Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Halfnaked Women?!?


  • This topic is locked This topic is locked
8 replies to this topic

#1 phalanx13

phalanx13

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 03 April 2008 - 12:43 AM

Half naked women are appering insteed of the normal ads. Also pictures have also been disapering and the reappering as an ad for a security program.
I have run spybot S&D twice cleared 11 virus the first time 5 the second but they are still coming up.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:47 AM

Posted 03 April 2008 - 06:57 AM

Hello phalanx. :thumbsup:

Please follow the instructions for running ComboFix here and post back with the log once finished.

Please copy & paste the log in your reply rather than as an attachment...
Hi there, stranger!

#3 phalanx13

phalanx13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 03 April 2008 - 01:48 PM

ok

ComboFix 08-04-03.3 - toady 2008-04-03 11:31:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.218 [GMT -7:00]
Running from: C:\Documents and Settings\toady.MOMMIES\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\QdrDrive
C:\WINDOWS\BM01a77bd3.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\dirty_dishes.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\foodtray.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\mop_prop.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\ticket.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a3.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a4.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\baby_cry.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\chef_cook1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\closing_time.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\customer_ditch.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_down.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_up.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\drink_table.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\expert.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_deliver.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_pickup.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\keystroke2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_lose.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_win.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_click.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_rollover.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_pickup.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_spill.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_menu_down.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\spill.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\table_drink.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\tip_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_lose.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_win.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\fullscreendialog.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\high_score_menu_bg.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelover.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\textfield.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\upgrade_lines.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_highlight.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_normal.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_selected.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\welcome_player.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\actionpoints.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\career.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\customer.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\endless.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\global.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\powerups.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_baby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_baby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\fonts\mercurius.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\blue_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\green_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\purple_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\radio.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\red_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\stereo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\yellow_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\family.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help_dividerline.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_noise.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_score.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_cleardishes.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_givecheck.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_pickupfood.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_servefood.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_takeorder.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\local-hs-bb.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_1.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_2.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_3.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_4.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_5.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_6.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_a.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_b.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_c.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\playfirstlogo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\background.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\grey.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\cup1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_0.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\props\cup_prop1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrades.xml
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\tableshadow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\careerupgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\choosedifficulty.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\closeconfirm.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\entername.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\getmoregames.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help1.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelover.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_bubble.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_mop.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_rejectmeal.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\decor_lines.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\expert.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\lives_icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\noisering.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_d.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_e.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_f.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_base.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_hand.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_off.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd2.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd3.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd4.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\dinerdash2.exe
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\pskt.ini
C:\WINDOWS\sks~1
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\abdmscne.ini
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\advctvmd.ini
C:\WINDOWS\system32\awixtelv.ini
C:\WINDOWS\system32\bcjxumsx.dll
C:\WINDOWS\system32\cwnrlsmg.dll
C:\WINDOWS\system32\dkvlqlqu.dll
C:\WINDOWS\system32\dnbaekuw.dll
C:\WINDOWS\system32\dxhjfexk.dll
C:\WINDOWS\system32\encsmdba.dll
C:\WINDOWS\system32\exnxykgt.ini
C:\WINDOWS\system32\gmslrnwc.ini
C:\WINDOWS\system32\gobqkeuq.dll
C:\WINDOWS\system32\hgfLoUvw.ini
C:\WINDOWS\system32\hgfLoUvw.ini2
C:\WINDOWS\system32\hqrbbcvr.dll
C:\WINDOWS\system32\jfnkjtab.dll
C:\WINDOWS\system32\kxefjhxd.ini
C:\WINDOWS\system32\luajijav.dll
C:\WINDOWS\system32\lyqlwqan.ini
C:\WINDOWS\system32\mbeiveen.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\naqwlqyl.dll
C:\WINDOWS\system32\neeviebm.dll
C:\WINDOWS\system32\nkwwjhxt.dll
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini2
C:\WINDOWS\system32\opawwbor.ini
C:\WINDOWS\system32\opxwbtav.dll
C:\WINDOWS\system32\pjewoymr.ini
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\pslnbbau.ini
C:\WINDOWS\system32\quekqbog.ini
C:\WINDOWS\system32\qutycgey.dll
C:\WINDOWS\system32\rightonadz-uninst.exe
C:\WINDOWS\system32\rljkxpny.dll
C:\WINDOWS\system32\rmyowejp.dll
C:\WINDOWS\system32\rvcbbrqh.ini
C:\WINDOWS\system32\rvfcxtfv.ini
C:\WINDOWS\system32\ssembl~1
C:\WINDOWS\system32\tgkyxnxe.dll
C:\WINDOWS\system32\uabbnlsp.dll
C:\WINDOWS\system32\ueagpjqq.ini
C:\WINDOWS\system32\upnmuyjh.ini
C:\WINDOWS\system32\uqlqlvkd.ini
C:\WINDOWS\system32\vatbwxpo.ini
C:\WINDOWS\system32\vbjdbrnx.ini
C:\WINDOWS\system32\vftxcfvr.dll
C:\WINDOWS\system32\vletxiwa.dll
C:\WINDOWS\system32\vujuxhtt.ini
C:\WINDOWS\system32\wekrcrmc.ini
C:\WINDOWS\system32\wkjmchoq.dll
C:\WINDOWS\system32\wukeabnd.ini
C:\WINDOWS\system32\wvUoLfgh.dll
C:\WINDOWS\system32\xhkcxtql.ini
C:\WINDOWS\system32\xnrbdjbv.dll
C:\WINDOWS\system32\xxyyyWqn.dll
C:\WINDOWS\system32\yegcytuq.ini
C:\WINDOWS\system32\yfvjembv.ini
C:\WINDOWS\system32\ynpxkjlr.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OULTRAF
-------\Service_oUltraf


