Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • Please log in to reply
30 replies to this topic

#1 Мєηιcє

Мєηιcє

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 19 September 2007 - 01:27 AM

I was redirected to HijackThis by the Rappelz Team because one of the .exes wont run properly, it runs then after 10 or so seconds it just quits out...

Here is my Log file, thanks :thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:30 PM, on 9/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Propel Accelerator\propelac.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: (dktbc.servegame.org) (dktbc.servegame.org)
O1 - Hosts: (dktbc.servegame.org) (dktbc.servegame.org)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6326AE82-94B8-4AAF-88C3-481A1BFCD31F} - C:\WINDOWS\system32\mllji.dll (file missing)
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Propel Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AFC37E94-71A5-4E7B-9480-BCA74A5EFE39} - C:\WINDOWS\system32\vtusspn.dll (file missing)
O2 - BHO: (no name) - {F0708091-61AC-B258-E56D-CABF102F5F1A} - C:\DOCUME~1\Owner\APPLIC~1\UPLOAD~1\partplus.exe (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [KillCopy] C:\PROGRA~1\KillSoft\KillCopy\kcresume.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ybpalund.dll",setvm
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [Ante Balm] C:\DOCUME~1\Owner\APPLIC~1\BIRDAC~1\DRIVE LOGO.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll,-115 - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra 'Tools' menuitem: ImageShack Toolbar - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\Games\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://bin.wordsx.cc/zXLqUkWT7SVFSK0oSpAJ.chm::/on-line.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://zone.msn.com/bingame/trbo/default/ActiveLauncher.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B923A44-F4F0-4E92-B50A-DBE74BCBA3C2}: NameServer = 203.109.129.67 203.109.129.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{A274B7D4-EE2C-4354-BBCE-2D9925B00909}: NameServer = 203.96.152.4,203.96.152.12
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: ,wbsys.dll
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)
O20 - Winlogon Notify: vtusspn - vtusspn.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 12641 bytes


BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 20 September 2007 - 08:57 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

*NOTE*
If you have previously downloaded ComboFix,please delete that version and download it again from below.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.


Download Deljob.exe and save it on your desktop.
Double click on Deljob.exe.
A log,(logit.txt) should open afterwards.
This log will be present on your desktop.
Post the contents of the logfile into your next reply,along with a new Hijack This log.
Posted Image
Posted Image

#3 Мєηιcє

Мєηιcє
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 20 September 2007 - 11:28 PM

Hi Richie,

Thanks for getting back to me :thumbsup: Hopefully we can solve my problem(s) fast :D

ComboFix:
ComboFix 07-09-21 - "Owner" 2007-09-21 15:49:35.1 - NTFSx86 
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.141 [GMT 12:00]
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Documents\_desktop.ini
C:\Documents and Settings\All Users\Documents\Adobe PDF\_desktop.ini
C:\Documents and Settings\All Users\Documents\Adobe PDF\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\_desktop.ini
C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Adobe PDF\Settings\_desktop.ini
C:\Documents and Settings\All Users\Documents\Adobe PDF\Settings\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Insight Software\_desktop.ini
C:\Documents and Settings\All Users\Documents\Insight Software\Desktop_.ini
C:\Documents and Settings\All Users\Documents\movies\_desktop.ini
C:\Documents and Settings\All Users\Documents\movies\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000F0D64\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000F0D64\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00130293\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00130293\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\009096C5\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\009096C5\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Pictures\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Videos\_desktop.ini
C:\Documents and Settings\All Users\Documents\My Videos\Desktop_.ini
C:\Documents and Settings\All Users\Documents\TOELER\_desktop.ini
C:\Documents and Settings\All Users\Documents\TOELER\Desktop_.ini
C:\Documents and Settings\All Users\Documents\TOELER\Frostmourne\_desktop.ini
C:\Documents and Settings\All Users\Documents\TOELER\Frostmourne\Desktop_.ini
C:\Documents and Settings\All Users\Documents\TOELER\Frostmourne\Dkraider\_desktop.ini
C:\Documents and Settings\All Users\Documents\TOELER\Frostmourne\Dkraider\Desktop_.ini
C:\Documents and Settings\All Users\Documents\TOELER\Frostmourne\Dkraider\SavedVariables\_desktop.ini
C:\Documents and Settings\All Users\Documents\TOELER\Frostmourne\Dkraider\SavedVariables\Desktop_.ini
C:\Documents and Settings\All Users\Documents\TOELER\SavedVariables\_desktop.ini
C:\Documents and Settings\All Users\Documents\TOELER\SavedVariables\Desktop_.ini
C:\Program Files\newdotnet
C:\Program Files\newdotnet\readme.html

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_WINDOWS_LOG


(((((((((((((((((((((((((   Files Created from 2007-08-21 to 2007-09-21  )))))))))))))))))))))))))))))))
.

2007-09-21 15:47	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-09-16 14:45	<DIR>	d--------	C:\Program Files\Common Files\xing shared
2007-09-16 14:44	<DIR>	d--------	C:\Program Files\Real
2007-09-16 14:44	<DIR>	d--------	C:\Program Files\Common Files\Real
2007-09-16 14:43	<DIR>	d--------	C:\DOCUME~1\Owner\APPLIC~1\Real
2007-09-15 14:39	<DIR>	d--------	C:\Program Files\GALA-NET
2007-09-12 18:42	<DIR>	d----c---	C:\AeriaGames
2007-09-10 19:38	<DIR>	d--------	C:\Program Files\AeriaGames
2007-09-10 12:23	<DIR>	d--------	C:\WINDOWS\FLV Player
2007-09-10 12:23	<DIR>	d--------	C:\Program Files\FLV Player
2007-09-10 11:45	<DIR>	d--------	C:\Program Files\GDivX Zenith Player

