Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Vundo, Ultimate Defender And Agent.app


  • Please log in to reply
22 replies to this topic

#1 RedW

RedW

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 23 November 2007 - 05:54 AM

Hi,

Over the last week or so I have become infected with a number of problems. Having posted incorrectly (sorry!) I have now followed te instructions and this was the result:

Before starting I was already running a scan with SuperAntiSpyware. As it takes so long I let it continue and t found a number of errors which I removed.

I then ran Cleanmgr

Scan with Adaware SE found only 1 infection which I removed. reboot and run Adaware again, this time no infections.

Next, Spybot which found more infections which were duly removed

Online virus scan - I ran Housecall and it found no viruses as such but did fine some office vulnerabilities. usually use Housecall when I want to scan so went with that one but had problems trying to run both Panda and BitDefender.

McAfee AVERT Stinger found nothing at all

I have a firewall enabled within my Belkin router therefore I don't think I need a software version as well?

I have tried and tried to run windows update but it either failed with an 80070420 error (which I can't find anything useful on) or just hangs at the 'Checking for the latest updates for your computer...' screen. It is doing it now as I type this and has been for about 2 hours! Somthing to do with the infection?

I have also just run StopZilla and it is still showing Vundo, Ultimate Defender and Agent.app infections.

I am not so much getting popups but redirecting the browser and slow running are the key symptoms.

Thanks guys, here’s the HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:33, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Indago Updater\IndagoUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\STOPzilla!\SZOptions.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Peter.ALBION3\Desktop\HijackThis.exe
C:\WINDOWS\system32\HPZinw12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.105.224.11:8080
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [obapynad] rundll32.exe "C:\Program Files\zmrofsfy\bcvkzsjq.dll",Init
O4 - HKLM\..\Run: [kjwfgrgb] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\kjwfgrgb.dll"
O4 - HKLM\..\Run: [nurcvalc] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\nurcvalc.dll"
O4 - HKLM\..\Run: [ubupojyh] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\ubupojyh.dll"
O4 - HKLM\..\Run: [nmfobyly] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\nmfobyly.dll"
O4 - HKLM\..\Run: [ynalqzsv] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\ynalqzsv.dll"
O4 - HKLM\..\Run: [utenobup] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\utenobup.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mobiola Studio for Nokia.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Indago Updater.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn200...erInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195805683511
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10688 bytes

BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:35 PM

Posted 23 November 2007 - 09:21 AM

Hi Redw!

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I'm in Hijackthis school and Teachers will check my posts.
Posted Image

#3 RedW

RedW
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 23 November 2007 - 10:11 AM

Hi Baabiouz,

Thanks for looking at it! Look forward to hearing from you.

#4 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:35 PM

Posted 23 November 2007 - 10:23 AM

Hi RedW!

#1
Please, make a new folder to C: and name it HijackThis.
Then move your HijackThis.exe there.
(C:\HijackThis\Hijackthis.exe)

And rename your HijackThis.exe to Scanner.exe.
(C:\HijackThis\Scanner.exe)

#2
Please download VundoFix.exe to your desktop.
  • Double-click *VundoFix.exe* to run it.
  • Click the *Scan for Vundo* button.
  • Once it's done scanning, click the *Remove Vundo* button.
  • You will receive a prompt asking if you want to remove the files, click *YES*
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click *OK*.
  • Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the *Scan for Vundo* button." when VundoFix appears at reboot.

#3
Please download Deckard's System Scanner to your Desktop


* Close all applications and windows.
* Double-click on Dss.exe to run it, and follow the prompts.
* The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt

Please post Main.txt and Extra.txt

#4
Please, post a fresh hijackthis log (scanner.exe), Vundofix log and Deckard's System Scanner's both logs :thumbsup:
Posted Image

#5 RedW

RedW
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 23 November 2007 - 11:01 AM

Hi Baabiouz,

I ran Vundofix,exe and it didn't find any infections so no .txt file was created.

DSS.exe and HJT logs below.

MAIN.TXT

Deckard's System Scanner v20071014.68
Run by Peter on 2007-11-23 15:52:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
93: 2007-11-23 15:52:11 UTC - RP643 - Deckard's System Scanner Restore Point
92: 2007-11-22 13:00:43 UTC - RP642 - System Checkpoint
91: 2007-11-21 12:45:59 UTC - RP641 - Installed SUPERAntiSpyware Free Edition
90: 2007-11-20 13:53:07 UTC - RP640 - Removed MobileDVD Converter
89: 2007-11-20 13:50:28 UTC - RP639 - Removed Marvell Miniport Driver


-- First Restore Point --
1: 2007-11-18 18:18:34 UTC - RP551 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-23 15:54:17
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Indago Updater\IndagoUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Documents and Settings\Peter.ALBION3\Desktop\dss.exe
C:\WINDOWS\system32\HPZinw12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.105.224.11:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16975C1E-950B-F58A-B187-08ED8F89A6B0} - C:\Program Files\Fdylhesa\umelwgoq.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {27F01EEF-CDE7-479D-8803-CB41DD848D92} - C:\WINDOWS\system32\ddabb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: {345b0075-9c44-411a-bb14-36b2f15013af} - {fa31051f-2b63-41bb-a114-44c95700b543} - C:\WINDOWS\system32\qqgiuxud.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: (no name) - SITEguard - (no file)
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [obapynad] rundll32.exe "C:\Program Files\zmrofsfy\bcvkzsjq.dll",Init
O4 - HKLM\..\Run: [kjwfgrgb] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\kjwfgrgb.dll"
O4 - HKLM\..\Run: [nurcvalc] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\nurcvalc.dll"
O4 - HKLM\..\Run: [ubupojyh] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\ubupojyh.dll"
O4 - HKLM\..\Run: [nmfobyly] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\nmfobyly.dll"
O4 - HKLM\..\Run: [ynalqzsv] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\ynalqzsv.dll"
O4 - HKLM\..\Run: [utenobup] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\utenobup.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Mobiola Studio for Nokia.lnk = C:\Program Files\Mobiola Studio for Nokia\MobiolaStudio.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Indago Updater.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} () - http://www.errornuker.com/products/errn200...erInstaller.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195805683511
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_04) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


--
End of file - 12881 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 szkg - c:\windows\system32\drivers\szkg.sys <Not Verified; iS3 Inc.; Stopzilla>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 AVFilter - c:\windows\system32\drivers\avfilter.sys <Not Verified; PC Tools Research Pty Ltd; AVFilter Device Driver>
R3 AVHook - c:\windows\system32\drivers\avhook.sys <Not Verified; PC Tools Research Pty Ltd.; PC Tools AntiVirus>
R3 AVRec - c:\windows\system32\drivers\avrec.sys <Not Verified; PC Tools Research Pty Ltd; PC Tools AntiVirus>
R3 BTCAMDRV (Mobiola Web Camera driver) - c:\windows\system32\drivers\btcamdrv.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 L6DP - c:\windows\system32\drivers\l6dp.sys <Not Verified; Line 6; Line 6 Device Proxy>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 L6PODLV (PODxt Live Service) - c:\windows\system32\drivers\l6podlv.sys <Not Verified; Line 6; GuitarPort>
S3 PciCon - e:\pcicon.sys (file missing)
S3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 szserver (STOPzilla Service) - "c:\program files\common files\is3\anti-spyware\szserver.exe" <Not Verified; iS3, Inc.; STOPzilla>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_A0021458&REV_02\3&13C0B0C5&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_A0021458&REV_02\3&13C0B0C5&0&FD
Service:

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N80
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N95
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia N95
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2007-11-19 22:41:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-10-23 and 2007-11-23 -----------------------------

2007-11-23 15:30:02 0 d-------- C:\Hijackthis
2007-11-23 09:32:14 131072 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\utenobup.dll
2007-11-23 09:32:07 0 d-------- C:\Program Files\Fdylhesa
2007-11-23 06:57:47 131072 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\ynalqzsv.dll
2007-11-23 06:57:46 0 d-------- C:\Program Files\Qemooxku
2007-11-22 19:23:04 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-21 12:46:26 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-11-21 12:46:04 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-21 12:46:00 0 d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\SUPERAntiSpyware.com
2007-11-21 08:22:03 0 d-------- C:\VundoFix Backups
2007-11-20 17:39:10 0 d-------- C:\Program Files\SecCenter
2007-11-20 17:39:10 131072 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\nmfobyly.dll
2007-11-20 17:39:04 0 d-------- C:\Program Files\Upcluwag
2007-11-20 11:01:36 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-20 11:01:36 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-20 11:01:36 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-20 11:01:36 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-19 19:18:37 0 d-------- C:\Program Files\Wiascnic
2007-11-19 13:23:06 323480 --ahs---- C:\WINDOWS\system32\bbadd.ini2
2007-11-19 13:23:02 329824 -----n--- C:\WINDOWS\system32\ddabb.dll
2007-11-19 13:21:11 0 d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\Uniblue
2007-11-19 13:20:51 0 d-------- C:\Program Files\Uniblue
2007-11-19 12:54:41 0 d-------- C:\Program Files\Panda Security
2007-11-19 12:37:50 2712 --a------ C:\WINDOWS\mozver.dat
2007-11-19 11:23:11 0 d-------- C:\Program Files\E404DHelper
2007-11-19 11:21:14 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-18 22:36:51 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Desktop
2007-11-18 21:50:09 0 d-------- C:\Program Files\STOPzilla!
2007-11-18 21:50:08 0 d-------- C:\Program Files\Common Files\iS3
2007-11-18 21:50:08 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2007-11-18 18:13:37 0 d-------- C:\Program Files\Dhcouvde
2007-11-18 18:04:07 0 d-------- C:\WINDOWS\system32\qfovkrbl
2007-11-18 18:03:56 0 d-------- C:\Program Files\Common Files\?racle
2007-11-18 18:03:55 0 d-------- C:\Program Files\Sjxrgzbk
2007-11-18 18:03:45 1147424 --a------ C:\Install
2007-11-18 18:03:42 0 d-------- C:\Program Files\zmrofsfy
2007-11-17 15:10:18 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ableton
2007-11-17 15:10:17 0 d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\Ableton
2007-11-09 12:38:41 0 d-------- C:\v2d
2007-11-09 12:38:30 0 d-------- C:\Program Files\Total Video2DVD Author
2007-11-09 12:12:00 0 d-------- C:\Program Files\WinAVI Video Converter
2007-11-09 12:07:51 0 d-------- C:\Program Files\Movavi Video Converter 5
2007-11-09 12:07:51 0 d-------- C:\Program Files\Common Files\MOVAVI
2007-11-09 11:41:13 0 d-------- C:\Program Files\AllToAVI
2007-11-09 11:34:33 0 d-------- C:\Program Files\Movkit Batch Video Converter
2007-10-27 12:21:49 0 d-------- C:\Documents and Settings\Liv\Application Data\PC Tools