((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 )))))))))))))))))))))))))))))))
.

2008-04-02 18:47 . 2008-04-02 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-01 12:22 . 2008-04-01 23:52 1,599,766 ---hs---- C:\WINDOWS\system32\ljhxndon.ini
2008-03-31 21:59 . 2008-03-31 21:59 <DIR> d-------- C:\Program Files\THQ
2008-03-31 21:30 . 2008-03-31 21:30 <DIR> d-------- C:\Program Files\Dawn of War
2008-03-31 18:26 . 2008-04-01 02:48 <DIR> d-------- C:\Program Files\Buka
2008-03-27 21:01 . 2008-03-27 21:01 <DIR> d-------- C:\Documents and Settings\toady.MOMMIES\Application Data\InterVideo
2008-03-27 16:33 . 2008-03-27 16:34 <DIR> d-------- C:\WINDOWS\.silabclient_store_32
2008-03-27 13:00 . 2008-03-27 13:20 <DIR> d-------- C:\WINDOWS\.nos_store_32
2008-03-26 20:39 . 2008-03-31 17:17 <DIR> d-------- C:\Program Files\Activision
2008-03-26 09:16 . 2008-03-26 09:16 <DIR> d-------- C:\Program Files\P2PCleaner
2008-03-25 21:49 . 2008-03-25 21:49 <DIR> d-------- C:\Program Files\NETAMIN
2008-03-22 21:08 . 2008-03-22 21:08 85,672 --a------ C:\Documents and Settings\toady.MOMMIES\Application Data\GDIPFONTCACHEV1.DAT
2008-03-22 00:03 . 2008-03-22 00:03 0 --a------ C:\WINDOWS\DarkStone.INI
2008-03-18 19:35 . 2008-03-18 19:35 <DIR> d-------- C:\Program Files\GameTap
2008-03-18 19:35 . 2008-03-18 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameTap
2008-03-18 18:39 . 2008-03-18 18:39 <DIR> d-------- C:\Program Files\Riva
2008-03-18 17:37 . 1997-05-15 19:12 58,920 --a------ C:\Oldengl.TTF
2008-03-18 17:36 . 1997-02-04 12:42 44,464 --a------ C:\NECRON_XENOTRON.TTF
2008-03-18 17:36 . 1995-04-25 08:23 43,500 --a------ C:\IM______.TTF
2008-03-18 17:36 . 1995-04-26 09:51 35,708 --a------ C:\CHSR____.TTF
2008-03-18 17:36 . 1995-04-26 09:37 32,220 --a------ C:\MARINES_.TTF
2008-03-18 17:36 . 1995-04-25 08:31 26,196 --a------ C:\ELR_____.TTF
2008-03-18 17:36 . 1995-04-25 08:19 21,056 --a------ C:\ORKY-1__.TTF
2008-03-13 16:06 . 2008-03-13 16:06 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-12 03:03 . 2008-03-12 03:03 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-10 18:03 . 2008-03-13 17:44 169 --a------ C:\UnInstall.dat
2008-03-10 18:02 . 2008-03-07 02:44 16,896 --a------ C:\WINDOWS\system32\grwinsthlp.exe
2008-03-07 02:39 . 2008-03-07 02:39 835,883 --a------ C:\WINDOWS\system32\ork_blast1280.scr
2008-03-06 08:28 . 2008-03-06 08:30 <DIR> d-------- C:\Documents and Settings\toady.MOMMIES\Application Data\SWF To Screensaver Scout
2008-03-06 08:27 . 2008-03-06 08:30 <DIR> d-------- C:\Program Files\SWF To Screensaver Scout
2008-03-06 08:27 . 2007-09-17 16:09 688,024 --a------ C:\WINDOWS\system32\SWFToImage.dll
2008-03-06 08:23 . 2008-03-06 08:23 <DIR> d-------- C:\FkeySMTP
2008-03-06 08:15 . 2008-03-06 08:15 1,496 --a------ C:\WINDOWS\Warhammer 40k.sms
2008-03-06 08:10 . 2008-03-06 08:11 <DIR> d-------- C:\Documents and Settings\toady.MOMMIES\Application Data\GetRightToGo
2008-03-05 18:02 . 2008-03-18 18:28 <DIR> d-------- C:\Documents and Settings\toady.MOMMIES\dwhelper
2008-03-05 11:23 . 2008-03-05 11:23 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-05 11:10 . 2008-03-05 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 18:40 --------- d-----w C:\Program Files\PeerGuardian2
2008-04-03 01:48 --------- d-----w C:\Program Files\Google
2008-04-02 23:12 --------- d-----w C:\Program Files\Opera
2008-04-02 20:46 --------- d-----w C:\Program Files\World of Warcraft
2008-04-02 05:45 --------- d-----w C:\Program Files\BHODemon 2
2008-04-01 09:39 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\uTorrent
2008-04-01 04:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-25 13:35 --------- d-----w C:\Program Files\America's Army
2008-03-25 02:22 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-21 04:52 --------- d-s---w C:\Program Files\Xfire
2008-03-20 05:57 --------- d-----w C:\Program Files\Total War
2008-03-19 04:00 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\LimeWire
2008-03-18 08:17 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\Xfire