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-21 16:03	225356	--ahs----	C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-21 16:03	16952352	--ahs----	C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-21 16:03	1264160	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-21 16:03	116108	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-20 18:14	---------	d--------	C:\Program Files\Atari
2007-09-20 07:54	---------	d--h-----	C:\Program Files\InstallShield Installation Information
2007-09-20 07:54	---------	d---s----	C:\Program Files\Xfire
2007-09-18 15:32	---------	d--------	C:\DOCUME~1\Owner\APPLIC~1\Xfire
2007-09-16 14:41	---------	d--------	C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-09-15 14:57	---------	d--------	C:\Program Files\DynDNS Updater
2007-09-11 17:35	---------	d--------	C:\Program Files\DAEMON Tools
2007-09-10 13:09	---------	d--------	C:\Program Files\PokerStars
2007-09-10 12:05	---------	d--------	C:\Program Files\FlashGet
2007-08-30 15:35	43520	--a------	C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-13 17:37	---------	d--------	C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-08-12 13:42	---------	d--------	C:\DOCUME~1\Owner\APPLIC~1\VideoEgg
2007-08-11 14:07	---------	d--------	C:\Program Files\MessengerDiscovery
2007-08-11 14:06	---------	d--------	C:\Program Files\MSN Messenger
2007-08-10 16:37	---------	d--------	C:\DOCUME~1\Owner\APPLIC~1\Hamachi
2007-08-10 16:35	---------	d--------	C:\Program Files\Hamachi
2007-08-10 16:34	25544	--a------	C:\WINDOWS\system32\drivers\hamachi.sys
2007-08-04 11:31	---------	dr-------	C:\Program Files\World of Warcraft
2007-08-04 09:34	---------	d--------	C:\Program Files\SQLyog Enterprise Trial
2007-07-29 01:00	---------	d--------	C:\Program Files\HeidiSQL
2007-07-29 00:59	---------	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\HeidiSQL
2007-07-28 21:26	---------	d--------	C:\DOCUME~1\Owner\APPLIC~1\Kana Solution
2007-07-27 18:14	---------	d--------	C:\Program Files\PremiumSoft
2007-07-24 19:56	---------	d--------	C:\Program Files\Common Files\DirectX
2007-07-24 19:25	---------	d--------	C:\Program Files\gPotato
2007-07-24 19:24	---------	d--------	C:\Program Files\Diablo II
2007-03-24 13:58	2104101	--a------	C:\Program Files\Patch_D2.mpq
2006-12-18 20:34	508	--a------	C:\Program Files\wowemu.key
2006-12-08 23:29	5292747	--a------	C:\Program Files\WoW-1.11.1-to-1.11.2-enUS-patch.exe
2006-12-08 23:00	6262807	--a------	C:\Program Files\HackPatch1-11-2.exe
2006-12-08 22:35	3420825	--a------	C:\Program Files\wowpatch_1-1.11.0.5428_1.11.1.5462.zip
2006-12-08 22:23	556631	--a------	C:\Program Files\MegaGameObjectPack(2).rar
2006-12-08 18:16	45	--a------	C:\Program Files\realmlist.wtf
2006-10-06 15:09	1534	--a------	C:\Program Files\IMVU.lnk
2006-09-17 09:46	1987313	--a------	C:\Program Files\WoW-1.12.0.5595-to-0.12.1.5803-enUS-patch.exe
2006-08-31 17:32	0	---------	C:\DOCUME~1\Owner\WoW-1.11.2.5464-to-1.12.0.5595-enUS-patch.exe
2006-03-31 20:38	30	--a--c---	C:\Program Files\launcher_mu.ini
2006-03-12 14:03	17847	--a--c---	C:\Program Files\Splash.jpg
2006-03-08 21:33	1684	--a--c---	C:\DOCUME~1\Owner\order_opt3.bin
2006-02-22 14:01	429916397	--a--c---	C:\Program Files\FlyffUsaSetup.051103.exe
2005-10-04 20:33	903	--a------	C:\Program Files\BFV.nfo
2005-10-02 21:38	3528000	-----c---	C:\Program Files\BFV_MINI.MDF
2005-10-02 20:29	2870	--a------	C:\Program Files\BFV_MINI.MDS
2002-07-11 18:56	95738	--a--c---	C:\Program Files\myth-nwn.rar
2002-07-11 18:56	10084	--a------	C:\Program Files\myth.nfo
2005-12-02 05:07:07	785	-csha-w	C:\WINDOWS\system32\mmf(2).sys
2005-12-10 09:54:40	785	-csha-w	C:\WINDOWS\system32\mmf(3)(2).sys
2005-12-11 05:50:35	785	-csha-w	C:\WINDOWS\system32\mmf(3)(3).sys
2005-12-12 23:10:47	785	-csha-w	C:\WINDOWS\system32\mmf(3)(4).sys
2006-02-28 04:37:06	785	-csha-w	C:\WINDOWS\system32\mmf(3)(5).sys
2006-02-28 18:15:11	785	-csha-w	C:\WINDOWS\system32\mmf(3)(6).sys
2006-08-31 04:36:07	785	--sha-w	C:\WINDOWS\system32\mmf(3)(7).sys
2006-11-02 02:45:55	785	--sha-w	C:\WINDOWS\system32\mmf(3)(8).sys
2005-12-11 05:54:42	785	-csha-w	C:\WINDOWS\system32\mmf(4)(2).sys
2006-02-28 04:37:06	785	-csha-w	C:\WINDOWS\system32\mmf(4)(3).sys
2006-08-28 09:10:01	785	--sha-w	C:\WINDOWS\system32\mmf(4)(4).sys
2005-12-12 04:24:08	785	-csha-w	C:\WINDOWS\system32\mmf(5)(2).sys
2006-02-28 02:55:10	785	-csha-w	C:\WINDOWS\system32\mmf(5)(3).sys
2005-12-12 07:30:19	785	-csha-w	C:\WINDOWS\system32\mmf(6)(2).sys
2006-02-27 18:12:12	785	-csha-w	C:\WINDOWS\system32\mmf(6)(3).sys
2005-12-12 07:33:14	785	-csha-w	C:\WINDOWS\system32\mmf(7)(2).sys
2007-03-14 07:46:09	785	--sha-w	C:\WINDOWS\system32\mmf.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}]
			C:\Program Files\NewDotNet\newdotnet7_48.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6326AE82-94B8-4AAF-88C3-481A1BFCD31F}]
			C:\WINDOWS\system32\mllji.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0708091-61AC-B258-E56D-CABF102F5F1A}]
			C:\DOCUME~1\Owner\APPLIC~1\UPLOAD~1\partplus.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43]
"KillCopy"="C:\PROGRA~1\KillSoft\KillCopy\kcresume.exe" [2003-06-15 20:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 02:23]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"Propel Accelerator"="C:\Program Files\Propel Accelerator\trayctl.exe" [2004-04-14 03:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-16 14:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ante Balm"="C:\DOCUME~1\Owner\APPLIC~1\BIRDAC~1\DRIVE LOGO.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 19:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllji] 
C:\WINDOWS\system32\mllji.dll 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtusspn] 
vtusspn.dll 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-20 22:57 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BestPopUpKiller]
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
"C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
C:\Program Files\Curse\CurseClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
C:\Program Files\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DynDNS Updater]
"C:\Program Files\DynDNS Updater\DynDNS.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HistoryKill]
C:\Program Files\HistoryKill\\histkill.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1157934347\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
"C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway]
C:\Program Files\MediaGateway\MediaGateway.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\order_Shell]
C:\Documents and Settings\Owner\order_msna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
Rundll32 P17.dll,P17Helper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2kAutostart]
V330

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
C:\Program Files\Registry Mechanic\RegMech.exe /QS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seekmo]
"c:\program files\seekmo\seekmo.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\valve\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XFP: Multi-IM]
"C:\Program Files\Xfire Plus\Multi-IM\MultiIM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LicCtrlService"=2 (0x2)
"gusvc"=3 (0x3)
"aspnet_state"=3 (0x3)
"usnjsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 16:06:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-21 16:11:35 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-21 16:11
.
	--- E O F ---

Deljob:
-------------------------------------------------------- 
No LOP jobs found 
-------------------------------------------------------- 
Files remaining after cleaning 
 
