
C:\Documents and Settings\KN\Cookies\kn@tribalfusion[2].txt
C:\Documents and Settings\KN\Cookies\kn@questionmarket[1].txt
C:\Documents and Settings\KN\Cookies\kn@chacha.112.2o7[1].txt
C:\Documents and Settings\KN\Cookies\kn@doubleclick[1].txt
C:\Documents and Settings\KN\Cookies\kn@ad.thewheelof[2].txt
C:\Documents and Settings\KN\Cookies\kn@uclick[1].txt
C:\Documents and Settings\KN\Cookies\kn@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\KN\Cookies\kn@mediaplex[2].txt
C:\Documents and Settings\KN\Cookies\kn@bizrate.co[2].txt
C:\Documents and Settings\KN\Cookies\kn@m1.webstats.motigo[2].txt
C:\Documents and Settings\KN\Cookies\kn@fastclick[2].txt
C:\Documents and Settings\KN\Cookies\kn@cgi-bin[3].txt
C:\Documents and Settings\KN\Cookies\kn@ad.firstadsolution[2].txt
C:\Documents and Settings\KN\Cookies\kn@stat.dealtime[1].txt
C:\Documents and Settings\KN\Cookies\kn@adlegend[1].txt
C:\Documents and Settings\KN\Cookies\kn@statcounter[2].txt
C:\Documents and Settings\KN\Cookies\kn@stats.drivecleaner[2].txt
C:\Documents and Settings\KN\Cookies\kn@nba.112.2o7[1].txt
C:\Documents and Settings\KN\Cookies\kn@ads.adbrite[2].txt
C:\Documents and Settings\KN\Cookies\kn@2o7[1].txt
C:\Documents and Settings\KN\Cookies\kn@atdmt[2].txt
C:\Documents and Settings\KN\Cookies\kn@tradedoubler[1].txt
C:\Documents and Settings\KN\Cookies\kn@zedo[1].txt
C:\Documents and Settings\KN\Cookies\kn@cgi-bin[1].txt
C:\Documents and Settings\KN\Cookies\kn@franklintempleton.122.2o7[1].txt
C:\Documents and Settings\KN\Cookies\kn@www.burstnet[1].txt
C:\Documents and Settings\KN\Cookies\kn@nike.112.2o7[2].txt
C:\Documents and Settings\KN\Cookies\kn@rediffcom.122.2o7[1].txt
C:\Documents and Settings\KN\Cookies\kn@bs.serving-sys[2].txt
C:\Documents and Settings\KN\Cookies\kn@clicksor[1].txt
C:\Documents and Settings\KN\Cookies\kn@dcswooebsl81mka3xdp0enj6q_1v2p[2].txt
C:\Documents and Settings\KN\Cookies\kn@burstnet[2].txt
C:\Documents and Settings\KN\Cookies\kn@revsci[1].txt
C:\Documents and Settings\KN\Cookies\kn@ads.pointroll[2].txt
C:\Documents and Settings\KN\Cookies\kn@thesportselite[2].txt
C:\Documents and Settings\KN\Cookies\kn@overture[1].txt
C:\Documents and Settings\KN\Cookies\kn@www.elitefts[1].txt
C:\Documents and Settings\KN\Cookies\kn@serving-sys[1].txt
C:\Documents and Settings\KN\Cookies\kn@trafficmp[2].txt
C:\Documents and Settings\KN\Cookies\kn@hit.stat[2].txt
C:\Documents and Settings\KN\Cookies\kn@3.adbrite[2].txt
C:\Documents and Settings\KN\Cookies\kn@drivecleaner[2].txt
C:\Documents and Settings\KN\Cookies\kn@ads.mininova[1].txt
C:\Documents and Settings\KN\Cookies\kn@ads.addynamix[1].txt
C:\Documents and Settings\KN\Cookies\kn@apmebf[1].txt
C:\Documents and Settings\KN\Cookies\kn@indiads[1].txt
C:\Documents and Settings\KN\Cookies\kn@nextag[2].txt
C:\Documents and Settings\KN\Cookies\kn@www.vibrantmedia[1].txt
C:\Documents and Settings\KN\Cookies\kn@adbrite[2].txt
C:\Documents and Settings\KN\Cookies\kn@eyewonder[1].txt
C:\Documents and Settings\KN\Cookies\kn@gostats[2].txt
C:\Documents and Settings\KN\Cookies\kn@ad.adnetinteractive[2].txt
C:\Documents and Settings\KN\Cookies\kn@winantispyware[1].txt
C:\Documents and Settings\KN\Cookies\kn@casalemedia[1].txt
C:\Documents and Settings\KN\Cookies\kn@msnportal.112.2o7[1].txt
C:\Documents and Settings\KN\Cookies\kn@elitefts[2].txt
C:\Documents and Settings\KN\Cookies\kn@shopping.112.2o7[1].txt
C:\Documents and Settings\KN\Cookies\kn@www.etracker[1].txt
C:\Documents and Settings\KN\Cookies\kn@4.adbrite[2].txt
C:\Documents and Settings\KN\Cookies\kn@americanmedia.us.intellitxt[1].txt
C:\Documents and Settings\KN\Cookies\kn@specificclick[2].txt
C:\Documents and Settings\KN\Cookies\kn@clickbank[1].txt
C:\Documents and Settings\KN\Cookies\kn@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\KN\Cookies\kn@counter.hitslink[1].txt
C:\Documents and Settings\KN\Cookies\kn@hitbox[1].txt

Trojan.Downloader-Gen/HitItQuitIt
C:\!KILLBOX\OPNMKLJ.DLL

Adware.eZula
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ATTOOOVL.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EGJLWUVG.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XMYDGFRV.EXE.VIR

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:14 PM, on 9/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
D:\Program Files\Itunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\anti virus\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\abc.bat
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/ig?hl=en
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\bin\ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\Itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\anti virus\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with Star Downloader - D:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\anti virus\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4788 bytes

Edited by anirudh215, 24 September 2007 - 02:55 AM.


#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 04 October 2007 - 03:36 PM

You've no virus protection installed.
Download\install one of the following freeware options from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Avira AntiVir Personal Edition Classic
http://www.free-av.com/

When you've finished the above,post a new Hijackthis log please.
Let me know how your pc is running now.
Posted Image
Posted Image

#11 anirudh215

anirudh215
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 05 October 2007 - 10:35 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:35 PM, on 10/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/ig?hl=en
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\bin\ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Download with Star Downloader - D:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3524 bytes


Th comp is a bit slow. Suddenly used to shutdown by itself ?! But now aftr that anti-virus that doesnt happen.

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 05 October 2007 - 01:25 PM

Your log is clean :thumbsup:
If all's ok,please do the following:

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.


Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Click on the 'Cleanup' button Posted Image
When you do this a text file named cleanup.txt will be downloaded from the internet.
If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so.
When the 'Confirm' box appears click 'Yes'.
Restart your pc when prompted.


* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading unselect 'Show hidden files and folders'.
* Re-check the 'Hide file extensions for known types' option.
* Re-check the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.


Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found in the links below,to help you prevent any possible future infections.

How to prevent Malware by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users