2008-03-12 18:24 --------- d-----w C:\Program Files\Growler Guncam
2008-03-12 18:18 --------- d-----w C:\Program Files\Common Files\GC Install
2008-03-11 18:58 --------- d-----w C:\Program Files\EA GAMES
2008-03-06 15:06 --------- d-----w C:\Program Files\Real
2008-03-06 15:06 --------- d-----w C:\Program Files\Common Files\Real
2008-03-06 15:04 --------- d-----w C:\Program Files\Microsoft Games
2008-03-06 14:59 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-03-06 13:39 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\Sierra
2008-03-05 18:42 --------- d--h--w C:\Documents and Settings\toady.MOMMIES\Application Data\ijjigame
2008-03-01 21:12 921,632 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-01 20:52 5,920 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-01 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-01 11:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 10:55 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-01 10:55 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-01 10:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-29 14:07 --------- d-----w C:\Program Files\Shareaza
2008-02-29 08:14 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\dvdcss
2008-02-28 08:22 --------- d-----w C:\Program Files\Opera2
2008-02-27 04:49 729,088 -c--a-w C:\WINDOWS\iun6002.exe
2008-02-19 22:51 --------- d-----w C:\Program Files\DriftCity
2008-02-19 00:57 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\vlc
2008-02-18 22:55 19,256,320 ----a-w C:\WINDOWS\New_Background.scr
2008-02-18 22:49 40,830,464 ----a-w C:\WINDOWS\New_New_Background.scr
2008-02-18 22:38 41,887,232 ----a-w C:\WINDOWS\New_Background2.scr
2008-02-15 21:33 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\muvee Technologies
2008-02-15 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-02-15 17:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-12 13:29 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-12 06:40 --------- d-----w C:\Program Files\Voyage Century Online
2008-02-12 05:38 --------- d-----w C:\Program Files\Dudez
2008-02-08 22:56 --------- d-----w C:\Documents and Settings\mela\Application Data\yahoo!
2008-01-31 08:41 39,424 ----a-w C:\WINDOWS\zipinst.exe
2008-01-08 19:59 13,195 ----a-w C:\Documents and Settings\toady.MOMMIES\zguicfgw.dat
2007-12-07 11:56 0 -c--a-w C:\Documents and Settings\toady.MOMMIES\Application Data\wklnhst.dat
2007-11-14 04:19 1,740 ----a-w C:\Documents and Settings\toady.MOMMIES\HISCORES.DAT
2007-10-11 17:56 87,608 ----a-w C:\Documents and Settings\toady.MOMMIES\Application Data\inst.exe
2007-10-11 17:56 47,360 ----a-w C:\Documents and Settings\toady.MOMMIES\Application Data\pcouffin.sys
2007-09-13 04:23 1 -c--a-w C:\Documents and Settings\toady.MOMMIES\SI.bin
2006-12-17 04:58 52,104 -c--a-w C:\Documents and Settings\NetworkService\Application Data\GDIPFONTCACHEV1.DAT
2006-10-08 17:49 416 -c--a-w C:\Documents and Settings\NetworkService\Application Data\wklnhst.dat
2006-09-26 03:28 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-09-19 18:12 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007082720070903\index.dat
2007-09-19 18:12 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007091920070920\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6773025-0C71-4EA7-8E61-B47570416EC2}]
C:\WINDOWS\system32\pmnnn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [ ]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2007-01-30 00:39 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 00:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 10:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 11:03 114688]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 23:35 49152]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 22:34 245760]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-01 21:49 98304]
"EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [2005-02-07 12:00 98304]
"Computer Alarm Clock"="" []
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 16:40 213936]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]