-------------------------------------------------------- 
App data folders 
 
 Volume in drive C is MeNIcE
 Volume Serial Number is B03E-B114

 Directory of C:\Documents and Settings\Owner\Application Data

09/16/2007  02:43 PM	<DIR>					   .
09/16/2007  02:43 PM	<DIR>					   ..
09/11/2006  12:27 PM	<DIR>					   acccore
04/24/2007  06:03 PM	<DIR>					   Adobe
01/31/2007  07:55 PM	<DIR>					   AdobeUM
05/29/2006  04:42 PM	<DIR>					   AEVITA
09/17/2006  02:45 PM	<DIR>					   Ahead
12/14/2006  10:28 AM	<DIR>		  APPLEC~1	 Apple Computer
03/12/2007  09:43 PM	<DIR>					   Atari
08/09/2007  03:44 PM	<DIR>					   AVG7
09/16/2007  02:41 PM	<DIR>					   Azureus
03/25/2007  01:23 PM	<DIR>		  BIRDAC~1	 Bird Active Multi
09/09/2005  12:56 PM	<DIR>					   Creative
03/15/2005  04:50 PM	<DIR>		  CYBERL~1	 CyberLink
12/02/2005  05:27 PM	<DIR>		  FREEDO~1	 Free Download Manager
03/07/2006  03:35 PM	<DIR>					   Google
08/10/2007  04:37 PM	<DIR>					   Hamachi
04/04/2005  04:03 PM	<DIR>					   Help
02/18/2005  04:48 PM	<DIR>		  IDENTI~1	 Identities
10/07/2006  10:35 PM	<DIR>					   IMVU
07/28/2007  09:26 PM	<DIR>		  KANASO~1	 Kana Solution
03/23/2005  08:07 PM	<DIR>					   Lavasoft
04/28/2005  03:27 PM	<DIR>		  LEADER~1	 Leadertech
04/10/2006  09:21 PM	<DIR>		  LIONHE~1	 Lionhead Studios
05/20/2006  11:33 AM	<DIR>		  MACROM~1	 Macromedia
03/25/2007  11:26 AM	<DIR>		  MAILFR~1	 MailFrontier
02/20/2007  06:29 AM	<DIR>		  MEGAUP~1	 MegauploadToolbar
01/16/2007  01:03 AM	<DIR>		  MICROS~1	 Microsoft
08/07/2005  03:43 PM	<DIR>					   Mozilla
11/05/2006  06:44 PM	<DIR>					   MSN6
11/01/2006  05:16 PM	<DIR>					   Opera
04/18/2006  09:54 AM	<DIR>		  PLAYFI~1	 PlayFirst
06/26/2007  09:28 PM	<DIR>					   Propel
09/16/2007  02:49 PM	<DIR>					   Real
03/20/2007  06:51 PM	<DIR>		  SCREEN~1	 Screenshot Sender
11/25/2005  04:39 PM	<DIR>		  SOFTPL~1	 Softplicity
09/16/2006  02:57 AM	<DIR>					   SQLyog
02/18/2005  09:01 PM	<DIR>					   Sun
12/07/2006  03:40 PM	<DIR>					   Talkback
07/27/2006  04:12 PM	<DIR>		  TEAMSP~1	 teamspeak2
05/29/2006  07:52 PM	<DIR>					   Template
04/15/2007  08:38 PM	<DIR>		  UKCO~1.PLA   uk.co.planetside
05/22/2006  04:04 PM	<DIR>		  UPLOAD~1	 UploadBoob
09/17/2006  01:53 PM	<DIR>					   uTorrent
03/23/2005  03:45 PM	<DIR>					   Ventrilo
08/12/2007  01:42 PM	<DIR>					   VideoEgg
04/09/2007  07:32 PM	<DIR>		  VIEWPO~1	 Viewpoint
03/03/2007  08:44 PM	<DIR>					   vlc
09/18/2007  03:32 PM	<DIR>					   Xfire
12/22/2006  04:41 PM	<DIR>		  XFIREP~1	 Xfire Plus
12/28/2006  01:08 PM	<DIR>					   yahoo!
			   0 File(s)			  0 bytes
			  51 Dir(s)   6,321,598,464 bytes free
 Volume in drive C is MeNIcE
 Volume Serial Number is B03E-B114

 Directory of C:\Documents and Settings\All Users\Application Data

07/29/2007  12:59 AM	<DIR>					   .
07/29/2007  12:59 AM	<DIR>					   ..
01/31/2007  07:53 PM	<DIR>					   Adobe
08/16/2006  03:46 PM	<DIR>		  ADOBES~1	 Adobe Systems
11/11/2006  01:01 PM	<DIR>					   AOL
02/01/2007  02:47 AM	<DIR>		  AOLDOW~1	 AOL Downloads
02/01/2007  02:49 AM	<DIR>		  AOLOCP~1	 AOL OCP
12/14/2006  10:24 AM	<DIR>		  APPLEC~1	 Apple Computer
03/24/2007  05:18 PM	<DIR>					   AVG7
03/25/2007  01:23 PM	<DIR>		  BIASFI~1	 Bias Five Body Extra
12/12/2005  10:17 PM	<DIR>		  FILMID~1	 Film Idle Jump Love
03/07/2006  03:34 PM	<DIR>					   Google
01/16/2007  01:03 AM	<DIR>					   Grisoft
07/29/2007  12:59 AM	<DIR>					   HeidiSQL
02/18/2005  08:45 PM	<DIR>		  INSTAL~1	 InstallShield
09/05/2006  06:46 PM	<DIR>		  MESSEN~1	 Messenger Plus!
08/17/2006  05:20 PM	<DIR>		  MICROS~1	 Microsoft
11/05/2006  06:44 PM	<DIR>					   MSN6
06/11/2005  01:52 AM	<DIR>		  PIXELS~1	 pixelStorm
11/11/2006  01:07 PM	<DIR>		  SPYBOT~1	 Spybot - Search & Destroy
04/09/2007  07:32 PM	<DIR>		  VIEWPO~1	 Viewpoint
03/08/2006  10:10 PM	<DIR>		  WINDOW~1	 Windows Genuine Advantage
06/03/2007  12:34 AM	<DIR>		  WINDOW~2	 WindowsLiveInstaller
06/03/2007  12:33 AM	<DIR>		  WLINST~1	 WLInstaller
12/27/2006  06:08 PM	<DIR>					   yahoo!
12/27/2006  06:24 PM	<DIR>		  YAHOO!~1	 Yahoo! Companion
			   0 File(s)			  0 bytes
			  26 Dir(s)   6,321,594,368 bytes free
--------------------------------------------------------