-- Find3M Report ---------------------------------------------------------------

2007-11-23 09:31:58 0 d-------- C:\Program Files\PC Tools AntiVirus
2007-11-21 12:45:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 17:44:50 0 d-------- C:\Program Files\Common Files
2007-11-20 13:47:06 0 d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\Vso
2007-11-20 13:47:05 33 --a------ C:\Documents and Settings\Peter.ALBION3\Application Data\pcouffin.log
2007-11-20 13:47:04 7176 --a------ C:\Documents and Settings\Peter.ALBION3\Application Data\pcouffin.cat
2007-11-20 13:47:04 81920 --a------ C:\Documents and Settings\Peter.ALBION3\Application Data\ezpinst.exe
2007-11-20 13:47:03 47360 --a------ C:\Documents and Settings\Peter.ALBION3\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-11-20 13:47:03 1144 --a------ C:\Documents and Settings\Peter.ALBION3\Application Data\pcouffin.inf
2007-11-19 15:57:40 0 d-------- C:\Program Files\Common Files\?racle
2007-11-19 11:21:05 0 d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla
2007-11-17 15:04:15 0 d-------- C:\Program Files\Java
2007-11-17 10:21:10 0 d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\LimeWire
2007-11-16 11:29:47 0 d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\AdobeUM
2007-11-12 09:24:08 0 d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\BitTorrent
2007-11-05 22:11:49 0 d-------- C:\Program Files\LimeWire
2007-11-05 19:22:04 0 d-------- C:\Program Files\BitTorrent
2007-11-01 22:28:31 0 d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\CoreFTP
2007-10-13 12:17:17 109138 --a------ C:\WINDOWS\hpoins08.dat
2007-10-08 21:21:37 0 d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\Apple Computer
2007-10-05 10:11:08 225280 -ra------ C:\WINDOWS\system32\SZBase5.dll <Not Verified; iS3, Inc.; STOPzilla>
2007-09-13 16:36:46 126976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:36:38 311296 -ra------ C:\WINDOWS\system32\IS3DBA5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:35:48 372736 -ra------ C:\WINDOWS\system32\IS3UI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:35:32 61440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:35:14 23040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:34:54 200704 -ra------ C:\WINDOWS\system32\IS3Win325.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:34:36 94208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:34:24 90112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-13 16:34:00 700416 -ra------ C:\WINDOWS\system32\IS3Base5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2007-09-05 17:10:15 8 --a------ C:\WINDOWS\system32\nvModes.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16975C1E-950B-F58A-B187-08ED8F89A6B0}]
23/11/2007 09:32 131072 --a------ C:\Program Files\Fdylhesa\umelwgoq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27F01EEF-CDE7-479D-8803-CB41DD848D92}]
19/11/2007 13:23 329824 --------- C:\WINDOWS\system32\ddabb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fa31051f-2b63-41bb-a114-44c95700b543}]
C:\WINDOWS\system32\qqgiuxud.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [17/09/2003 10:43]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [18/06/2003 01:00]
"CTHelper"="CTHELPER.EXE" [19/03/2004 08:33 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [03/12/2002 18:06]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [11/05/2000 01:00]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [01/12/2003 11:38]
"Logitech Utility"="Logi_MwX.Exe" [07/11/2003 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [01/11/2006 00:04]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [08/11/2006 13:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [15/01/2006 12:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/04/2007 08:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [28/06/2007 08:14]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [15/12/2005 10:18]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [10/01/2007 10:27]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [25/07/2006 02:33]
"nwiz"="nwiz.exe" [25/07/2006 02:33 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [25/07/2006 02:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [03/06/2005 03:52]
"obapynad"="C:\Program Files\zmrofsfy\bcvkzsjq.dll" [18/11/2007 18:03]
"kjwfgrgb"="regsvr32 /u C:\Documents and Settings\All Users.WINDOWS\Application Data\kjwfgrgb.dll" []
"nurcvalc"="regsvr32 /u C:\Documents and Settings\All Users.WINDOWS\Application Data\nurcvalc.dll" []
"ubupojyh"="regsvr32 /u C:\Documents and Settings\All Users.WINDOWS\Application Data\ubupojyh.dll" []
"nmfobyly"="regsvr32 /u C:\Documents and Settings\All Users.WINDOWS\Application Data\nmfobyly.dll" []
"ynalqzsv"="regsvr32 /u C:\Documents and Settings\All Users.WINDOWS\Application Data\ynalqzsv.dll" []
"utenobup"="regsvr32 /u C:\Documents and Settings\All Users.WINDOWS\Application Data\utenobup.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" []
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 21:22]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [10/11/2004 18:02]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [22/06/2007 22:34]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddabb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2007-11-23 15:55:26 ------------

EXTRA.TXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 511.48 MiB / 217.89 MiB
Pagefile Memory (total/avail): 1246.85 MiB / 836.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1894.42 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 189.91 GiB total, 51.7 GiB free.
D: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L200M0 - 189.92 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 189.91 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB Storage-CFC USB Device

\\.\PHYSICALDRIVE3 - Generic USB Storage-MMC USB Device

\\.\PHYSICALDRIVE4 - Generic USB Storage-MSC USB Device

\\.\PHYSICALDRIVE1 - Generic USB Storage-SMC USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: PC Tools AntiVirus 3.1.0.10 v3.1.0.10 (PC Tools Research Pty Ltd) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"="C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe:*:Enabled:Anapod Xtreamer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"E:\\setup\\HPZNET01.EXE"="E:\\setup\\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"E:\\setup\\HPONICIFS01.EXE"="E:\\setup\\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\DOCUME~1\\PETER~1.ALB\\LOCALS~1\\Temp\\winE0B.exe"="C:\\DOCUME~1\\PETER~1.ALB\\LOCALS~1\\Temp\\winE0B.exe:*:Enabled:winE0B"
"C:\\Program Files\\xloader10181.exe"="C:\\Program Files\\xloader10181.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Peter.ALBION3\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Peter.ALBION3\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\TEMP\\win568.exe"="C:\\WINDOWS\\TEMP\\win568.exe:*:Enabled:win568"
"C:\\WINDOWS\\TEMP\\winACB.exe"="C:\\WINDOWS\\TEMP\\winACB.exe:*:Enabled:winACB"
"C:\\WINDOWS\\TEMP\\win784.exe"="C:\\WINDOWS\\TEMP\\win784.exe:*:Enabled:win784"
"C:\\WINDOWS\\TEMP\\win79.exe"="C:\\WINDOWS\\TEMP\\win79.exe:*:Enabled:win79"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Peter.ALBION3\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALBION3
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Peter.ALBION3
LOGONSERVER=\\ALBION3
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PETER~1.ALB\LOCALS~1\Temp
TMP=C:\DOCUME~1\PETER~1.ALB\LOCALS~1\Temp
USERDOMAIN=ALBION3
USERNAME=Peter
USERPROFILE=C:\Documents and Settings\Peter.ALBION3
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Peter.ALBION3 (admin)
Ben.ALBION3
Liv


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /W /U /S
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266F8C74-5DC6-4405-B79B-4EB82B2FC684}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266F8C74-5DC6-4405-B79B-4EB82B2FC684}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4Front Piano Module 1.0 VSTi --> "C:\Program Files\Steinberg\VSTPlugins\unins001.exe"
4Front Rhode 1.0 VSTi --> "C:\Program Files\Steinberg\Vstplugins\unins000.exe"
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat 6.0 Standard --> MsiExec.exe /I{AC76BA86-1033-0000-BA7E-000000000001}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AnalogX Vocal Remover --> C:\Program Files\AnalogX\VocalRemover\vremu.exe
Anapod Explorer (remove only) --> "C:\Program Files\Red Chair Software\Anapod Explorer\uninst.exe"
AOpen Multimedia Utilities --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\AOpen\Multimedia Utilities\AOMUinst.isu"
Apple Mobile Device Support --> MsiExec.exe /I{8FC46258-0843-4D79-B7F0-F2B82FE6173B}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ASIO4ALL v2 --> C:\Program Files\ASIO4ALL v2\uninstall.exe
BitTorrent 5.0.9 --> "C:\Program Files\BitTorrent\uninstall.exe"
Core FTP LE 1.3c --> C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove
db audioware mastering plugins 1.05c --> "C:\Program Files\db-audioware\uninstall.exe"
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Family Tree Maker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88200B70-8473-11D6-A964-00B0D0119A5C}\SETUP.EXE" -l0x9
Family Tree Maker 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}\Setup.exe" -l0x9
Flash Slideshow Generator 2.1.4 --> "C:\Program Files\Flash Slideshow Generator\unins000.exe"
Free Hide Folder --> C:\PROGRA~1\FREEHI~1\UNWISE.EXE C:\PROGRA~1\FREEHI~1\INSTALL.LOG
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
GuitarPort 2.51 (Remove Only) --> C:\Program Files\Line6\GuitarPort\Uninstall.exe
Guru --> "C:\Program Files\FXpansion\Guru\Guru Uninstall.exe"
HijackThis 2.0.2 --> "C:\DOCUME~1\PETER~1.ALB\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Document Viewer 6.1 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 6.1 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HTML Slideshow Powertoy for Windows XP --> MsiExec.exe /I{4E475FD4-4513-4B1D-8DDA-43912B068C99}
Indago --> MsiExec.exe /X{3F6114A3-2AAA-464B-98C1-9ABBBF5FCFAB}
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iPod Updater 2004-11-15 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
iTunes --> MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
K-Lite Codec Pack 2.88 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Line 6 Drivers 3.2.9.2 (Remove Only) --> C:\Program Files\Line6\Tools\Driver Archive\All Drivers\3.2.9.2\Uninstall.exe
Line 6 Edit (remove only) --> "C:\Program Files\Line6\Line 6 Edit\Uninstall.exe"
Line 6 Monkey 1.13 (Remove Only) --> C:\Program Files\Line6\Tools\Line 6 Monkey\Uninstall.exe
Line 6 Monkey 1.15 (Remove Only) --> C:\Program Files\Line6\Tools\Line 6 Monkey\Uninstall.exe
Line 6 Monkey 1.16 (Remove Only) --> C:\Program Files\Line6\Tools\Line 6 Monkey\Uninstall.exe
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Mobiola Web Camera USB for S60 3rd Edition --> "C:\Program Files\Mobiola Web Camera USB\unins000.exe"
Movavi Video Converter 5 --> MsiExec.exe /I{B0416C97-B9DC-475A-9F7A-25814E2E00EA}
Movkit Batch Video Converter 2.5 --> "C:\Program Files\Movkit Batch Video Converter\unins000.exe"
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 CD Converter Professional 5.01 --> "C:\Program Files\MP3 CD Converter Professional\unins000.exe"
MSXML 6.0 Parser (KB925673) --> MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Multimedia Xplorer 2 --> C:\Program Files\Multimedia Xplorer 2\Uninstall.exe C:\PROGRA~1\MULTIM~1\Install.log
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NET Traffic Meter 1.5 --> C:\WINDOWS\iun6002.exe "C:\Program Files\NET Traffic Meter\irunin.ini"
netMailshar --> C:\Program Files\netMailshar\uninstall.exe
Network Magic --> MsiExec.exe /X{9E4415D0-8343-4D63-8C0C-B2A89871BBF0}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0FF1922C-B6C4-40BB-AF30-BEF75A482444}
Nokia Map Loader --> MsiExec.exe /I{03528A01-7E5E-4C5F-94DF-1D8012E969EF}
Nokia PC Suite --> MsiExec.exe /I{D89AC4DF-7A00-4D0B-BA99-D582C7974A09}
Nokia Software Updater --> MsiExec.exe /I{8AA85995-6F41-43AE-B998-DD2B70E72A83}
NVIDIA Display Driver --> C:\WINDOWS\system32\nvudisp.exe Uninstall C:\WINDOWS\system32\nvdisp.nvu,NVIDIA Display Driver
Opera 9.0 --> MsiExec.exe /X{2E48A9E4-C531-4B71-ADF1-F80403413914}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Panda NanoScan --> C:\Program Files\Panda Security\NanoScan\nanounst.exe
Panda spyXposer --> C:\WINDOWS\system32\ASUninst.exe Panda spyXposer
PC Connectivity Solution --> MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}
PC Tools AntiVirus 3.1 --> "C:\Program Files\PC Tools AntiVirus\unins000.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PODxt Drivers 2.6.8.0 (Remove Only) --> C:\Program Files\Line6\PODxt Drivers\Uninstaller.exe
PowerDirector Express --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RiffWorks 1.00 (Remove Only) --> C:\Program Files\Line6\RiffWorks\Uninstall.exe
Secure Application Manager --> C:\Program Files\Neoteris\Secure Application Manager\UninstallSAM.exe /reboot
SmartMovie Converter (for Symbian phones) --> "C:\Program Files\Lonely Cat Games\SmartMovie Converter (for Symbian phones)\IIUninst.exe" C:\Program Files\Lonely Cat Games\SmartMovie Converter (for Symbian phones)\install.log
Softease Products --> MsiExec.exe /I{9054CAFF-1A10-4047-ABC7-2094FFEA7675}
Songbird 0.1 (Win32) --> "C:\Program Files\Songbird\songbird-uninstall.exe"
SopCast 1.1.0 --> C:\Program Files\SopCast\uninst.exe
Sound Blaster Audigy 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CECB9B3D-E681-4458-85F8-8D182941AF1D}\SETUP.EXE" -l0x9
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steinberg Cubase SX v2.2.0.33 --> C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
STOPzilla --> MsiExec.exe /X{8324D12A-5C1C-4C06-ADF1-EB5D9998D93E}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Total Video2DVD Author 2.10 --> "C:\Program Files\Total Video2DVD Author\unins000.exe"
Ulead VideoStudio 8.0 SE DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\setup.exe" -l0x9
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Variax Workbench (remove only) --> "C:\Program Files\Line6\Variax Workbench\Uninstall.exe"
VIA Register Tool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Your Company Name\VIA Register Tool\Uninst.isu"
Vodei Multimedia Processor 1.09 --> C:\Program Files\Vodei\uninst.exe
WinAVI Video Converter --> "C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Driver Package - Pure Networks Address Resolution Protocol (ARP) Driver (11/09/2006 4.0.6313.0) --> rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\pnarp_E771F699F1B7E91C9F59B9A4D59E98AF750A4191\pnarp.inf
Windows Driver Package - Pure Networks NDIS Relay Protocol Driver (11/09/2006 4.0.6313.0) --> rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\purendis_49D8AAE01CF9D5112DBEB165AC94B7F537289DBC\purendis.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1232 / Error
Event Submitted/Written: 11/23/2007 07:18:16 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16473, faulting module imagehlp.dll, version 5.1.2600.2180, fault address 0x000041f4.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type1231 / Error
Event Submitted/Written: 11/23/2007 07:17:26 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16473, faulting module msxml3.dll, version 8.70.1113.0, fault address 0x00005e5d.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type1207 / Error
Event Submitted/Written: 11/21/2007 08:35:13 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application launchapplication.exe, version 6.82.70.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Processing media-specific event for [launchapplication.exe!ws!]