C:\Documents and Settings\toady.MOMMIES\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2007-09-02 20:36:07 256000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-23 23:34:58 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-02 18:47:56 124400]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 06:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmmjk]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyyWqn]
xxyyyWqn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=40.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Prayer Times.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Prayer Times.lnk
backup=C:\WINDOWS\pss\Prayer Times.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^toady.MOMMIES^Start Menu^Programs^Startup^BHODemon 2.0.lnk]
path=C:\Documents and Settings\toady.MOMMIES\Start Menu\Programs\Startup\BHODemon 2.0.lnk
backup=C:\WINDOWS\pss\BHODemon 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 3"=2 (0x2)
"iPodService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Program Files\\ASAP Games\\Pearl Harbor - Zero Hour\\PHarbor.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\ROBLOX Corporation\\ROBLOX\\Roblox.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\GameTap\\bin\\Release\\gametap.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\NETAMIN\\Real Baseball\\patcher\\fc.exe"=
"C:\\Program Files\\NETAMIN\\Real Baseball\\game\\RealBaseball.exe"=

R2 X4HSX32;X4HSX32;C:\Program Files\GameTap\bin\Release\X4HSX32.Sys [2008-03-07 07:18]
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\NETAMIN\Real Baseball\game\GameGuard\dump_wmimmc.sys []
S3 ProtoWall;ProtoWall Network Service;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys []
S3 XDva028;XDva028;C:\WINDOWS\system32\XDva028.sys []
S3 XDva034;XDva034;C:\WINDOWS\system32\XDva034.sys []
S3 XDva039;XDva039;C:\WINDOWS\system32\XDva039.sys []
S3 XDva041;XDva041;C:\WINDOWS\system32\XDva041.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2282b3e-609d-11dc-8b7d-0013d459d7db}]
\Shell\AutoRun\command - setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-03 18:00:00 C:\WINDOWS\Tasks\A3C77AEA9108F202.job"
- c:\docume~1\toady\applic~1\admint~1\sitejunkextra.exe
"2008-03-23 05:26:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 11:40:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-03 11:42:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-03 18:42:17
Pre-Run: 111,589,920,768 bytes free
Post-Run: 119,096,737,792 bytes free
.
2008-03-12 10:03:27 --- E O F ---

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:47 AM

Posted 03 April 2008 - 02:04 PM

Please download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
  • Double-click NoLop.exe to run it.
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, click OK.
  • Now click the "REBOOT" button.
  • A message should popup from NoLop. If not, double-click the program again and it will finish. Please post the contents of C:\NoLop.log in your next reply.. :thumbsup:
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

-----

Then, please open notepad and copy/paste the text in the quotebox into it

File::
C:\WINDOWS\system32\ljhxndon.ini
C:\WINDOWS\system32\grwinsthlp.exe
C:\WINDOWS\system32\pmnnn.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6773025-0C71-4EA7-8E61-B47570416EC2}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmmjk]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyyWqn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""


Save it as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

-------

Finally......

Please download Malwarebytes' Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please copy and paste the entire report in your next reply. :blink:
Extra note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Hi there, stranger!