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:03 PM, on 9/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Propel Accelerator\propelac.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6326AE82-94B8-4AAF-88C3-481A1BFCD31F} - C:\WINDOWS\system32\mllji.dll (file missing)
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Propel Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {F0708091-61AC-B258-E56D-CABF102F5F1A} - C:\DOCUME~1\Owner\APPLIC~1\UPLOAD~1\partplus.exe (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [KillCopy] C:\PROGRA~1\KillSoft\KillCopy\kcresume.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [Ante Balm] C:\DOCUME~1\Owner\APPLIC~1\BIRDAC~1\DRIVE LOGO.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll,-115 - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra 'Tools' menuitem: ImageShack Toolbar - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\Games\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://bin.wordsx.cc/zXLqUkWT7SVFSK0oSpAJ.chm::/on-line.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://zone.msn.com/bingame/trbo/default/ActiveLauncher.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B923A44-F4F0-4E92-B50A-DBE74BCBA3C2}: NameServer = 203.109.129.67 203.109.129.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{A274B7D4-EE2C-4354-BBCE-2D9925B00909}: NameServer = 203.96.152.4,203.96.152.12
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: ,wbsys.dll
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)
O20 - Winlogon Notify: vtusspn - vtusspn.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 12075 bytes

PS. Was using ComboFix supposed to slow my PC down by heaps? Since it restarted my PC everything is running really slow :S

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 21 September 2007 - 06:52 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
C:\Documents and Settings\Owner\Application Data\Bird Active Multi
C:\Documents and Settings\Owner\Application Data\UploadBoob
C:\Documents and Settings\Owner\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Bias Five Body Extra
C:\Documents and Settings\All Users\Application Data\Film Idle Jump Love
C:\Documents and Settings\All Users\Application Data\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6326AE82-94B8-4AAF-88C3-481A1BFCD31F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0708091-61AC-B258-E56D-CABF102F5F1A}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ante Balm"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllji]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtusspn]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seekmo]

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image
Posted Image

#5 Мєηιcє

Мєηιcє
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 21 September 2007 - 07:42 AM

Hi Richie.
This time difference is going to be a real pain :thumbsup: Just as I go to bed you get up and vice verser :blink:

ComboFix:
ComboFix 07-09-21 - "Owner" 2007-09-22  0:23:17.2 - NTFSx86 
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.153 [GMT 12:00]
Command switches used ::  C:\Documents and Settings\Owner\Desktop\CFScript.txt
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Bias Five Body Extra
C:\Documents and Settings\All Users\Application Data\Bias Five Body Extra\ShimCloseBat
C:\Documents and Settings\All Users\Application Data\Film Idle Jump Love
C:\Documents and Settings\All Users\Application Data\Film Idle Jump Love\ShimCloseBat
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\HostRegistry.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1027058227.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1728880835.mtj&p2=1&p3=10960110432561874868481304754684&p4=0
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1730756029.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-2058709576.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1394501337.mzv
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\499486076.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1671620587.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\960891243.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1030582638.mtj&p2=0&p3=10960110432561874868481304754684&p4=0
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1823670599.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-319799951.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-33372286.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-50469971.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\180274868.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\896350111.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1225121873.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-310408871.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-335447252.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-451071464.mtz
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-489393428.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-96500857.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\148618633.mtz
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1567583862.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\635972784.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\858683683.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx
C:\Documents and Settings\Owner\Application Data\Bird Active Multi
C:\Documents and Settings\Owner\Application Data\UploadBoob
C:\Documents and Settings\Owner\Application Data\Viewpoint
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini

.
(((((((((((((((((((((((((   Files Created from 2007-08-21 to 2007-09-21  )))))))))))))))))))))))))))))))
.

2007-09-21 21:17	<DIR>	d--------	C:\WINDOWS\LastGood
2007-09-21 15:47	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-09-16 14:45	<DIR>	d--------	C:\Program Files\Common Files\xing shared
2007-09-16 14:44	<DIR>	d--------	C:\Program Files\Real
2007-09-16 14:44	<DIR>	d--------	C:\Program Files\Common Files\Real
2007-09-16 14:43	<DIR>	d--------	C:\DOCUME~1\Owner\APPLIC~1\Real
2007-09-15 14:39	<DIR>	d--------	C:\Program Files\GALA-NET
2007-09-12 18:42	<DIR>	d----c---	C:\AeriaGames
2007-09-10 19:38	<DIR>	d--------	C:\Program Files\AeriaGames
2007-09-10 12:23	<DIR>	d--------	C:\WINDOWS\FLV Player
2007-09-10 12:23	<DIR>	d--------	C:\Program Files\FLV Player
2007-09-10 11:45	<DIR>	d--------	C:\Program Files\GDivX Zenith Player