Event Record #/Type1194 / Error
Event Submitted/Written: 11/20/2007 05:44:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16473, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type1193 / Error
Event Submitted/Written: 11/20/2007 05:41:35 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16473, faulting module msxml3.dll, version 8.70.1113.0, fault address 0x00005e5d.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type126088 / Error
Event Submitted/Written: 11/23/2007 09:34:03 AM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Event Record #/Type126057 / Error
Event Submitted/Written: 11/23/2007 09:30:25 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PC Tools AntiVirus Engine service failed to start due to the following error:
%%1053

Event Record #/Type126056 / Error
Event Submitted/Written: 11/23/2007 09:30:25 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the PC Tools AntiVirus Engine service to connect.

Event Record #/Type126033 / Error
Event Submitted/Written: 11/23/2007 08:46:27 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The STOPzilla Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type126032 / Warning
Event Submitted/Written: 11/23/2007 08:44:41 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2007-11-23 15:55:26 ------------


HIJACKTHIS.LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:56, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Indago Updater\IndagoUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Hijackthis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.105.224.11:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16975C1E-950B-F58A-B187-08ED8F89A6B0} - C:\Program Files\Fdylhesa\umelwgoq.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {27F01EEF-CDE7-479D-8803-CB41DD848D92} - C:\WINDOWS\system32\ddabb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: {345b0075-9c44-411a-bb14-36b2f15013af} - {fa31051f-2b63-41bb-a114-44c95700b543} - C:\WINDOWS\system32\qqgiuxud.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [obapynad] rundll32.exe "C:\Program Files\zmrofsfy\bcvkzsjq.dll",Init
O4 - HKLM\..\Run: [kjwfgrgb] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\kjwfgrgb.dll"
O4 - HKLM\..\Run: [nurcvalc] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\nurcvalc.dll"
O4 - HKLM\..\Run: [ubupojyh] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\ubupojyh.dll"
O4 - HKLM\..\Run: [nmfobyly] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\nmfobyly.dll"
O4 - HKLM\..\Run: [ynalqzsv] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\ynalqzsv.dll"
O4 - HKLM\..\Run: [utenobup] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\utenobup.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mobiola Studio for Nokia.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Indago Updater.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn200...erInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195805683511
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11895 bytes

#6 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:35 PM

Posted 25 November 2007 - 10:28 AM

Hi!

#1
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download SDFix by AndyManchesta and save it to your desktop.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Double click SDFix.exe and it will extract the files to %systemdrive%
  • (this is the drive that contains the Windows Directory, typically C:\SDFix).
  • DO NOT use it just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Copy and paste the contents of the results file Report.txt in your next replyalong with a new HijackThis log.
-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe


#2

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

#3
Please, post a fresh hijackthis log, Combofix log and Sdfix log :thumbsup:
Posted Image

#7 RedW

RedW
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 25 November 2007 - 03:38 PM

Hi Baabiouz,

Thanks for looking at this again.

I followed the instructions and here's the logs.

SDFix report.txt


SDFix: Version 1.115

Run by Peter on 25/11/2007 at 16:25

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Program Files\Setup.exe - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 16:40:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{334717E1-466C-1D64-BA74-E33BA7964998}]
"iacllpjjfcmkejgaaf"=hex:69,61,65,6f,68,66,70,6b,68,66,6a,61,63,6e,66,64,6f,69,00,02
"hamkbalononjekah"=hex:69,61,65,6f,68,66,70,6b,68,66,6a,61,63,6e,66,64,6f,69,00,02

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"="C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe:*:Enabled:Anapod Xtreamer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"E:\\setup\\HPZNET01.EXE"="E:\\setup\\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"E:\\setup\\HPONICIFS01.EXE"="E:\\setup\\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\DOCUME~1\\PETER~1.ALB\\LOCALS~1\\Temp\\winE0B.exe"="C:\\DOCUME~1\\PETER~1.ALB\\LOCALS~1\\Temp\\winE0B.exe:*:Enabled:winE0B"
"C:\\Program Files\\xloader10181.exe"="C:\\Program Files\\xloader10181.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Peter.ALBION3\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Peter.ALBION3\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\TEMP\\win568.exe"="C:\\WINDOWS\\TEMP\\win568.exe:*:Enabled:win568"
"C:\\WINDOWS\\TEMP\\winACB.exe"="C:\\WINDOWS\\TEMP\\winACB.exe:*:Enabled:winACB"
"C:\\WINDOWS\\TEMP\\win784.exe"="C:\\WINDOWS\\TEMP\\win784.exe:*:Enabled:win784"
"C:\\WINDOWS\\TEMP\\win79.exe"="C:\\WINDOWS\\TEMP\\win79.exe:*:Enabled:win79"
"C:\\Program Files\\Pure Networks\\Network Magic\\nmsrvc.exe"="C:\\Program Files\\Pure Networks\\Network Magic\\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 16 Sep 2006 4,908,872 ...H. --- "C:\Program Files\Picasa2\setup.exe"
Sun 5 Feb 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Sat 27 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv02.tmp"
Wed 13 Jul 2005 75,776 A..H. --- "C:\Documents and Settings\Peter.ALBION3\My Documents\Livstuff\~WRL3026.tmp"
Wed 13 Jul 2005 67,072 A..H. --- "C:\Documents and Settings\Peter.ALBION3\My Documents\Livstuff\~WRL3877.tmp"
Sat 28 Jan 2006 25,600 A..H. --- "C:\Documents and Settings\Peter.ALBION3\My Documents\Lyrics & Tab\~WRL3274.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0747ea8b76488160c55920e7f1b87f0c\BIT26.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\14de9ff37c6b4e4eea2b0481a107ae59\BIT24.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1950380ad27a186ad7b25c1e483494eb\BIT29.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\458b0ddf827cd2ca02539e5a3b1a3d3c\BIT2A.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4b6ccd5ccf72ffca11e7f7e0165f2082\BIT23.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\50d0c9ff929a7477233edd0771ffdb01\BIT2D.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d1b63b440a48ee590dfaf6f8030dbff\BIT1F.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\67c8fc01100a7555e3d40c5e21ad4a52\BIT28.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\75434e67d2b0d0e703a75d51e5600274\BIT27.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\81111724fbd497750ab9cb5b89dcd658\BIT30.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\85d72ebd3332986fe72a8378dc1d1a21\BIT22.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\881d7070640a4412a784782616794afa\BIT2C.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\983fb71c2a2537689df53c2ece5f94d3\BIT1D.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\aa0fc43be131db3326789ca1c86ad994\BIT25.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab9217b6e5750f9481b4ee261d21b730\BIT2F.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ac396c0c2d53942a12157d0ad3c4135a\BIT2E.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\be9cf81654629f0178f1fbd377160e05\BIT1E.tmp"
Sun 25 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\feba56dcf41a925dcdd58101f4bd971d\BIT20.tmp"
Tue 4 Jul 2006 327,680 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\p7xokcmc.TMP"
Sat 28 Jan 2006 25,088 ...H. --- "C:\Documents and Settings\Peter.ALBION3\Application Data\Microsoft\Word\~WRL0004.tmp"
Sun 11 Mar 2007 2,759,680 ...H. --- "C:\Documents and Settings\Peter.ALBION3\Application Data\Microsoft\Word\~WRL0908.tmp"
Mon 12 Mar 2007 5,916,160 ...H. --- "C:\Documents and Settings\Peter.ALBION3\Application Data\Microsoft\Word\~WRL3482.tmp"
Sat 28 Jan 2006 27,648 ...H. --- "C:\Documents and Settings\Peter.ALBION3\Application Data\Microsoft\Word\~WRL3822.tmp"
Sun 11 Mar 2007 2,759,680 ...H. --- "C:\Documents and Settings\Peter.ALBION3\Application Data\Microsoft\Word\~WRL3950.tmp"
Sat 28 Jan 2006 30,720 A..H. --- "C:\Documents and Settings\Peter.ALBION3\My Documents\Duquesa\Snagging\~WRL2540.tmp"
Wed 22 Nov 2006 8,949,760 ...H. --- "C:\Documents and Settings\Peter.ALBION3\My Documents\Duquesa\Snagging 2006\~WRL2090.tmp"
Mon 30 Oct 2006 8,940,544 ...H. --- "C:\Documents and Settings\Peter.ALBION3\My Documents\Duquesa\Snagging 2006\~WRL3184.tmp"
Sun 25 Nov 2007 10,678 A..H. --- "C:\Documents and Settings\Peter.ALBION3\Application Data\Microsoft\Office\Shortcut Bar\Off7.tmp"

Finished!