#5 phalanx13

phalanx13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 04 April 2008 - 01:27 AM

ok this is my nolop

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\toady.MOMMIES\Desktop
[4/3/2008]
[11:03:57 PM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A3C77AEA9108F202.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Apple Computer
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Intuit
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Real
C:\Documents and Settings\Administrator\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Aol -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Armagetron -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Boonty
C:\Documents and Settings\All Users\Application Data\Flexnet
C:\Documents and Settings\All Users\Application Data\Gametap
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Google Updater
C:\Documents and Settings\All Users\Application Data\Hewlett-packard
C:\Documents and Settings\All Users\Application Data\Hp
C:\Documents and Settings\All Users\Application Data\Ijjigame
C:\Documents and Settings\All Users\Application Data\Individual Software
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Intuit
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\Mcafee.com
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Msn Messenger 6.2.0106
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Muvee Technologies
C:\Documents and Settings\All Users\Application Data\Napster
C:\Documents and Settings\All Users\Application Data\Nero
C:\Documents and Settings\All Users\Application Data\Playfirst -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Roblox
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Sonic
C:\Documents and Settings\All Users\Application Data\Sophos
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Vsosdk
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Winzip -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\Application Data\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Apple Computer
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Intuit
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Real
C:\Documents and Settings\Default User\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Guest\Application Data\Apple Computer
C:\Documents and Settings\Guest\Application Data\Hp
C:\Documents and Settings\Guest\Application Data\Identities
C:\Documents and Settings\Guest\Application Data\Intuit
C:\Documents and Settings\Guest\Application Data\Microsoft
C:\Documents and Settings\Guest\Application Data\Real
C:\Documents and Settings\Guest\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Guest\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Hana\Application Data\Apple Computer
C:\Documents and Settings\Hana\Application Data\Hp
C:\Documents and Settings\Hana\Application Data\Identities
C:\Documents and Settings\Hana\Application Data\Intervideo
C:\Documents and Settings\Hana\Application Data\Intuit
C:\Documents and Settings\Hana\Application Data\Macromedia
C:\Documents and Settings\Hana\Application Data\Microsoft
C:\Documents and Settings\Hana\Application Data\Mozilla -- EMPTY Directory
C:\Documents and Settings\Hana\Application Data\Myspace
C:\Documents and Settings\Hana\Application Data\Real
C:\Documents and Settings\Hana\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Hana\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Hana\Application Data\Talkback
C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Xfire -- EMPTY Directory
C:\Documents and Settings\Mela\Application Data\Adobe
C:\Documents and Settings\Mela\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Mela\Application Data\Apple Computer
C:\Documents and Settings\Mela\Application Data\Identities
C:\Documents and Settings\Mela\Application Data\Intuit
C:\Documents and Settings\Mela\Application Data\Macromedia
C:\Documents and Settings\Mela\Application Data\Microsoft
C:\Documents and Settings\Mela\Application Data\Mozilla -- EMPTY Directory
C:\Documents and Settings\Mela\Application Data\Nero
C:\Documents and Settings\Mela\Application Data\Opera
C:\Documents and Settings\Mela\Application Data\Real
C:\Documents and Settings\Mela\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Mela\Application Data\Sun
C:\Documents and Settings\Mela\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Mela\Application Data\Talkback
C:\Documents and Settings\Mela\Application Data\Yahoo!
C:\Documents and Settings\Networkservice\Application Data\Adobe
C:\Documents and Settings\Networkservice\Application Data\Adobeum
C:\Documents and Settings\Networkservice\Application Data\Apple Computer
C:\Documents and Settings\Networkservice\Application Data\Atari
C:\Documents and Settings\Networkservice\Application Data\Bearshare
C:\Documents and Settings\Networkservice\Application Data\Bittorrent
C:\Documents and Settings\Networkservice\Application Data\Command & Conquer 3 Tiberium Wars Demo
C:\Documents and Settings\Networkservice\Application Data\Firaxis Games
C:\Documents and Settings\Networkservice\Application Data\Funkitron
C:\Documents and Settings\Networkservice\Application Data\Google
C:\Documents and Settings\Networkservice\Application Data\Hangame
C:\Documents and Settings\Networkservice\Application Data\Help
C:\Documents and Settings\Networkservice\Application Data\Hp
C:\Documents and Settings\Networkservice\Application Data\Hpq
C:\Documents and Settings\Networkservice\Application Data\Identities
C:\Documents and Settings\Networkservice\Application Data\Iespell
C:\Documents and Settings\Networkservice\Application Data\Ijjigame
C:\Documents and Settings\Networkservice\Application Data\Imvu