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-21 16:03	225356	--ahs----	C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-21 16:03	16952352	--ahs----	C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-21 16:03	1264160	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-21 16:03	116108	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-20 18:14	---------	d--------	C:\Program Files\Atari
2007-09-20 07:54	---------	d--h-----	C:\Program Files\InstallShield Installation Information
2007-09-20 07:54	---------	d---s----	C:\Program Files\Xfire
2007-09-18 15:32	---------	d--------	C:\DOCUME~1\Owner\APPLIC~1\Xfire
2007-09-16 14:41	---------	d--------	C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-09-15 14:57	---------	d--------	C:\Program Files\DynDNS Updater
2007-09-11 17:35	---------	d--------	C:\Program Files\DAEMON Tools
2007-09-10 13:09	---------	d--------	C:\Program Files\PokerStars
2007-09-10 12:05	---------	d--------	C:\Program Files\FlashGet
2007-08-30 15:35	43520	--a------	C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-13 17:37	---------	d--------	C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-08-12 13:42	---------	d--------	C:\DOCUME~1\Owner\APPLIC~1\VideoEgg
2007-08-11 14:07	---------	d--------	C:\Program Files\MessengerDiscovery
2007-08-11 14:06	---------	d--------	C:\Program Files\MSN Messenger
2007-08-10 16:37	---------	d--------	C:\DOCUME~1\Owner\APPLIC~1\Hamachi
2007-08-10 16:35	---------	d--------	C:\Program Files\Hamachi
2007-08-10 16:34	25544	--a------	C:\WINDOWS\system32\drivers\hamachi.sys
2007-08-04 11:31	---------	dr-------	C:\Program Files\World of Warcraft
2007-08-04 09:34	---------	d--------	C:\Program Files\SQLyog Enterprise Trial
2007-07-30 19:19	92504	--a------	C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19	549720	--a------	C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19	53080	--a------	C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19	325976	--a------	C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19	203096	--a------	C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19	1712984	--a------	C:\WINDOWS\system32\wuaueng.dll
2007-07-29 01:00	---------	d--------	C:\Program Files\HeidiSQL
2007-07-29 00:59	---------	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\HeidiSQL
2007-07-28 21:26	---------	d--------	C:\DOCUME~1\Owner\APPLIC~1\Kana Solution
2007-07-27 18:14	---------	d--------	C:\Program Files\PremiumSoft
2007-07-24 19:56	---------	d--------	C:\Program Files\Common Files\DirectX
2007-07-24 19:25	---------	d--------	C:\Program Files\gPotato
2007-07-24 19:24	---------	d--------	C:\Program Files\Diablo II
2007-03-24 13:58	2104101	--a------	C:\Program Files\Patch_D2.mpq
2006-12-18 20:34	508	--a------	C:\Program Files\wowemu.key
2006-12-08 23:29	5292747	--a------	C:\Program Files\WoW-1.11.1-to-1.11.2-enUS-patch.exe
2006-12-08 23:00	6262807	--a------	C:\Program Files\HackPatch1-11-2.exe
2006-12-08 22:35	3420825	--a------	C:\Program Files\wowpatch_1-1.11.0.5428_1.11.1.5462.zip
2006-12-08 22:23	556631	--a------	C:\Program Files\MegaGameObjectPack(2).rar
2006-12-08 18:16	45	--a------	C:\Program Files\realmlist.wtf
2006-10-06 15:09	1534	--a------	C:\Program Files\IMVU.lnk
2006-09-17 09:46	1987313	--a------	C:\Program Files\WoW-1.12.0.5595-to-0.12.1.5803-enUS-patch.exe
2006-08-31 17:32	0	---------	C:\DOCUME~1\Owner\WoW-1.11.2.5464-to-1.12.0.5595-enUS-patch.exe
2006-03-31 20:38	30	--a--c---	C:\Program Files\launcher_mu.ini
2006-03-12 14:03	17847	--a--c---	C:\Program Files\Splash.jpg
2006-03-08 21:33	1684	--a--c---	C:\DOCUME~1\Owner\order_opt3.bin
2006-02-22 14:01	429916397	--a--c---	C:\Program Files\FlyffUsaSetup.051103.exe
2005-10-04 20:33	903	--a------	C:\Program Files\BFV.nfo
2005-10-02 21:38	3528000	-----c---	C:\Program Files\BFV_MINI.MDF
2005-10-02 20:29	2870	--a------	C:\Program Files\BFV_MINI.MDS
2002-07-11 18:56	95738	--a--c---	C:\Program Files\myth-nwn.rar
2002-07-11 18:56	10084	--a------	C:\Program Files\myth.nfo
2005-12-02 05:07:07	785	-csha-w	C:\WINDOWS\system32\mmf(2).sys
2005-12-10 09:54:40	785	-csha-w	C:\WINDOWS\system32\mmf(3)(2).sys
2005-12-11 05:50:35	785	-csha-w	C:\WINDOWS\system32\mmf(3)(3).sys
2005-12-12 23:10:47	785	-csha-w	C:\WINDOWS\system32\mmf(3)(4).sys
2006-02-28 04:37:06	785	-csha-w	C:\WINDOWS\system32\mmf(3)(5).sys
2006-02-28 18:15:11	785	-csha-w	C:\WINDOWS\system32\mmf(3)(6).sys
2006-08-31 04:36:07	785	--sha-w	C:\WINDOWS\system32\mmf(3)(7).sys
2006-11-02 02:45:55	785	--sha-w	C:\WINDOWS\system32\mmf(3)(8).sys
2005-12-11 05:54:42	785	-csha-w	C:\WINDOWS\system32\mmf(4)(2).sys
2006-02-28 04:37:06	785	-csha-w	C:\WINDOWS\system32\mmf(4)(3).sys
2006-08-28 09:10:01	785	--sha-w	C:\WINDOWS\system32\mmf(4)(4).sys
2005-12-12 04:24:08	785	-csha-w	C:\WINDOWS\system32\mmf(5)(2).sys
2006-02-28 02:55:10	785	-csha-w	C:\WINDOWS\system32\mmf(5)(3).sys
2005-12-12 07:30:19	785	-csha-w	C:\WINDOWS\system32\mmf(6)(2).sys
2006-02-27 18:12:12	785	-csha-w	C:\WINDOWS\system32\mmf(6)(3).sys
2005-12-12 07:33:14	785	-csha-w	C:\WINDOWS\system32\mmf(7)(2).sys
2007-03-14 07:46:09	785	--sha-w	C:\WINDOWS\system32\mmf.sys
.

(((((((((((((((((((((((((((((   snapshot_2007-09-21_160937.62   )))))))))))))))))))))))))))))))))))))))))
.
----a-w			75,544 2005-05-25 16:16:24  C:\WINDOWS\LastGood\system32\cdm.dll
----a-w		   465,176 2005-05-25 16:16:30  C:\WINDOWS\LastGood\system32\wuapi.dll
----a-w		   124,184 2005-05-25 16:16:30  C:\WINDOWS\LastGood\system32\wuauclt.exe
----a-w		 1,343,768 2005-05-25 16:16:30  C:\WINDOWS\LastGood\system32\wuaueng.dll
----a-w		   127,256 2005-05-25 16:16:30  C:\WINDOWS\LastGood\system32\wucltui.dll
----a-w			41,240 2005-05-25 16:16:30  C:\WINDOWS\LastGood\system32\wups.dll
----a-w			18,200 2005-05-25 16:16:30  C:\WINDOWS\LastGood\system32\wups2.dll
----a-w		   173,536 2005-05-25 16:16:30  C:\WINDOWS\LastGood\system32\wuweb.dll
-c--a-w			92,504 2007-07-30 07:19:20  C:\WINDOWS\system32\dllcache\cdm.dll
-c--a-w		   549,720 2007-07-30 07:19:36  C:\WINDOWS\system32\dllcache\wuapi.dll
-c--a-w			53,080 2007-07-30 07:19:16  C:\WINDOWS\system32\dllcache\wuauclt.exe
-c--a-w		 1,712,984 2007-07-30 07:19:42  C:\WINDOWS\system32\dllcache\wuaueng.dll
-c--a-w		   325,976 2007-07-30 07:19:32  C:\WINDOWS\system32\dllcache\wucltui.dll
-c--a-w		   203,096 2007-07-30 07:19:28  C:\WINDOWS\system32\dllcache\wuweb.dll
----a-w			33,624 2007-07-30 07:18:40  C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
----a-w			43,352 2007-07-30 07:19:12  C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
.
-c--a-w			75,544 2005-05-25 16:16:24  C:\WINDOWS\system32\dllcache\cdm.dll
-c--a-w		   465,176 2005-05-25 16:16:30  C:\WINDOWS\system32\dllcache\wuapi.dll
-c--a-w		   124,184 2005-05-25 16:16:30  C:\WINDOWS\system32\dllcache\wuauclt.exe
-c--a-w		 1,343,768 2005-05-25 16:16:30  C:\WINDOWS\system32\dllcache\wuaueng.dll
-c--a-w		   127,256 2005-05-25 16:16:30  C:\WINDOWS\system32\dllcache\wucltui.dll
-c--a-w		   173,536 2005-05-25 16:16:30  C:\WINDOWS\system32\dllcache\wuweb.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43]
"KillCopy"="C:\PROGRA~1\KillSoft\KillCopy\kcresume.exe" [2003-06-15 20:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 02:23]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"Propel Accelerator"="C:\Program Files\Propel Accelerator\trayctl.exe" [2004-04-14 03:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-16 14:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 19:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-20 22:57 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BestPopUpKiller]
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
"C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
C:\Program Files\Curse\CurseClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
C:\Program Files\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DynDNS Updater]
"C:\Program Files\DynDNS Updater\DynDNS.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HistoryKill]
C:\Program Files\HistoryKill\\histkill.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1157934347\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
"C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\order_Shell]
C:\Documents and Settings\Owner\order_msna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
Rundll32 P17.dll,P17Helper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2kAutostart]
V330