Combo Log.txt

ComboFix 07-11-19.3 - Peter 2007-11-25 17:32:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.165 [GMT 0:00]
Running from: C:\Documents and Settings\Peter.ALBION3\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\Peter.ALBION3\Favorites\Online Security Guide.lnk
C:\Program Files\autorun.inf
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\racle~1\?racle\
C:\Program Files\SecCenter
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\bbadd.ini2
C:\WINDOWS\system32\ddabb.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
.

2007-11-25 16:38 1,024 --a------ C:\WINDOWS\system32\drivers\0B6D8217-93D4-40B0-8040-B774735D95A6.cxv
2007-11-25 16:23 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-23 15:51 <DIR> d-------- C:\Deckard
2007-11-23 15:30 <DIR> d-------- C:\Hijackthis
2007-11-23 09:32 <DIR> d-------- C:\Program Files\Fdylhesa
2007-11-23 09:32 131,072 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\utenobup.dll
2007-11-23 06:57 <DIR> d-------- C:\Program Files\Qemooxku
2007-11-23 06:57 131,072 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\ynalqzsv.dll
2007-11-23 06:57 1,024 --a------ C:\WINDOWS\system32\drivers\98FD6EBF-E55E-4136-BAF3-C69A3C8F4E58.cxv
2007-11-22 19:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-21 12:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-21 12:46 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\SUPERAntiSpyware.com
2007-11-21 12:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-11-21 08:33 1,024 --a------ C:\WINDOWS\system32\drivers\65465852-1184-45C2-BF89-95EE9944D8C3.cxv
2007-11-21 08:22 <DIR> d-------- C:\VundoFix Backups
2007-11-20 17:39 <DIR> d-------- C:\Program Files\Upcluwag
2007-11-20 17:39 131,072 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\nmfobyly.dll
2007-11-20 17:39 1,024 --a------ C:\WINDOWS\system32\drivers\EFEB205A-339D-4281-8C7A-1A447AD42527.cxv
2007-11-20 13:30 1,024 --a------ C:\WINDOWS\system32\drivers\A73AC742-982C-438A-AECF-FC4305C78D86.cxv
2007-11-20 11:01 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-20 11:01 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-19 21:43 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-19 19:18 <DIR> d-------- C:\Program Files\Wiascnic
2007-11-19 19:18 2,048 --a------ C:\WINDOWS\system32\drivers\BBB03FF6-BC17-49AC-B5E4-0426951DD354.cxv
2007-11-19 13:21 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\Uniblue
2007-11-19 13:20 <DIR> d-------- C:\Program Files\Uniblue
2007-11-19 13:00 2,048 --a------ C:\WINDOWS\system32\drivers\D030C1CE-6ABF-4CB2-B184-AC7496C857C4.cxv
2007-11-19 12:54 <DIR> d-------- C:\Program Files\Panda Security
2007-11-19 11:23 <DIR> d-------- C:\Program Files\E404DHelper
2007-11-19 11:22 36,352 --a------ C:\WINDOWS\system32\khfebcy.dll.vir
2007-11-19 11:21 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-19 09:12 6,144 --a------ C:\WINDOWS\system32\drivers\D693BC65-2DF4-4217-BE99-49DC13A35752.cxv
2007-11-18 22:01 5,120 --a------ C:\WINDOWS\system32\drivers\A965B26A-1D7A-45E6-A5B2-88D33BA6229D.cxv
2007-11-18 21:52 4,096 --a------ C:\WINDOWS\system32\drivers\59A07608-DFA7-49B0-8F8F-2EE49D0720D3.cxv
2007-11-18 21:50 <DIR> d-------- C:\Program Files\STOPzilla!
2007-11-18 21:50 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-11-18 21:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2007-11-18 18:13 <DIR> d-------- C:\Program Files\Dhcouvde
2007-11-18 18:03 <DIR> d-------- C:\Program Files\zmrofsfy
2007-11-18 18:03 <DIR> d-------- C:\Program Files\Sjxrgzbk
2007-11-17 15:10 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\Ableton
2007-11-17 15:10 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ableton
2007-11-09 12:38 <DIR> d-------- C:\v2d
2007-11-09 12:38 <DIR> d-------- C:\Program Files\Total Video2DVD Author
2007-11-09 12:12 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2007-11-09 12:07 <DIR> d-------- C:\Program Files\Movavi Video Converter 5
2007-11-09 12:07 <DIR> d-------- C:\Program Files\Common Files\MOVAVI
2007-11-09 11:41 <DIR> d-------- C:\Program Files\AllToAVI
2007-11-09 11:34 <DIR> d-------- C:\Program Files\Movkit Batch Video Converter
2007-10-27 12:21 <DIR> d-------- C:\Documents and Settings\Liv\Application Data\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 20:29 --------- d-----w C:\Program Files\PC Tools AntiVirus
2007-11-21 12:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 13:47 81,920 ----a-w C:\Documents and Settings\Peter.ALBION3\Application Data\ezpinst.exe
2007-11-20 13:47 47,360 ----a-w C:\Documents and Settings\Peter.ALBION3\Application Data\pcouffin.sys
2007-11-20 13:47 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\Vso
2007-11-17 15:04 --------- d-----w C:\Program Files\Java
2007-11-17 10:21 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\LimeWire
2007-11-16 11:29 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\AdobeUM
2007-11-12 09:24 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\BitTorrent
2007-11-05 22:11 --------- d-----w C:\Program Files\LimeWire
2007-11-05 19:22 --------- d-----w C:\Program Files\BitTorrent
2007-11-01 22:28 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\CoreFTP
2007-10-31 12:37 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-10-08 21:21 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\Apple Computer
2005-12-15 11:03 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2002-06-28 22:00 75,659 ----a-r C:\Program Files\DATA1.HDR
2002-06-28 22:00 700 ----a-r C:\Program Files\LAYOUT.BIN
2002-06-28 22:00 54,318 ----a-r C:\Program Files\SETUP16.BMP
2002-06-28 22:00 54,318 ----a-r C:\Program Files\SETUP.BMP
2002-06-28 22:00 49,152 ----a-r C:\Program Files\AUTORUN.EXE
2002-06-28 22:00 344,923 ----a-r C:\Program Files\IKERNEL.EX_
2002-06-28 22:00 31,584,057 ----a-r C:\Program Files\DATA2.CAB
2002-06-28 22:00 294 ----a-r C:\Program Files\README32.CNT
2002-06-28 22:00 25,765,376 ----a-r C:\Program Files\TS.EXE
2002-06-28 22:00 24,655 ----a-r C:\Program Files\README32.HLP
2002-06-28 22:00 160,718 ----a-r C:\Program Files\SETUP.INX
2002-06-28 22:00 139 ----a-r C:\Program Files\SETUP.INI
2002-06-28 22:00 11,119 ----a-r C:\Program Files\LICENSE.TXT
2002-06-28 22:00 11,119 ----a-r C:\Program Files\LICENSE.DOC
2002-06-28 22:00 1,274,338 ----a-r C:\Program Files\DATA1.CAB
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16975C1E-950B-F58A-B187-08ED8F89A6B0}]
2007-11-23 09:32 131072 --a------ C:\Program Files\Fdylhesa\umelwgoq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fa31051f-2b63-41bb-a114-44c95700b543}]
C:\WINDOWS\system32\qqgiuxud.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" []
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 21:22]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-10 18:02]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 22:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 01:00]
"CTHelper"="CTHELPER.EXE" [2004-03-19 08:33 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 00:04]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-15 12:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2007-01-10 10:27]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 12:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-07-25 02:33 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 12:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15]

C:\Documents and Settings\Ben\Start Menu\Programs\Startup\
Internet Explorer.lnk - C:\Program Files\Internet Explorer\IEXPLORE.EXE [2005-12-09 14:41:29]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 12:00:54]
Indago Updater.lnk - C:\WINDOWS\Installer\{3F6114A3-2AAA-464B-98C1-9ABBBF5FCFAB}\Icon3F6114A34.exe [2006-05-13 09:22:05]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-12-09 16:49:43]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 04:05:56]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddabb.dll

R3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys
R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys
S3 PciCon;PciCon;\??\E:\PciCon.sys
S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-19 22:41:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 20:28:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-25 20:30:37 - machine was rebooted
.
--- E O F ---

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:40, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Indago Updater\IndagoUpdater.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Hijackthis\Scanner.exe
C:\WINDOWS\system32\HPZinw12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.105.224.11:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16975C1E-950B-F58A-B187-08ED8F89A6B0} - C:\Program Files\Fdylhesa\umelwgoq.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: {345b0075-9c44-411a-bb14-36b2f15013af} - {fa31051f-2b63-41bb-a114-44c95700b543} - C:\WINDOWS\system32\qqgiuxud.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mobiola Studio for Nokia.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Indago Updater.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn200...erInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195805683511
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10953 bytes

#8 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:35 PM

Posted 27 November 2007 - 06:43 AM

Hi!

#1
Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

O2 - BHO: (no name) - {16975C1E-950B-F58A-B187-08ED8F89A6B0} - C:\Program Files\Fdylhesa\umelwgoq.dll
O2 - BHO: {345b0075-9c44-411a-bb14-36b2f15013af} - {fa31051f-2b63-41bb-a114-44c95700b543} - C:\WINDOWS\system32\qqgiuxud.dll (file missing)
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn200...erInstaller.exe


Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

#2
Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\DOCUME~1\PETER~1.ALB\LOCALS~1\Temp\winE0B.exe
C:\Program Files\xloader10181.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\spoolvs.exe
C:\Documents and Settings\Peter.ALBION3\Start Menu\Programs\Startup\findfast.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\autorun.exe
C:\windows\system32\winav.exe
C:\WINDOWS\TEMP\win568.exe
C:\WINDOWS\TEMP\winACB.exe
C:\WINDOWS\TEMP\win784.exe
C:\WINDOWS\TEMP\win79.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\utenobup.dll
C:\Documents and Settings\All Users.WINDOWS\Application Data\ynalqzsv.dl
C:\WINDOWS\system32\drivers\98FD6EBF-E55E-4136-BAF3-C69A3C8F4E58.cxv
C:\WINDOWS\system32\drivers\65465852-1184-45C2-BF89-95EE9944D8C3.cxv
C:\Documents and Settings\All Users.WINDOWS\Application Data\nmfobyly.dll
C:\WINDOWS\system32\drivers\EFEB205A-339D-4281-8C7A-1A447AD42527.cxv
C:\WINDOWS\system32\drivers\A73AC742-982C-438A-AECF-FC4305C78D86.cxv
C:\WINDOWS\system32\drivers\BBB03FF6-BC17-49AC-B5E4-0426951DD354.cxv
C:\WINDOWS\system32\drivers\D030C1CE-6ABF-4CB2-B184-AC7496C857C4.cxv
C:\WINDOWS\system32\khfebcy.dll.vir
C:\WINDOWS\system32\drivers\D693BC65-2DF4-4217-BE99-49DC13A35752.cxv
C:\WINDOWS\system32\drivers\A965B26A-1D7A-45E6-A5B2-88D33BA6229D.cxv
C:\WINDOWS\system32\drivers\59A07608-DFA7-49B0-8F8F-2EE49D0720D3.cxv

Folder::
C:\Program Files\Fdylhesa
C:\Program Files\Qemooxku
C:\Program Files\Upcluwag
C:\Program Files\Wiascnic
C:\Program Files\Dhcouvde
C:\Program Files\Sjxrgzbk
C:\Program Files\zmrofsfy

Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{334717E1-466C-1D64-BA74-E33BA7964998}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fa31051f-2b63-41bb-a114-44c95700b543}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


#3
Let's run ATF-Cleaner and scan your computer;

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!