C:\Documents and Settings\Networkservice\Application Data\Installshield
C:\Documents and Settings\Networkservice\Application Data\Intervideo
C:\Documents and Settings\Networkservice\Application Data\Intuit
C:\Documents and Settings\Networkservice\Application Data\Lavasoft
C:\Documents and Settings\Networkservice\Application Data\Leadertech
C:\Documents and Settings\Networkservice\Application Data\Macromedia
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft Games
C:\Documents and Settings\Networkservice\Application Data\Mozilla
C:\Documents and Settings\Networkservice\Application Data\Msn6
C:\Documents and Settings\Networkservice\Application Data\Msninstaller
C:\Documents and Settings\Networkservice\Application Data\Muvee Technologies
C:\Documents and Settings\Networkservice\Application Data\Mx
C:\Documents and Settings\Networkservice\Application Data\My Games
C:\Documents and Settings\Networkservice\Application Data\Myspace
C:\Documents and Settings\Networkservice\Application Data\Opera
C:\Documents and Settings\Networkservice\Application Data\Playfirst
C:\Documents and Settings\Networkservice\Application Data\Raptisoft
C:\Documents and Settings\Networkservice\Application Data\Real
C:\Documents and Settings\Networkservice\Application Data\Roxio
C:\Documents and Settings\Networkservice\Application Data\Sampleview
C:\Documents and Settings\Networkservice\Application Data\Securom
C:\Documents and Settings\Networkservice\Application Data\Sierra
C:\Documents and Settings\Networkservice\Application Data\Sonic
C:\Documents and Settings\Networkservice\Application Data\Sun
C:\Documents and Settings\Networkservice\Application Data\Symantec
C:\Documents and Settings\Networkservice\Application Data\System Requirements Lab
C:\Documents and Settings\Networkservice\Application Data\Systemrequirementslab
C:\Documents and Settings\Networkservice\Application Data\Talkback
C:\Documents and Settings\Networkservice\Application Data\Template
C:\Documents and Settings\Networkservice\Application Data\Ubi.com
C:\Documents and Settings\Networkservice\Application Data\Ventrilo
C:\Documents and Settings\Networkservice\Application Data\Vlc
C:\Documents and Settings\Networkservice\Application Data\Winrar
C:\Documents and Settings\Networkservice\Application Data\Xfire
C:\Documents and Settings\Networkservice\Application Data\Xfire Plus
C:\Documents and Settings\Networkservice\Application Data\Xnview
C:\Documents and Settings\Networkservice\Application Data\Yahoo!
C:\Documents and Settings\Networkservice\Application Data\Zangotoolbar
C:\Documents and Settings\Toady.mommies\Application Data\Adobe
C:\Documents and Settings\Toady.mommies\Application Data\Adobeum
C:\Documents and Settings\Toady.mommies\Application Data\Apple Computer
C:\Documents and Settings\Toady.mommies\Application Data\Armagetron
C:\Documents and Settings\Toady.mommies\Application Data\Atari
C:\Documents and Settings\Toady.mommies\Application Data\Crystalapp -- EMPTY Directory
C:\Documents and Settings\Toady.mommies\Application Data\Crystalspace -- EMPTY Directory
C:\Documents and Settings\Toady.mommies\Application Data\Dvdcss
C:\Documents and Settings\Toady.mommies\Application Data\Getrighttogo
C:\Documents and Settings\Toady.mommies\Application Data\Google
C:\Documents and Settings\Toady.mommies\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Toady.mommies\Application Data\Hpq
C:\Documents and Settings\Toady.mommies\Application Data\Identities
C:\Documents and Settings\Toady.mommies\Application Data\Ijjigame
C:\Documents and Settings\Toady.mommies\Application Data\Installshield
C:\Documents and Settings\Toady.mommies\Application Data\Intervideo
C:\Documents and Settings\Toady.mommies\Application Data\Intuit
C:\Documents and Settings\Toady.mommies\Application Data\Leadertech
C:\Documents and Settings\Toady.mommies\Application Data\Limewire
C:\Documents and Settings\Toady.mommies\Application Data\Macromedia
C:\Documents and Settings\Toady.mommies\Application Data\Microsoft
C:\Documents and Settings\Toady.mommies\Application Data\Mozilla
C:\Documents and Settings\Toady.mommies\Application Data\Nero
C:\Documents and Settings\Toady.mommies\Application Data\Nhn Corporation
C:\Documents and Settings\Toady.mommies\Application Data\Opera
C:\Documents and Settings\Toady.mommies\Application Data\Real
C:\Documents and Settings\Toady.mommies\Application Data\Roblox
C:\Documents and Settings\Toady.mommies\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Toady.mommies\Application Data\Securom
C:\Documents and Settings\Toady.mommies\Application Data\Sierra
C:\Documents and Settings\Toady.mommies\Application Data\Sonic
C:\Documents and Settings\Toady.mommies\Application Data\Sun
C:\Documents and Settings\Toady.mommies\Application Data\Swf To Screensaver Scout
C:\Documents and Settings\Toady.mommies\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Toady.mommies\Application Data\Systemrequirementslab
C:\Documents and Settings\Toady.mommies\Application Data\Talkback
C:\Documents and Settings\Toady.mommies\Application Data\Teamspeak2
C:\Documents and Settings\Toady.mommies\Application Data\Uniblue
C:\Documents and Settings\Toady.mommies\Application Data\Utorrent
C:\Documents and Settings\Toady.mommies\Application Data\Ventrilo
C:\Documents and Settings\Toady.mommies\Application Data\Vlc
C:\Documents and Settings\Toady.mommies\Application Data\Vso
C:\Documents and Settings\Toady.mommies\Application Data\Winbatch
C:\Documents and Settings\Toady.mommies\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Toady.mommies\Application Data\Xfire
C:\Documents and Settings\Toady.mommies\Application Data\Yahoo!