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
C:\Program Files\Registry Mechanic\RegMech.exe /QS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\valve\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XFP: Multi-IM]
"C:\Program Files\Xfire Plus\Multi-IM\MultiIM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LicCtrlService"=2 (0x2)
"gusvc"=3 (0x3)
"aspnet_state"=3 (0x3)
"usnjsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-22 00:30:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-22  0:33:45
C:\ComboFix-quarantined-files.txt ... 2007-09-22 00:33
C:\ComboFix2.txt ... 2007-09-21 16:11
.
	--- E O F ---

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:48 AM, on 9/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Propel Accelerator\propelac.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Propel Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [KillCopy] C:\PROGRA~1\KillSoft\KillCopy\kcresume.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll,-115 - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra 'Tools' menuitem: ImageShack Toolbar - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\Games\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://bin.wordsx.cc/zXLqUkWT7SVFSK0oSpAJ.chm::/on-line.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://zone.msn.com/bingame/trbo/default/ActiveLauncher.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B923A44-F4F0-4E92-B50A-DBE74BCBA3C2}: NameServer = 203.109.129.67 203.109.129.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{A274B7D4-EE2C-4354-BBCE-2D9925B00909}: NameServer = 203.96.152.4,203.96.152.12
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: ,wbsys.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 11565 bytes


#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 21 September 2007 - 08:16 AM

Can't do anything about the time difference i'm afraid :thumbsup:

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.


Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZN
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\Games\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://bin.wordsx.cc/zXLqUkWT7SVFSK0oSpAJ.chm::/o n-line.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://zone.msn.com/bingame/trbo/default/ActiveLauncher.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

Exit Hijackthis.

Delete the following if present:
C:\foo.mht

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#7 Мєηιcє

Мєηιcє
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 21 September 2007 - 09:23 PM

Wow...that was boring O_o
Took me over 3 hours to do that...oh how I hate 56k :thumbsup:

SUPERAntiSpyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/22/2007 at 01:46 PM

Application Version : 3.9.1008

Core Rules Database Version : 3311
Trace Rules Database Version: 1315

Scan type	   : Complete Scan
Total Scan Time : 01:08:45

Memory items scanned	  : 111
Memory threats detected   : 0
Registry items scanned	: 5532
Registry threats detected : 23
File items scanned		: 53832
File threats detected	 : 112

Trojan.WinFixer
	HKLM\Software\Classes\CLSID\{E969A1DB-65F1-4C3D-AAFC-2A298266DC19}
	HKCR\CLSID\{E969A1DB-65F1-4C3D-AAFC-2A298266DC19}
	HKCR\CLSID\{E969A1DB-65F1-4C3D-AAFC-2A298266DC19}\InprocServer32
	HKCR\CLSID\{E969A1DB-65F1-4C3D-AAFC-2A298266DC19}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\DDCCB.DLL

Adware.Tracking Cookie
	C:\Documents and Settings\Owner\Cookies\owner@toyteen[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@reference[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@adopt.hbmediapro[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@sexstoriespost[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@ad.zanox[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@admarketplace[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@server.cpmstar[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@try.screensavers[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@mediaonenetwork[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@mb[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@flv[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@wow-sexy[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@h.starware[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@1072580079[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@acvs.mediaonenetwork[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@track.houseoftravel.co[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@mt[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@www.tenpornmovies[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@banner.fairpoker[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@data2.perf.overture[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@cassava[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@ads.loadedinc[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@yadro[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@www.cracksearchengine[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@ads.planetactive[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@ads.chellomedia[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@7895639[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@adverts.loadedinc[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@ad.adnetinteractive[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@teenhitchhikers[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@www.xxx69[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@media.licenseacquisition[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@ads.mininova[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@banner.prestigecasino[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@clickwwwsearch[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@ads.xtra.co[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@276teen2[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@www.screensavers[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@i.screensavers[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@toplist[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@ads.realtechnetwork[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@stats.raboplus.co[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@dcsounihsig6rzd30946gqsx7_4n7i[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@1070767430[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@ads.xtramsn.co[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@888[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@hard-teens[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@ads.incgamers[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@banner.50starscasino[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@exit.adult[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@itxt.vibrantmedia[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@multi[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@www.zanox-affiliate[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@mb[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@1068987510[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@gn877[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@1071982361[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@image.masterstats[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@clicktorrent[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@www.netdebit-counter[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@en[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@ad.trident[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@hentaicounter[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@www.sexybleepgames[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@elitegamerzhome.freeservers[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@adultadworld[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@komtrack[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@warlog[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@banner.monacogoldcasino[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@top[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@new-pcp[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@screensavers[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@qnsr[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@www.getsexgames[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@sexybleepgames[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@www.sexy-photos[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@main[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@1069371787[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@cz3.clickzs[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@partners.adultadworld[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@vip2.clickzs[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@www.sexstoriespost[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@pussy163[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@_mov[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@ads.gamershell[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@3.adbrite[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@belnk[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@ad[2].txt
	C:\Documents and Settings\Owner\Cookies\owner@www.cracklib[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@1072576320[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@www.isexasian[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@mb[3].txt
	C:\Documents and Settings\Owner\Cookies\owner@try.starware[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@bleepgames[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@www.pacificpoker[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@ads.newgrounds[1].txt
	C:\Documents and Settings\Owner\Cookies\owner@adultcheck[1].txt

Adware.180solutions/Search Assistant
	C:\Program Files\MediaGateway
	HKCR\MediaGateway.LicenseInstaller
	HKCR\MediaGateway.LicenseInstaller\CLSID
	HKCR\MediaGateway.LicenseInstaller\CurVer

Trojan.NewDotNet
	HKU\.DEFAULT\Software\New.net
	HKU\S-1-5-18\Software\New.net

Trojan.32 Bit System Bus Driver
	HKLM\SYSTEM\CurrentControlSet\Services\sysbus32
	HKLM\SYSTEM\CurrentControlSet\Services\sysbus32#Type
	HKLM\SYSTEM\CurrentControlSet\Services\sysbus32#Start
	HKLM\SYSTEM\CurrentControlSet\Services\sysbus32#ErrorControl
	HKLM\SYSTEM\CurrentControlSet\Services\sysbus32#ImagePath
	HKLM\SYSTEM\CurrentControlSet\Services\sysbus32#DisplayName
	HKLM\SYSTEM\CurrentControlSet\Services\sysbus32#ExtParam
	HKLM\SYSTEM\CurrentControlSet\Services\sysbus32\Security
	HKLM\SYSTEM\CurrentControlSet\Services\sysbus32\Security#Security
	HKLM\SYSTEM\CurrentControlSet\Services\sysbus32\Enum
	HKLM\SYSTEM\CurrentControlSet\Services\sysbus32\Enum#0
	HKLM\SYSTEM\CurrentControlSet\Services\sysbus32\Enum#Count
	HKLM\SYSTEM\CurrentControlSet\Services\sysbus32\Enum#NextInstance
	HKLM\SYSTEM\CurrentControlSet\Services\sysbus32\Enum#INITSTARTFAILED