Double-click ATF Cleaner.exe to open it.

Under Main select the following:
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Click Exit on the Main menu to close the program.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
AVG Anti-Spyware
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Do not automatically generate reports and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware log.

#4
Please, post a fresh hijackthis log, combofix log and AVG Anti-Spyware results back here :thumbsup:
Posted Image

#9 RedW

RedW
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 28 November 2007 - 03:52 AM

Hi Baabiouz,

I've run the various scans and the logs are below.

Just to let you know Baabiouz, I'm going away for a few days from lunchtime today so I probably won't get to complete the next action until Tuesday.

Thanks again for the help.

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:32:06, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Indago Updater\IndagoUpdater.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\Explorer.EXE
C:\Hijackthis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.105.224.11:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mobiola Studio for Nokia.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Indago Updater.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195805683511
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10719 bytes

COMBOFIX

ComboFix 07-11-19.3 - Peter 2007-11-27 15:06:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.175 [GMT 0:00]
Running from: C:\Documents and Settings\Peter.ALBION3\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Peter.ALBION3\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\DOCUME~1\PETER~1.ALB\LOCALS~1\Temp\winE0B.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\nmfobyly.dll
C:\Documents and Settings\All Users.WINDOWS\Application Data\utenobup.dll
C:\Documents and Settings\All Users.WINDOWS\Application Data\ynalqzsv.dl
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\Peter.ALBION3\Start Menu\Programs\Startup\findfast.exe
C:\Program Files\xloader10181.exe
C:\WINDOWS\system32\drivers\59A07608-DFA7-49B0-8F8F-2EE49D0720D3.cxv
C:\WINDOWS\system32\drivers\65465852-1184-45C2-BF89-95EE9944D8C3.cxv
C:\WINDOWS\system32\drivers\98FD6EBF-E55E-4136-BAF3-C69A3C8F4E58.cxv
C:\WINDOWS\system32\drivers\A73AC742-982C-438A-AECF-FC4305C78D86.cxv
C:\WINDOWS\system32\drivers\A965B26A-1D7A-45E6-A5B2-88D33BA6229D.cxv
C:\WINDOWS\system32\drivers\BBB03FF6-BC17-49AC-B5E4-0426951DD354.cxv
C:\WINDOWS\system32\drivers\D030C1CE-6ABF-4CB2-B184-AC7496C857C4.cxv
C:\WINDOWS\system32\drivers\D693BC65-2DF4-4217-BE99-49DC13A35752.cxv
C:\WINDOWS\system32\drivers\EFEB205A-339D-4281-8C7A-1A447AD42527.cxv
C:\WINDOWS\system32\khfebcy.dll.vir
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\spoolvs.exe
C:\windows\system32\winav.exe
C:\WINDOWS\TEMP\win568.exe
C:\WINDOWS\TEMP\win784.exe
C:\WINDOWS\TEMP\win79.exe
C:\WINDOWS\TEMP\winACB.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Application Data\nmfobyly.dll
C:\Documents and Settings\All Users.WINDOWS\Application Data\utenobup.dll
C:\Program Files\Dhcouvde
C:\Program Files\Fdylhesa
C:\Program Files\Fdylhesa\umelwgoq.dll
C:\Program Files\Qemooxku
C:\Program Files\Qemooxku\iirzxeny.dll
C:\Program Files\Sjxrgzbk
C:\Program Files\Upcluwag
C:\Program Files\Upcluwag\lbizdmzo.dll
C:\Program Files\Wiascnic
C:\Program Files\zmrofsfy
C:\Program Files\zmrofsfy\bcvkzsjq.dll
C:\WINDOWS\system32\drivers\59A07608-DFA7-49B0-8F8F-2EE49D0720D3.cxv
C:\WINDOWS\system32\drivers\65465852-1184-45C2-BF89-95EE9944D8C3.cxv
C:\WINDOWS\system32\drivers\98FD6EBF-E55E-4136-BAF3-C69A3C8F4E58.cxv
C:\WINDOWS\system32\drivers\A73AC742-982C-438A-AECF-FC4305C78D86.cxv
C:\WINDOWS\system32\drivers\A965B26A-1D7A-45E6-A5B2-88D33BA6229D.cxv
C:\WINDOWS\system32\drivers\BBB03FF6-BC17-49AC-B5E4-0426951DD354.cxv
C:\WINDOWS\system32\drivers\D030C1CE-6ABF-4CB2-B184-AC7496C857C4.cxv
C:\WINDOWS\system32\drivers\D693BC65-2DF4-4217-BE99-49DC13A35752.cxv
C:\WINDOWS\system32\drivers\EFEB205A-339D-4281-8C7A-1A447AD42527.cxv
C:\WINDOWS\system32\khfebcy.dll.vir
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
.

2007-11-27 09:10 <DIR> d-------- C:\Program Files\FinalBurner
2007-11-27 09:10 <DIR> d-------- C:\finalburner
2007-11-27 09:10 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\FinalBurner Video DVD
2007-11-26 22:10 <DIR> d-------- C:\Program Files\Complex
2007-11-26 22:05 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\DeepBurner
2007-11-26 22:04 <DIR> d-------- C:\Program Files\Astonsoft
2007-11-26 21:59 <DIR> d-------- C:\Program Files\CDBurnerXP
2007-11-25 16:38 1,024 --a------ C:\WINDOWS\system32\drivers\0B6D8217-93D4-40B0-8040-B774735D95A6.cxv
2007-11-25 16:23 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-23 15:51 <DIR> d-------- C:\Deckard
2007-11-23 15:30 <DIR> d-------- C:\Hijackthis
2007-11-23 06:57 131,072 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\ynalqzsv.dll
2007-11-22 19:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-21 12:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-21 12:46 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\SUPERAntiSpyware.com
2007-11-21 12:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-11-21 08:22 <DIR> d-------- C:\VundoFix Backups
2007-11-20 11:01 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-20 11:01 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-19 21:43 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-19 13:21 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\Uniblue
2007-11-19 13:20 <DIR> d-------- C:\Program Files\Uniblue
2007-11-19 12:54 <DIR> d-------- C:\Program Files\Panda Security
2007-11-19 11:23 <DIR> d-------- C:\Program Files\E404DHelper
2007-11-19 11:21 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-18 21:50 <DIR> d-------- C:\Program Files\STOPzilla!
2007-11-18 21:50 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-11-18 21:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2007-11-17 15:10 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\Ableton
2007-11-17 15:10 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ableton
2007-11-09 12:38 <DIR> d-------- C:\v2d
2007-11-09 12:38 <DIR> d-------- C:\Program Files\Total Video2DVD Author
2007-11-09 12:12 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2007-11-09 12:07 <DIR> d-------- C:\Program Files\Movavi Video Converter 5
2007-11-09 12:07 <DIR> d-------- C:\Program Files\Common Files\MOVAVI
2007-11-09 11:41 <DIR> d-------- C:\Program Files\AllToAVI
2007-11-09 11:34 <DIR> d-------- C:\Program Files\Movkit Batch Video Converter
2007-10-27 12:21 <DIR> d-------- C:\Documents and Settings\Liv\Application Data\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 17:12 --------- d-----w C:\Program Files\PC Tools AntiVirus
2007-11-26 13:12 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\LimeWire
2007-11-26 10:46 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\BitTorrent
2007-11-21 12:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 13:47 81,920 ----a-w C:\Documents and Settings\Peter.ALBION3\Application Data\ezpinst.exe
2007-11-20 13:47 47,360 ----a-w C:\Documents and Settings\Peter.ALBION3\Application Data\pcouffin.sys
2007-11-20 13:47 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\Vso
2007-11-17 15:04 --------- d-----w C:\Program Files\Java
2007-11-16 11:29 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\AdobeUM
2007-11-05 22:11 --------- d-----w C:\Program Files\LimeWire
2007-11-05 19:22 --------- d-----w C:\Program Files\BitTorrent
2007-11-01 22:28 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\CoreFTP
2007-10-31 12:37 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-10-08 21:21 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\Apple Computer
2005-12-15 11:03 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2002-06-28 22:00 75,659 ----a-r C:\Program Files\DATA1.HDR
2002-06-28 22:00 700 ----a-r C:\Program Files\LAYOUT.BIN
2002-06-28 22:00 54,318 ----a-r C:\Program Files\SETUP16.BMP
2002-06-28 22:00 54,318 ----a-r C:\Program Files\SETUP.BMP
2002-06-28 22:00 49,152 ----a-r C:\Program Files\AUTORUN.EXE
2002-06-28 22:00 344,923 ----a-r C:\Program Files\IKERNEL.EX_
2002-06-28 22:00 31,584,057 ----a-r C:\Program Files\DATA2.CAB
2002-06-28 22:00 294 ----a-r C:\Program Files\README32.CNT
2002-06-28 22:00 25,765,376 ----a-r C:\Program Files\TS.EXE
2002-06-28 22:00 24,655 ----a-r C:\Program Files\README32.HLP
2002-06-28 22:00 160,718 ----a-r C:\Program Files\SETUP.INX
2002-06-28 22:00 139 ----a-r C:\Program Files\SETUP.INI
2002-06-28 22:00 11,119 ----a-r C:\Program Files\LICENSE.TXT
2002-06-28 22:00 11,119 ----a-r C:\Program Files\LICENSE.DOC
2002-06-28 22:00 1,274,338 ----a-r C:\Program Files\DATA1.CAB
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" []
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 21:22]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-10 18:02]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 22:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 01:00]
"CTHelper"="CTHELPER.EXE" [2004-03-19 08:33 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 00:04]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-15 12:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2007-01-10 10:27]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 12:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-07-25 02:33 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 12:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15]

C:\Documents and Settings\Ben\Start Menu\Programs\Startup\
Internet Explorer.lnk - C:\Program Files\Internet Explorer\IEXPLORE.EXE [2005-12-09 14:41:29]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 12:00:54]
Indago Updater.lnk - C:\WINDOWS\Installer\{3F6114A3-2AAA-464B-98C1-9ABBBF5FCFAB}\Icon3F6114A34.exe [2006-05-13 09:22:05]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-12-09 16:49:43]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 04:05:56]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe
R3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys
R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys
S3 PciCon;PciCon;\??\E:\PciCon.sys
S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-26 22:41:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 17:11:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-27 17:14:51 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-25 20:30
.
--- E O F ---

AVG report
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 07:05:15 28/11/2007