this im my Combofix log

ComboFix 08-04-03.3 - toady 2008-04-03 23:11:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.226 [GMT -7:00]
Running from: C:\Documents and Settings\toady.MOMMIES\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\toady.MOMMIES\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\grwinsthlp.exe
C:\WINDOWS\system32\ljhxndon.ini
C:\WINDOWS\system32\pmnnn.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\toady.MOMMIES\Application Data\inst.exe
C:\WINDOWS\b.exe
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\grwinsthlp.exe
C:\WINDOWS\system32\ljhxndon.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-03 23:05 . 2008-04-03 23:07 <DIR> d-------- C:\NoLopBackups
2008-04-02 18:47 . 2008-04-03 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-31 21:59 . 2008-03-31 21:59 <DIR> d-------- C:\Program Files\THQ
2008-03-31 21:30 . 2008-03-31 21:30 <DIR> d-------- C:\Program Files\Dawn of War
2008-03-31 18:26 . 2008-04-01 02:48 <DIR> d-------- C:\Program Files\Buka
2008-03-27 21:01 . 2008-03-27 21:01 <DIR> d-------- C:\Documents and Settings\toady.MOMMIES\Application Data\InterVideo
2008-03-27 16:33 . 2008-03-27 16:34 <DIR> d-------- C:\WINDOWS\.silabclient_store_32
2008-03-27 13:00 . 2008-03-27 13:20 <DIR> d-------- C:\WINDOWS\.nos_store_32
2008-03-26 20:39 . 2008-03-31 17:17 <DIR> d-------- C:\Program Files\Activision
2008-03-26 09:16 . 2008-03-26 09:16 <DIR> d-------- C:\Program Files\P2PCleaner
2008-03-25 21:49 . 2008-03-25 21:49 <DIR> d-------- C:\Program Files\NETAMIN
2008-03-22 21:08 . 2008-03-22 21:08 85,672 --a------ C:\Documents and Settings\toady.MOMMIES\Application Data\GDIPFONTCACHEV1.DAT
2008-03-22 00:03 . 2008-03-22 00:03 0 --a------ C:\WINDOWS\DarkStone.INI
2008-03-18 19:35 . 2008-03-18 19:35 <DIR> d-------- C:\Program Files\GameTap
2008-03-18 19:35 . 2008-03-18 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameTap
2008-03-18 18:39 . 2008-03-18 18:39 <DIR> d-------- C:\Program Files\Riva
2008-03-18 17:37 . 1997-05-15 19:12 58,920 --a------ C:\Oldengl.TTF
2008-03-18 17:36 . 1997-02-04 12:42 44,464 --a------ C:\NECRON_XENOTRON.TTF
2008-03-18 17:36 . 1995-04-25 08:23 43,500 --a------ C:\IM______.TTF
2008-03-18 17:36 . 1995-04-26 09:51 35,708 --a------ C:\CHSR____.TTF
2008-03-18 17:36 . 1995-04-26 09:37 32,220 --a------ C:\MARINES_.TTF
2008-03-18 17:36 . 1995-04-25 08:31 26,196 --a------ C:\ELR_____.TTF
2008-03-18 17:36 . 1995-04-25 08:19 21,056 --a------ C:\ORKY-1__.TTF
2008-03-13 16:06 . 2008-03-13 16:06 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-12 03:03 . 2008-03-12 03:03 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-10 18:03 . 2008-03-13 17:44 169 --a------ C:\UnInstall.dat
2008-03-07 02:39 . 2008-03-07 02:39 835,883 --a------ C:\WINDOWS\system32\ork_blast1280.scr
2008-03-06 08:28 . 2008-03-06 08:30 <DIR> d-------- C:\Documents and Settings\toady.MOMMIES\Application Data\SWF To Screensaver Scout
2008-03-06 08:27 . 2008-03-06 08:30 <DIR> d-------- C:\Program Files\SWF To Screensaver Scout
2008-03-06 08:27 . 2007-09-17 16:09 688,024 --a------ C:\WINDOWS\system32\SWFToImage.dll
2008-03-06 08:23 . 2008-03-06 08:23 <DIR> d-------- C:\FkeySMTP
2008-03-06 08:15 . 2008-03-06 08:15 1,496 --a------ C:\WINDOWS\Warhammer 40k.sms
2008-03-06 08:10 . 2008-03-06 08:11 <DIR> d-------- C:\Documents and Settings\toady.MOMMIES\Application Data\GetRightToGo
2008-03-05 18:02 . 2008-03-18 18:28 <DIR> d-------- C:\Documents and Settings\toady.MOMMIES\dwhelper
2008-03-05 11:23 . 2008-03-05 11:23 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-05 11:10 . 2008-03-05 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 06:14 --------- d-----w C:\Program Files\PeerGuardian2