Trojan.Malware
	C:\DOWNLOADS\ERRORDOCTORSETUP.EXE

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:07 PM, on 9/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Propel Accelerator\propelac.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.nz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Propel Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [KillCopy] C:\PROGRA~1\KillSoft\KillCopy\kcresume.exe /startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll,-115 - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra 'Tools' menuitem: ImageShack Toolbar - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A274B7D4-EE2C-4354-BBCE-2D9925B00909}: NameServer = 203.96.152.4,203.96.152.12
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: ,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 10546 bytes

Umm, the problem that originally brought me here still exists. When I start Launcher.exe (For Rappelz) it works fine, but after I select start game it is supposed to start SFrame.exe and then start up the Gamehack or something, but SFrame starts up then does nothing, it just sits in my task manager doing nothing...
Although one thing I noticed...when I used to boot up my PC I would get 2 error messages on my desktop saying that I'm missing a couple of files, but they don't come up any more, but it's not the reason I came here :blink:
Any other ideas?

Edited by Мєηιcє, 21 September 2007 - 10:20 PM.


#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 22 September 2007 - 04:17 AM

Umm, the problem that originally brought me here still exists. When I start Launcher.exe (For Rappelz) it works fine, but after I select start game it is supposed to start SFrame.exe and then start up the Gamehack or something, but SFrame starts up then does nothing, it just sits in my task manager doing nothing...
Although one thing I noticed...when I used to boot up my PC I would get 2 error messages on my desktop saying that I'm missing a couple of files, but they don't come up any more, but it's not the reason I came here

Ok,maybe it wasn't the reason you came here but your pc is/was badly infected.
Lets get things cleaned up,then we'll address your gaming issue.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.


Please download Rootchk.exe and save to your desktop:
Important:- Temporarily disable any real-time monitoring programs (see note below).
Disconnect from the Internet.
Double-click on rootchk.exe to run the program.
A command prompt window will open as the scan begins and then close.
When the scan is completed, a logfile named rootlog.txt will open and be saved to the root directory usually C:\.
Copy and paste the contents of the log into your next reply.
Note:
To avoid false positives,it is important that you temporarily disable ZoneAlarm Pro firewall,or any other security program that protects your registry (Spybot's Teatimer,Ad-Aware's Adwatch, Prevx, etc) before running the rootchk scan.
Click on this link to see a list of other programs that should be disabled.


Please run this online virus scan:Activescan using Internet Explorer.
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on Local Disks to start the scan
When the scan completes,click the See Report button, then Save Report, and save it to your desktop.

Post the Activescan report in your next reply.
Also post a new Hijackthis log please.

Edited by RichieUK, 22 September 2007 - 04:26 AM.

Posted Image
Posted Image

#9 Мєηιcє

Мєηιcє
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 22 September 2007 - 04:29 PM

Yes...sadly I'm not the strictest person when it comes to malware protection...I guess it's just because my net is so slow (56k) so I don't like waiting for the updates, and then it takes too long to scan in the first place :thumbsup:
Sorry I took so long to get back...It was 2am and Active Scan had done like 5% (After I thought the download was the scan...) so I just had to go to bed :blink:

Rootchk:
********************************* ROOTCHK-(17-09-07)-LOG, by ejvindh
Sat 09/22/2007 22:21:02.48

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-22 22:21:03
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:49,3a,4f,4e,4c,29,4d,b8,0d,63,9b,27,c6,cf,46,c9,8c,30,9a,5b,ef,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,af,00,be,44,04,91,83,8a,d3,06,61,3a,51,23,31,4d,31,..
"khjeh"=hex:c9,15,e2,29,54,78,6a,09,83,a1,1c,62,6d,41,b5,a1,72,91,e7,fc,46,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:6c,d5,14,ff,92,64,8c,c4,be,ca,19,c6,08,59,24,46,ce,97,44,89,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:49,3a,4f,4e,4c,29,4d,b8,0d,63,9b,27,c6,cf,46,c9,8c,30,9a,5b,ef,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,af,00,be,44,04,91,83,8a,d3,06,61,3a,51,23,31,4d,31,..
"khjeh"=hex:c9,15,e2,29,54,78,6a,09,83,a1,1c,62,6d,41,b5,a1,72,91,e7,fc,46,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,02,00,08,33,5a,00,63,65,73,00,f8,ff,ff,ff,b0,38,5a,00,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:8c48603a
"s1"=dword:c38512c4
"s2"=dword:e1b6ba53
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:49,3a,4f,4e,4c,29,4d,b8,0d,63,9b,27,c6,cf,46,c9,8c,30,9a,5b,ef,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,af,00,be,44,04,91,83,8a,d3,06,61,3a,51,23,31,4d,31,..
"khjeh"=hex:c9,15,e2,29,54,78,6a,09,83,a1,1c,62,6d,41,b5,a1,72,91,e7,fc,46,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,02,00,38,72,23,00,00,00,00,00,e0,ff,ff,ff,20,a2,2a,00,80,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

ActiveScan:
Incident																		Status						Location																																																														

Spyware:Cookie/Doubleclick													  Not disinfected			   C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt																																																
Potentially unwanted tool:Application/NirCmd.A								  Not disinfected			   C:\Documents and Settings\Owner\Desktop\ComboFix.exe[nircmd.exe]																																																
Spyware:Spyware/New.net														 Not disinfected			   C:\Documents and Settings\Owner\My Documents\ROMS\Install-Animated-Emoticons.exe[SHNT288.exe]																																								   
Adware:Adware/WebHancer														 Not disinfected			   C:\Documents and Settings\Owner\My Documents\ROMS\Install-Animated-Emoticons.exe[wh.exe]																																										
Adware:Adware/WebHancer														 Not disinfected			   C:\Documents and Settings\Owner\My Documents\ROMS\Install-Animated-Emoticons.exe[wh.exe][whAgent.inf]																																						   
Adware:Adware/WebHancer														 Not disinfected			   C:\Documents and Settings\Owner\My Documents\ROMS\Install-Animated-Emoticons.exe[wh.exe][whAgent.exe]																																						   
Adware:Adware/WebHancer														 Not disinfected			   C:\Documents and Settings\Owner\My Documents\ROMS\Install-Animated-Emoticons.exe[wh.exe][whInstaller.exe]																																					   
Adware:Adware/WebHancer														 Not disinfected			   C:\Documents and Settings\Owner\My Documents\ROMS\Install-Animated-Emoticons.exe[wh.exe][whSurvey.exe]																																						  
Adware:Adware/WebHancer														 Not disinfected			   C:\Documents and Settings\Owner\My Documents\ROMS\Install-Animated-Emoticons.exe[wh.exe][webhdll.dll]																																						   
Adware:Adware/WebHancer														 Not disinfected			   C:\Documents and Settings\Owner\My Documents\ROMS\Install-Animated-Emoticons.exe[wh.exe][whiehlpr.dll]																																						  
Adware:Adware/WinAD															 Not disinfected			   C:\Documents and Settings\Owner\My Documents\ROMS\Install-Animated-Emoticons.exe[MGW_SH.exe]																																									
Virus:trj/banker.cct															Disinfected				   C:\Documents and Settings\Owner\order_opt3.bin																																																				  
Adware:Adware/ClockSync														 Not disinfected			   C:\Downloads\GDiVXZen1.2.exe[²ÖÇ\VVSNInst.exe]																																																				  
Adware:Adware/IST.ISTBar														Not disinfected			   C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.047																																															 
Adware:Adware/Zango															 Not disinfected			   C:\Program Files\Mozilla Firefox\plugins\npclntax.dll																																																		   
Potentially unwanted tool:Application/NirCmd.A								  Not disinfected			   C:\WINDOWS\NirCmd.exe																																																										   
Potentially unwanted tool:Application/PRScheduler							   Not disinfected			   C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup																																																				 
Adware:adware/webattaker														Not disinfected			   C:\WINDOWS\uniq