+ Scan result:



C:\Documents and Settings\Peter.ALBION3\Application Data\Opera\Opera\profile\cache4\opr1T8WR.html -> Downloader.Agent.hq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB444CD7-D55D-4CD7-AF30-42F561E246FD}\RP640\A0174137.dll -> Downloader.ConHook.hl : Cleaned with backup (quarantined).
C:\VundoFix Backups\fjsuhmiv.dll.bad -> Downloader.ConHook.hl : Cleaned with backup (quarantined).
:mozilla.253:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.140:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.141:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.25:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.26:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.27:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.28:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.29:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.30:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.32:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.206:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.226:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.227:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.228:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.229:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.230:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Peter.ALBION3\Application Data\Pioneers of the Inevitable\Songbird\Profiles\1qiddkye.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\Peter.ALBION3\Application Data\Pioneers of the Inevitable\Songbird\Profiles\1qiddkye.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\Peter.ALBION3\Application Data\Pioneers of the Inevitable\Songbird\Profiles\1qiddkye.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Peter.ALBION3\Application Data\Pioneers of the Inevitable\Songbird\Profiles\1qiddkye.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.93:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.94:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.23:C:\Documents and Settings\Peter.ALBION3\Application Data\Pioneers of the Inevitable\Songbird\Profiles\1qiddkye.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.24:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Peter.ALBION3\Cookies\peter@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.50:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.268:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.269:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.95:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.35:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.36:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.37:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.38:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.39:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.40:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.41:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.42:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.178:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.363:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.100:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.10:C:\Documents and Settings\Peter.ALBION3\Application Data\Pioneers of the Inevitable\Songbird\Profiles\1qiddkye.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.16:C:\Documents and Settings\Peter.ALBION3\Application Data\Pioneers of the Inevitable\Songbird\Profiles\1qiddkye.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.173:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.240:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.241:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.35:C:\Documents and Settings\Peter.ALBION3\Application Data\Pioneers of the Inevitable\Songbird\Profiles\1qiddkye.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.8:C:\Documents and Settings\Peter.ALBION3\Application Data\Pioneers of the Inevitable\Songbird\Profiles\1qiddkye.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.97:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.98:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.99:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.9:C:\Documents and Settings\Peter.ALBION3\Application Data\Pioneers of the Inevitable\Songbird\Profiles\1qiddkye.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.21:C:\Documents and Settings\Peter.ALBION3\Application Data\Pioneers of the Inevitable\Songbird\Profiles\1qiddkye.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.22:C:\Documents and Settings\Peter.ALBION3\Application Data\Pioneers of the Inevitable\Songbird\Profiles\1qiddkye.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\Peter.ALBION3\Cookies\peter@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.388:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.18:C:\Documents and Settings\Peter.ALBION3\Application Data\Pioneers of the Inevitable\Songbird\Profiles\1qiddkye.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.75:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.76:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.77:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.293:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.294:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.243:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.209:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.210:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.6:C:\Documents and Settings\Peter.ALBION3\Application Data\Pioneers of the Inevitable\Songbird\Profiles\1qiddkye.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.244:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.246:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.247:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.248:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.249:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.250:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.251:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.259:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.10:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.11:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.12:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.13:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.14:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.15:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.16:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.109:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.110:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.111:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.112:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.167:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.170:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.171:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.172:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.211:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.212:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.31:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.73:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.74:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.281:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.205:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Peter.ALBION3\Cookies\peter@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.119:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.120:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.121:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.122:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.123:C:\Documents and Settings\Peter.ALBION3\Application Data\Mozilla\Firefox\Profiles\jdhr2l6b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

#10 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:35 PM

Posted 28 November 2007 - 07:59 AM

Hi!

Just to let you know Baabiouz, I'm going away for a few days from lunchtime today so I probably won't get to complete the next action until Tuesday.

That's Ok! Thanks for information :blink:

#1
Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\drivers\0B6D8217-93D4-40B0-8040-B774735D95A6.cxv
C:\Documents and Settings\All Users.WINDOWS\Application Data\ynalqzsv.dll


Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

#2
Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

#3
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 3 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u3...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.
Now to Clean out the Java cache:

Go into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
#4
Please, post a fresh HijackThis log and Combofix log :thumbsup:
Posted Image

#11 RedW

RedW
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 04 December 2007 - 05:00 AM

Hi Baabiouz,

Right I am back and just getting started on your instructions.

On the question of the firewall, I don't run one because I am relying on the one built in to my Belkin router, is that not adequate? Before I had this router, I was using one (I forget which one now) and it caused problems attaching to my home network.

Back with results later.

#12 RedW

RedW
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 04 December 2007 - 12:28 PM

Hi Baabiouz,

I've downloaded ZoneAlarm but am just holdomg off to see what you think of my previous question. New version of Java installed.

Here are the logs!

HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:09, on 04/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Indago Updater\IndagoUpdater.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijackthis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.105.224.11:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mobiola Studio for Nokia.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Indago Updater.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195805683511
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10644 bytes


ComboFix

ComboFix 07-12-02.7 - Peter 2007-12-04 14:52:29.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.201 [GMT 0:00]
Running from: C:\Documents and Settings\Peter.ALBION3\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Peter.ALBION3\Desktop\cfscript.txt
* Created a new restore point

FILE
C:\Documents and Settings\All Users.WINDOWS\Application Data\ynalqzsv.dll
C:\WINDOWS\system32\drivers\0B6D8217-93D4-40B0-8040-B774735D95A6.cxv
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Application Data\ynalqzsv.dll
C:\WINDOWS\system32\drivers\0B6D8217-93D4-40B0-8040-B774735D95A6.cxv

.
((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
.

2007-11-28 10:34 . 2007-11-28 10:35 5,120 --a------ C:\WINDOWS\system32\drivers\F522AB40-1B9F-4525-9B86-9A4E86287844.cxv
2007-11-27 18:54 . 2007-11-27 18:54 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\Grisoft
2007-11-27 18:53 . 2007-11-27 18:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-11-27 18:53 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-27 09:10 . 2007-11-27 09:10 <DIR> d-------- C:\Program Files\FinalBurner
2007-11-27 09:10 . 2007-11-27 09:10 <DIR> d-------- C:\finalburner
2007-11-27 09:10 . 2007-11-27 09:10 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\FinalBurner Video DVD
2007-11-26 22:10 . 2007-11-26 22:10 <DIR> d-------- C:\Program Files\Complex
2007-11-26 22:05 . 2007-11-26 22:06 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\DeepBurner
2007-11-26 22:04 . 2007-11-26 22:04 <DIR> d-------- C:\Program Files\Astonsoft
2007-11-26 21:59 . 2007-11-26 21:59 <DIR> d-------- C:\Program Files\CDBurnerXP
2007-11-25 16:23 . 2007-11-25 16:23 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-23 15:30 . 2007-11-28 08:32 <DIR> d-------- C:\Hijackthis
2007-11-23 08:19 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-11-22 19:23 . 2007-11-22 21:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-21 12:46 . 2007-11-21 12:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-21 12:46 . 2007-11-21 12:46 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\SUPERAntiSpyware.com
2007-11-21 12:46 . 2007-11-21 12:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-11-20 11:01 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-20 11:01 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-20 11:01 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-20 11:01 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-19 21:43 . 2007-11-22 21:46 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-19 13:21 . 2007-11-19 13:21 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\Uniblue
2007-11-19 13:20 . 2007-11-19 13:20 <DIR> d-------- C:\Program Files\Uniblue
2007-11-19 12:54 . 2007-11-19 12:54 <DIR> d-------- C:\Program Files\Panda Security
2007-11-19 12:37 . 2007-11-19 12:55 2,712 --a------ C:\WINDOWS\mozver.dat
2007-11-19 11:23 . 2007-11-19 15:55 <DIR> d-------- C:\Program Files\E404DHelper
2007-11-19 11:21 . 2007-11-19 11:21 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-19 06:33 . 2007-11-19 08:05 677,159 --ahs---- C:\WINDOWS\system32\wjdhqpgi.ini
2007-11-18 21:50 . 2007-11-18 21:52 <DIR> d-------- C:\Program Files\STOPzilla!
2007-11-18 21:50 . 2007-11-18 21:50 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-11-18 21:50 . 2007-12-04 16:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2007-11-18 18:04 . 2007-11-19 15:57 <DIR> d-------- C:\WINDOWS\system32\qfovkrbl
2007-11-18 18:03 . 2007-11-18 18:03 1,147,424 --a------ C:\Install
2007-11-17 15:10 . 2007-11-17 15:10 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\Ableton
2007-11-17 15:10 . 2007-11-17 15:10 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ableton
2007-11-09 14:29 . 2007-11-26 22:21 28 --a------ C:\WINDOWS\v2d.INI
2007-11-09 12:38 . 2007-11-09 12:39 <DIR> d-------- C:\v2d
2007-11-09 12:38 . 2007-11-09 13:56 <DIR> d-------- C:\Program Files\Total Video2DVD Author
2007-11-09 12:12 . 2007-11-09 12:12 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2007-11-09 12:07 . 2007-11-09 12:07 <DIR> d-------- C:\Program Files\Movavi Video Converter 5
2007-11-09 12:07 . 2007-11-09 12:07 <DIR> d-------- C:\Program Files\Common Files\MOVAVI
2007-11-09 11:41 . 2007-11-20 13:45 <DIR> d-------- C:\Program Files\AllToAVI
2007-11-09 11:34 . 2007-11-09 12:16 <DIR> d-------- C:\Program Files\Movkit Batch Video Converter
2007-11-09 11:30 . 2007-11-09 11:30 264,052 --a------ C:\output.avi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 16:58 --------- d-----w C:\Program Files\PC Tools AntiVirus
2007-11-26 13:12 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\LimeWire
2007-11-26 10:46 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\BitTorrent
2007-11-21 12:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 13:47 81,920 ----a-w C:\Documents and Settings\Peter.ALBION3\Application Data\ezpinst.exe
2007-11-20 13:47 47,360 ----a-w C:\Documents and Settings\Peter.ALBION3\Application Data\pcouffin.sys
2007-11-20 13:47 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\Vso
2007-11-17 15:04 --------- d-----w C:\Program Files\Java
2007-11-16 11:29 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\AdobeUM
2007-11-05 22:11 --------- d-----w C:\Program Files\LimeWire
2007-11-05 19:22 --------- d-----w C:\Program Files\BitTorrent
2007-11-01 22:28 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\CoreFTP
2007-10-31 12:37 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-10-27 12:21 --------- d-----w C:\Documents and Settings\Liv\Application Data\PC Tools
2007-10-08 21:21 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\Apple Computer
2002-06-28 22:00 75,659 ----a-r C:\Program Files\DATA1.HDR
2002-06-28 22:00 700 ----a-r C:\Program Files\LAYOUT.BIN
2002-06-28 22:00 54,318 ----a-r C:\Program Files\SETUP16.BMP
2002-06-28 22:00 54,318 ----a-r C:\Program Files\SETUP.BMP
2002-06-28 22:00 49,152 ----a-r C:\Program Files\AUTORUN.EXE
2002-06-28 22:00 344,923 ----a-r C:\Program Files\IKERNEL.EX_
2002-06-28 22:00 31,584,057 ----a-r C:\Program Files\DATA2.CAB
2002-06-28 22:00 294 ----a-r C:\Program Files\README32.CNT
2002-06-28 22:00 25,765,376 ----a-r C:\Program Files\TS.EXE
2002-06-28 22:00 24,655 ----a-r C:\Program Files\README32.HLP
2002-06-28 22:00 160,718 ----a-r C:\Program Files\SETUP.INX
2002-06-28 22:00 139 ----a-r C:\Program Files\SETUP.INI
2002-06-28 22:00 11,119 ----a-r C:\Program Files\LICENSE.TXT
2002-06-28 22:00 11,119 ----a-r C:\Program Files\LICENSE.DOC
2002-06-28 22:00 1,274,338 ----a-r C:\Program Files\DATA1.CAB
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" []
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 21:22]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-10 18:02]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 22:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 01:00]
"CTHelper"="CTHELPER.EXE" [2004-03-19 08:33 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 00:04]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-15 12:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2007-01-10 10:27]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 12:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-07-25 02:33 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 12:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15]

C:\Documents and Settings\Ben\Start Menu\Programs\Startup\
Internet Explorer.lnk - C:\Program Files\Internet Explorer\IEXPLORE.EXE [2005-12-09 14:41:29]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 12:00:54]
Indago Updater.lnk - C:\WINDOWS\Installer\{3F6114A3-2AAA-464B-98C1-9ABBBF5FCFAB}\Icon3F6114A34.exe [2006-05-13 09:22:05]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-12-09 16:49:43]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 04:05:56]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe
R3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys
R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys
S3 PciCon;PciCon;\??\E:\PciCon.sys
S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-26 22:41:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 16:58:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-04 17:00:53 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-27 17:14
C:\ComboFix3.txt ... 2007-11-25 20:30
.
--- E O F ---

#13 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:35 PM

Posted 06 December 2007 - 12:41 PM

It would be ok to keep Zonealarm and router's firewall, if you don't get problems.
If you get problems, remove another.

#1
Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\wjdhqpgi.ini

Folder::
C:\WINDOWS\system32\qfovkrbl


Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

#2
Let's make sure your computer is clean;

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
#3
Please, post a fresh HijackThis log, Combofix log and Kaspersky online scanner results :thumbsup:
Posted Image

#14 RedW

RedW
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 08 December 2007 - 03:51 AM

Hi Baabiouz,

Thanks for keeping looking at this :thumbsup:

Here's the latest logs.

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:43:48, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Indago Updater\IndagoUpdater.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\explorer.exe
C:\Hijackthis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.105.224.11:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mobiola Studio for Nokia.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Indago Updater.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195805683511
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10808 bytes

Combofix

ComboFix 07-12-02.7 - Peter 2007-12-07 20:47:25.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.167 [GMT 0:00]
Running from: C:\Documents and Settings\Peter.ALBION3\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Peter.ALBION3\Desktop\CFscript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\wjdhqpgi.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\qfovkrbl
C:\WINDOWS\system32\qfovkrbl\mainframe.htm
C:\WINDOWS\system32\wjdhqpgi.ini

.
((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))
.

2007-12-04 17:16 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-28 10:34 . 2007-11-28 10:35 5,120 --a------ C:\WINDOWS\system32\drivers\F522AB40-1B9F-4525-9B86-9A4E86287844.cxv
2007-11-27 18:54 . 2007-11-27 18:54 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\Grisoft
2007-11-27 18:53 . 2007-11-27 18:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-11-27 18:53 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-27 09:10 . 2007-11-27 09:10 <DIR> d-------- C:\Program Files\FinalBurner
2007-11-27 09:10 . 2007-11-27 09:10 <DIR> d-------- C:\finalburner
2007-11-27 09:10 . 2007-11-27 09:10 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\FinalBurner Video DVD
2007-11-26 22:10 . 2007-11-26 22:10 <DIR> d-------- C:\Program Files\Complex
2007-11-26 22:05 . 2007-11-26 22:06 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\DeepBurner
2007-11-26 22:04 . 2007-11-26 22:04 <DIR> d-------- C:\Program Files\Astonsoft
2007-11-26 21:59 . 2007-11-26 21:59 <DIR> d-------- C:\Program Files\CDBurnerXP
2007-11-25 16:23 . 2007-11-25 16:23 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-23 15:30 . 2007-12-04 17:28 <DIR> d-------- C:\Hijackthis
2007-11-23 08:19 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-11-22 19:23 . 2007-11-22 21:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-21 12:46 . 2007-11-21 12:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-21 12:46 . 2007-11-21 12:46 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\SUPERAntiSpyware.com
2007-11-21 12:46 . 2007-11-21 12:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-11-20 11:01 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-20 11:01 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-20 11:01 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-20 11:01 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-19 21:43 . 2007-11-22 21:46 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-19 13:21 . 2007-11-19 13:21 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\Uniblue
2007-11-19 13:20 . 2007-11-19 13:20 <DIR> d-------- C:\Program Files\Uniblue
2007-11-19 12:54 . 2007-11-19 12:54 <DIR> d-------- C:\Program Files\Panda Security
2007-11-19 12:37 . 2007-11-19 12:55 2,712 --a------ C:\WINDOWS\mozver.dat
2007-11-19 11:23 . 2007-11-19 15:55 <DIR> d-------- C:\Program Files\E404DHelper
2007-11-19 11:21 . 2007-11-19 11:21 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-18 21:50 . 2007-11-18 21:52 <DIR> d-------- C:\Program Files\STOPzilla!
2007-11-18 21:50 . 2007-11-18 21:50 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-11-18 21:50 . 2007-12-07 19:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2007-11-18 18:03 . 2007-11-18 18:03 1,147,424 --a------ C:\Install
2007-11-17 15:10 . 2007-11-17 15:10 <DIR> d-------- C:\Documents and Settings\Peter.ALBION3\Application Data\Ableton
2007-11-17 15:10 . 2007-11-17 15:10 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ableton
2007-11-09 14:29 . 2007-11-26 22:21 28 --a------ C:\WINDOWS\v2d.INI
2007-11-09 12:38 . 2007-11-09 12:39 <DIR> d-------- C:\v2d
2007-11-09 12:38 . 2007-11-09 13:56 <DIR> d-------- C:\Program Files\Total Video2DVD Author
2007-11-09 12:12 . 2007-11-09 12:12 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2007-11-09 12:07 . 2007-11-09 12:07 <DIR> d-------- C:\Program Files\Movavi Video Converter 5
2007-11-09 12:07 . 2007-11-09 12:07 <DIR> d-------- C:\Program Files\Common Files\MOVAVI
2007-11-09 11:41 . 2007-11-20 13:45 <DIR> d-------- C:\Program Files\AllToAVI
2007-11-09 11:34 . 2007-11-09 12:16 <DIR> d-------- C:\Program Files\Movkit Batch Video Converter
2007-11-09 11:30 . 2007-11-09 11:30 264,052 --a------ C:\output.avi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 17:35 --------- d-----w C:\Program Files\PC Tools AntiVirus
2007-12-04 17:16 --------- d-----w C:\Program Files\Java
2007-11-26 13:12 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\LimeWire
2007-11-26 10:46 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\BitTorrent
2007-11-21 12:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 13:47 81,920 ----a-w C:\Documents and Settings\Peter.ALBION3\Application Data\ezpinst.exe
2007-11-20 13:47 47,360 ----a-w C:\Documents and Settings\Peter.ALBION3\Application Data\pcouffin.sys
2007-11-20 13:47 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\Vso
2007-11-16 11:29 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\AdobeUM
2007-11-05 22:11 --------- d-----w C:\Program Files\LimeWire
2007-11-05 19:22 --------- d-----w C:\Program Files\BitTorrent
2007-11-01 22:28 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\CoreFTP
2007-10-31 12:37 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-10-27 12:21 --------- d-----w C:\Documents and Settings\Liv\Application Data\PC Tools
2007-10-08 21:21 --------- d-----w C:\Documents and Settings\Peter.ALBION3\Application Data\Apple Computer
2007-10-05 10:11 225,280 ----a-r C:\WINDOWS\system32\SZBase5.dll
2007-09-13 16:36 311,296 ----a-r C:\WINDOWS\system32\IS3DBA5.dll
2007-09-13 16:36 126,976 ----a-r C:\WINDOWS\system32\IS3HTUI5.dll
2007-09-13 16:35 61,440 ----a-r C:\WINDOWS\system32\IS3Hks5.dll
2007-09-13 16:35 372,736 ----a-r C:\WINDOWS\system32\IS3UI5.dll
2007-09-13 16:35 23,040 ----a-r C:\WINDOWS\system32\IS3XDat5.dll
2007-09-13 16:34 94,208 ----a-r C:\WINDOWS\system32\IS3Inet5.dll
2007-09-13 16:34 90,112 ----a-r C:\WINDOWS\system32\IS3Svc5.dll
2007-09-13 16:34 700,416 ----a-r C:\WINDOWS\system32\IS3Base5.dll
2007-09-13 16:34 200,704 ----a-r C:\WINDOWS\system32\IS3Win325.dll
2005-12-15 11:03 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2002-06-28 22:00 75,659 ----a-r C:\Program Files\DATA1.HDR
2002-06-28 22:00 700 ----a-r C:\Program Files\LAYOUT.BIN
2002-06-28 22:00 54,318 ----a-r C:\Program Files\SETUP16.BMP
2002-06-28 22:00 54,318 ----a-r C:\Program Files\SETUP.BMP
2002-06-28 22:00 49,152 ----a-r C:\Program Files\AUTORUN.EXE
2002-06-28 22:00 344,923 ----a-r C:\Program Files\IKERNEL.EX_
2002-06-28 22:00 31,584,057 ----a-r C:\Program Files\DATA2.CAB
2002-06-28 22:00 294 ----a-r C:\Program Files\README32.CNT
2002-06-28 22:00 25,765,376 ----a-r C:\Program Files\TS.EXE
2002-06-28 22:00 24,655 ----a-r C:\Program Files\README32.HLP
2002-06-28 22:00 160,718 ----a-r C:\Program Files\SETUP.INX
2002-06-28 22:00 139 ----a-r C:\Program Files\SETUP.INI
2002-06-28 22:00 11,119 ----a-r C:\Program Files\LICENSE.TXT
2002-06-28 22:00 11,119 ----a-r C:\Program Files\LICENSE.DOC
2002-06-28 22:00 1,274,338 ----a-r C:\Program Files\DATA1.CAB
.