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:42 AM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Propel Accelerator\propelac.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.nz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Propel Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [KillCopy] C:\PROGRA~1\KillSoft\KillCopy\kcresume.exe /startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll,-115 - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra 'Tools' menuitem: ImageShack Toolbar - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B923A44-F4F0-4E92-B50A-DBE74BCBA3C2}: NameServer = 203.109.129.67 203.109.129.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{A274B7D4-EE2C-4354-BBCE-2D9925B00909}: NameServer = 203.96.152.4,203.96.152.12
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: ,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 10817 bytes


#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 22 September 2007 - 05:01 PM

Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\Documents and Settings\Owner\My Documents\ROMS\Install-Animated-Emoticons.exe
C:\Downloads\GDiVXZen1.2.exe
C:\Program Files\Common Files\Totem Shared
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
C:\WINDOWS\uniq


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image

Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)

Restart your pc.
Post a new Hijackthis log.
Let me know how your pc is running now please.
Posted Image
Posted Image

#11 Мєηιcє

Мєηιcє
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 22 September 2007 - 09:28 PM

Finally, a fast step ^_^

OTMoveIt:
C:\Documents and Settings\Owner\My Documents\ROMS\Install-Animated-Emoticons.exe moved successfully.
C:\Downloads\GDiVXZen1.2.exe moved successfully.
C:\Program Files\Common Files\Totem Shared\Update moved successfully.
C:\Program Files\Common Files\Totem Shared moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll NOT unregistered.
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll moved successfully.
C:\WINDOWS\uniq moved successfully.
 
Created on 09/23/2007 14:09:53

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:04 PM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Propel Accelerator\propelac.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.nz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Propel Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [KillCopy] C:\PROGRA~1\KillSoft\KillCopy\kcresume.exe /startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll,-115 - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra 'Tools' menuitem: ImageShack Toolbar - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A274B7D4-EE2C-4354-BBCE-2D9925B00909}: NameServer = 203.96.152.4,203.96.152.12
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: ,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 10459 bytes

Let me know how your pc is running now please.


What is it that you mean by this? If you mean have I noticed any differences in my PC, then no...

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 23 September 2007 - 07:30 AM

Find and delete:
Combofix.exe
Deljob.exe
logit.txt
Rootchk.exe
OTMoveIt.exe

C:\QOOBOX
C:\rootlog.txt
C:\_OTMoveIt

Clean out your temporary internet files:
Close all open windows before you start.
Go to Start>Control Panel>Internet Options>General tab.
Click the Delete Cookies button.
Next to it, click the Delete Files button.
When prompted, place a check in: 'Delete all offline content', click OK

If you have Firefox installed,you need to clean out these temporary files as well:
Go to Tools>Options.
Click Privacy.
Press the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to finish, before closing it.
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

Now clean other temporary files and your Recycle Bin:
Go to Start>Run,type: cleanmgr then press OK.
Let it scan your system for files to remove.
Make sure 'Temporary Files', 'Temporary Internet Files', and 'Recycle Bin' are the only things checked.
Press OK to remove them.

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Restart your pc.

Turn 'System Restore' back on:

Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.


Please run the F-Secure online virus/spyware scan using Internet Explorer:
http://support.f-secure.com/enu/home/ols.shtml
Follow the directions in the F-Secure page for proper Installation.
Accept the License Agreement.
Once the ActiveX installs,Click ‘Custom Scan’ and be sure the following are checked:
1.Scan whole System
2.Scan all files
3.Scan whole system for rootkits
4.Scan whole system for spyware
5.Scan inside archives
6.Use advanced heuristics
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the ‘I want to decide item by item’ button.
For each item found,Select ‘Disinfect’ and click ‘Next’.
Click the ‘Show Report’ button,then copy and paste the entire report into your next reply.
Posted Image
Posted Image

#13 Мєηιcє

Мєηιcє
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 23 September 2007 - 07:07 PM

*sigh* another virus scan...more downloading...more waiting :thumbsup:
One thing I noticed since I woke up this morning, my PC is running WAAAY slower than usual. It took me about 25 mins to get into firefox :S

Anyway, I'll go and start the scan now, and hopefully this will help :blink:

#14 Мєηιcє

Мєηιcє
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 24 September 2007 - 12:37 AM

Omg...now I know why I stopped using Internet Explorer...It's so slow!!!!

Unfortunately I couldn't do the F-Secure Online steps...I got this error:

An error has occured! Please close the scanner and your browser, then try again. (Id: 24)


I tried closing my browser and scanner multiple times but I kept getting that error.

Is there anything else I can do? (That hopefully wont involve IE or downloading too much? :thumbsup:)

Edit: Also, I NEED to speed my computer up! Ever since I started doing this stuff it's started to get slower and slower...now it takes like 20 minutes (literally) to start up firefox!

Edited by Мєηιcє, 24 September 2007 - 04:04 AM.


#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 24 September 2007 - 05:29 AM

Remove/uninstall SUPERAntiSpyware via Control Panel/Add or Remove Programs.

Download HostsXpert 3.8:
http://www.funkytoad.com/download/HostsXpert.zip
1. Extract the zip file to your desktop or a permanent folder on your hard drive.
2. Open the folder and double-click on the Hoster.exe
3. Press "Restore Microsofts Original Hosts File"
4. Press "OK" and exit the program.

Go to:
C:\WINDOWS\System32\drivers\etc\HOSTS.
1) Right-click on the HOSTS file
2) Click Properties
3) You will see a window open,at the bottom of the window to the right of Attributes,check the box that says 'Read-only'.
4) Click Apply/OK.

Please double-click OTMoveIt.exe to run it.
Click on the 'Cleanup' button Posted Image
When the 'Confirm' box appears click 'Yes'.
Restart your pc when prompted.

Run Housecall Europe online scan using Mozilla Firefox:
http://uk.trendmicro-europe.com/consumer/h...call_launch.php
Allow the scan to remove anything it detects.

Let me know how things are going now.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users