((((((((((((((((((((((((((((( snapshot@2007-12-04_17.00.17.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-06-03 02:24:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-24 22:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-06-03 02:24:14 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 22:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-06-03 03:52:56 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-24 23:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" []
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 21:22]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-10 18:02]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 22:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 01:00]
"CTHelper"="CTHELPER.EXE" [2004-03-19 08:33 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 00:04]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-15 12:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2007-01-10 10:27]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 12:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-07-25 02:33 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 12:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15]

C:\Documents and Settings\Ben\Start Menu\Programs\Startup\
Internet Explorer.lnk - C:\Program Files\Internet Explorer\IEXPLORE.EXE [2005-12-09 14:41:29]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 12:00:54]
Indago Updater.lnk - C:\WINDOWS\Installer\{3F6114A3-2AAA-464B-98C1-9ABBBF5FCFAB}\Icon3F6114A34.exe [2006-05-13 09:22:05]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-12-09 16:49:43]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 04:05:56]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe
R3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys
R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys
S3 PciCon;PciCon;\??\E:\PciCon.sys
S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-26 22:41:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 22:50:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-07 22:50:48
C:\ComboFix2.txt ... 2007-12-04 17:00
C:\ComboFix3.txt ... 2007-11-27 17:14
.
--- E O F ---

Kaspersky


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 08, 2007 8:42:54 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/12/2007
Kaspersky Anti-Virus database records: 476856
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 129817
Number of viruses found: 11
Number of infected objects: 43
Number of suspicious objects: 0
Duration of the scan process: 01:22:31

Infected Object Name / Virus Name / Last Action
C:\171ab136aff486b55aeda8341e1871d4\update\update.exe Object is locked skipped
C:\249cef27f43bc033448735b331\sp1\update\spcustom.dll Object is locked skipped
C:\249cef27f43bc033448735b331\sp1\update\update.exe Object is locked skipped
C:\48881217258fdae5f2b\sp1\update\spcustom.dll Object is locked skipped
C:\48881217258fdae5f2b\sp1\update\update.exe Object is locked skipped
C:\8a5d58f61bd1732e980935\sp1\update\spcustom.dll Object is locked skipped
C:\8a5d58f61bd1732e980935\sp1\update\update.exe Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Pure Networks\Network Magic\Log\logfile.nmapp_exe.txt Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Pure Networks\Network Magic\Log\logfile.nmsrvc_exe.txt Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!\targets.db Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!\userdata.db Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!\zilla5.log Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\.housecall\Quarantine\007 DVD Copy 1.2.zip.bac_a03120/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\Peter.ALBION3\.housecall\Quarantine\007 DVD Copy 1.2.zip.bac_a03120 ZIP: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall\Quarantine\007 DVD Copy 1.2.zip.bac_a03120 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall\Quarantine\Cakewalk Guitar Tracks Pro v3.0 by AGAiN.zip.bac_a00424/setup.exe Infected: Trojan.Win32.Crypt.e skipped
C:\Documents and Settings\Peter.ALBION3\.housecall\Quarantine\Cakewalk Guitar Tracks Pro v3.0 by AGAiN.zip.bac_a00424 ZIP: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall\Quarantine\Cakewalk Guitar Tracks Pro v3.0 by AGAiN.zip.bac_a00424 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall\Quarantine\Cakewalk Guitar Tracks Pro v3.0 by AGAiN.zip.bac_a02660/setup.exe Infected: Trojan.Win32.Crypt.e skipped
C:\Documents and Settings\Peter.ALBION3\.housecall\Quarantine\Cakewalk Guitar Tracks Pro v3.0 by AGAiN.zip.bac_a02660 ZIP: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall\Quarantine\Cakewalk Guitar Tracks Pro v3.0 by AGAiN.zip.bac_a02660 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall\Quarantine\DVD X Copy Platinum.zip.bac_a03336/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\Peter.ALBION3\.housecall\Quarantine\DVD X Copy Platinum.zip.bac_a03336 ZIP: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall\Quarantine\DVD X Copy Platinum.zip.bac_a03336 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall\Quarantine\FXPansion Guru DXi RTAS VSTi 1.0.2.5.zip.bac_a00660/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\Peter.ALBION3\.housecall\Quarantine\FXPansion Guru DXi RTAS VSTi 1.0.2.5.zip.bac_a00660 ZIP: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall\Quarantine\FXPansion Guru DXi RTAS VSTi 1.0.2.5.zip.bac_a00660 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall\Quarantine\Tunebite Platinum 3.0.0.14 Newest Version .exe.bac_a00824 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\007 DVD Copy 1.2.zip.bac_a03120/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\007 DVD Copy 1.2.zip.bac_a03120 ZIP: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\007 DVD Copy 1.2.zip.bac_a03120 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\188[1].ani.bac_a00836 Infected: Exploit.Win32.IMG-ANI.au skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\Cakewalk Guitar Tracks Pro v3.0 by AGAiN.zip.bac_a00424/setup.exe Infected: Trojan.Win32.Crypt.e skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\Cakewalk Guitar Tracks Pro v3.0 by AGAiN.zip.bac_a00424 ZIP: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\Cakewalk Guitar Tracks Pro v3.0 by AGAiN.zip.bac_a00424 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\Cakewalk Guitar Tracks Pro v3.0 by AGAiN.zip.bac_a02660/setup.exe Infected: Trojan.Win32.Crypt.e skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\Cakewalk Guitar Tracks Pro v3.0 by AGAiN.zip.bac_a02660 ZIP: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\Cakewalk Guitar Tracks Pro v3.0 by AGAiN.zip.bac_a02660 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\DVD X Copy Platinum.zip.bac_a03336/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\DVD X Copy Platinum.zip.bac_a03336 ZIP: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\DVD X Copy Platinum.zip.bac_a03336 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\FXPansion Guru DXi RTAS VSTi 1.0.2.5.zip.bac_a00660/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\FXPansion Guru DXi RTAS VSTi 1.0.2.5.zip.bac_a00660 ZIP: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\FXPansion Guru DXi RTAS VSTi 1.0.2.5.zip.bac_a00660 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\isecur.dll.bac_a03032 Infected: Trojan-Downloader.Win32.Zlob.aao skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\NERO DVD VIDIO PLUG IN.EXE.bac_a03032 Infected: Trojan-Clicker.Win32.Delf.dm skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\nsbE5F.tmp.bac_a00836/stream/data0001 Infected: Trojan-Downloader.Win32.VB.ql skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\nsbE5F.tmp.bac_a00836/stream Infected: Trojan-Downloader.Win32.VB.ql skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\nsbE5F.tmp.bac_a00836 NSIS: infected - 2 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\nsbE5F.tmp.bac_a00836 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\Setup[1].exe.bac_a01864 Infected: not-a-virus:AdWare.Win32.180Solutions.as skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\s[1].htm.bac_a00836 Infected: Trojan-Downloader.VBS.Agent.au skipped
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine\Tunebite Platinum 3.0.0.14 Newest Version .exe.bac_a00824 Infected: Trojan-Dropper.Win32.VB.lu skipped
C:\Documents and Settings\Peter.ALBION3\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Application Data\SITEguard\siteguard.db Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\History\History.IE5\MSHist012007120720071208\index.dat Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Temp\Perflib_Perfdata_988.dat Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Temp\Perflib_Perfdata_eac.dat Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Temp\~DF4B73.tmp Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Temp\~DF8699.tmp Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\My Documents\install.exe Infected: Trojan-Downloader.Win32.Tiny.ach skipped
C:\Documents and Settings\Peter.ALBION3\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Peter.ALBION3\ntuser.dat.LOG Object is locked skipped
C:\ee4d331732692\sp1\update\spcustom.dll Object is locked skipped
C:\ee4d331732692\sp1\update\update.exe Object is locked skipped
C:\itouch_crash_info.txt Object is locked skipped
C:\Program Files\CDBurnerXP\unins000.exe Infected: Trojan.Win32.Agent.dfl skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000754.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000755.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000756.sys Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000757.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000758.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000759.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000760.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000761.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000762.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000763.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000764.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000765.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000766.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000767.sys Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000768.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000769.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000770.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000771.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP31\A0000772.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000784.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000785.ocx Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000786.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000787.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000788.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000789.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000790.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000791.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000792.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000793.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000794.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000795.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000796.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000797.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000798.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000799.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000800.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000801.ocx Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000802.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000803.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000804.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000805.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000806.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000807.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000808.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000809.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP32\A0000810.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000817.sys Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000818.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000819.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000820.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000821.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000822.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000823.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000824.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000825.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000826.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000827.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000828.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000829.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000830.sys Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000831.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000832.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000833.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000834.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP33\A0000835.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000847.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000848.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000849.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000850.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000851.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000852.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000853.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000854.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000855.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000856.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000857.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000858.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000859.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000860.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000861.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000862.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000863.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000864.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000865.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000866.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP34\A0000867.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000874.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000875.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000876.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000877.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000878.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000879.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000880.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000881.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000882.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000883.sys Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000884.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000885.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000886.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000887.sys Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000888.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000889.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000890.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000891.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP35\A0000892.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP36\A0000899.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP36\A0000900.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP36\A0000901.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP36\A0000902.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP36\A0000903.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP36\A0000904.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP36\A0000905.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP36\A0000906.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP36\A0000907.cnv Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000955.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000956.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000957.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000958.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000959.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000960.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000961.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000962.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000963.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000964.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000965.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000966.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000967.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000968.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000969.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000970.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000971.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000972.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000973.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000974.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000975.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000976.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000977.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000978.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000979.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000980.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000981.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000982.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000983.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000984.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000985.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000986.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000987.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000988.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000989.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000990.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000991.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000992.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000993.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000994.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000995.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000996.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000997.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000998.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0000999.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0001000.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0001001.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0001002.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0001003.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0001004.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0001005.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0001006.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0001007.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0001008.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0001009.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0001010.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0001011.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0001012.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP37\A0001013.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001040.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001041.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001042.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001043.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001044.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001045.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001046.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001047.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001048.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001049.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001050.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001051.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001052.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001053.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001054.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001055.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001056.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001057.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001058.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP38\A0001059.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001066.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001067.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001068.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001069.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001070.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001071.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001072.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001073.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001074.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001075.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001076.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001077.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001078.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001079.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001080.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001081.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001082.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001083.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP39\A0001084.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001123.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001124.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001125.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001126.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001127.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001128.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001129.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001130.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001131.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001132.inf Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001133.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001134.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001135.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001136.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001137.cat Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001138.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001139.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001140.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001141.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001142.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001143.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001144.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001145.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001146.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001147.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001148.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001149.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001150.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001151.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001152.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001153.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001154.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001155.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001156.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001157.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001158.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001159.tsp Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001160.TSP Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001161.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001162.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001163.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001164.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001165.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001166.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001167.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001168.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001169.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001170.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001171.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001172.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001173.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001174.ver Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP40\A0001175.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP41\A0001256.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP41\A0001258.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP41\A0001259.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP41\A0001260.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP41\A0001263.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP41\A0001264.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP41\A0001265.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP41\A0001266.exe Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP41\A0001291.dll Object is locked skipped
C:\System Volume Information\_restore{71C82B9D-3E70-443E-9B89-7B9EAFFABF24}\RP41\A0001292.exe Object is locked skipped
C:\System Volume Information\_restore{CB444CD7-D55D-4CD7-AF30-42F561E246FD}\RP657\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000002-00000000-00000002-00001102-00000008-10011102}.CDF Object is locked skipped

Scan process completed.

#15 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:35 PM

Posted 09 December 2007 - 05:50 AM

Hi!

#1
Please make these folders empty:
(delete all files inside the folder)

C:\Documents and Settings\Peter.ALBION3\.housecall\Quarantine
C:\Documents and Settings\Peter.ALBION3\.housecall6.6\Quarantine

#2
Open notepad and copy/paste the text in the quotebox below into it:

[code=auto:0]File::
C:\Documents and Settings\Peter.ALBION3\My Documents\install.exe
C:\WINDOWS\system32\drivers\F522AB40-1B9F-4525-9B86-9A4E86287844.cxv

Folder::
C:\Program Files\E404DHelper
/code]

Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

#3
Please post a fresh HijackThis log and Combofix log back here :thumbsup:

Do you have any problems?
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users