2008-04-03 18:44 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\Xfire
2008-04-03 01:48 --------- d-----w C:\Program Files\Google
2008-04-02 23:12 --------- d-----w C:\Program Files\Opera
2008-04-02 20:46 --------- d-----w C:\Program Files\World of Warcraft
2008-04-02 05:45 --------- d-----w C:\Program Files\BHODemon 2
2008-04-01 09:39 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\uTorrent
2008-04-01 04:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-25 13:35 --------- d-----w C:\Program Files\America's Army
2008-03-25 02:22 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-25 02:22 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-22 02:56 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-21 04:52 --------- d-s---w C:\Program Files\Xfire
2008-03-20 05:57 --------- d-----w C:\Program Files\Total War
2008-03-19 04:00 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\LimeWire
2008-03-12 18:24 --------- d-----w C:\Program Files\Growler Guncam
2008-03-12 18:18 --------- d-----w C:\Program Files\Common Files\GC Install
2008-03-11 18:58 --------- d-----w C:\Program Files\EA GAMES
2008-03-06 15:06 --------- d-----w C:\Program Files\Real
2008-03-06 15:06 --------- d-----w C:\Program Files\Common Files\Real
2008-03-06 15:04 --------- d-----w C:\Program Files\Microsoft Games
2008-03-06 14:59 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-03-06 13:39 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\Sierra
2008-03-05 18:42 --------- d--h--w C:\Documents and Settings\toady.MOMMIES\Application Data\ijjigame
2008-03-01 21:12 921,632 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-01 20:52 5,920 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-01 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-01 11:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 10:55 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-01 10:55 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-01 10:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-29 14:07 --------- d-----w C:\Program Files\Shareaza
2008-02-29 08:14 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\dvdcss
2008-02-28 08:22 --------- d-----w C:\Program Files\Opera2
2008-02-27 04:49 729,088 -c--a-w C:\WINDOWS\iun6002.exe
2008-02-19 22:51 --------- d-----w C:\Program Files\DriftCity
2008-02-19 00:57 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\vlc
2008-02-18 22:55 19,256,320 ----a-w C:\WINDOWS\New_Background.scr
2008-02-18 22:49 40,830,464 ----a-w C:\WINDOWS\New_New_Background.scr
2008-02-18 22:38 41,887,232 ----a-w C:\WINDOWS\New_Background2.scr
2008-02-15 21:33 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\muvee Technologies
2008-02-15 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-02-15 17:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-14 18:46 91,200 ----a-w C:\WINDOWS\system32\ueofwrqk.dll
2008-02-13 18:43 98,368 ----a-w C:\WINDOWS\system32\qsialeiq.dll
2008-02-12 18:42 93,248 ----a-w C:\WINDOWS\system32\wcaxehop.dll
2008-02-12 13:29 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-12 06:40 --------- d-----w C:\Program Files\Voyage Century Online
2008-02-12 05:38 --------- d-----w C:\Program Files\Dudez
2008-02-11 18:42 93,248 ----a-w C:\WINDOWS\system32\ttmkcvgl.dll
2008-02-09 21:45 93,760 ----a-w C:\WINDOWS\system32\kyspexex.dll
2008-02-08 22:56 --------- d-----w C:\Documents and Settings\mela\Application Data\yahoo!
2008-02-08 05:56 95,808 ----a-w C:\WINDOWS\system32\gjfxqhcn.dll
2008-02-07 05:55 92,224 ----a-w C:\WINDOWS\system32\imxjwcxd.dll
2008-02-06 05:54 94,272 ----a-w C:\WINDOWS\system32\mxmpimuu.dll
2008-02-05 05:54 93,248 ----a-w C:\WINDOWS\system32\ajjnwslh.dll
2008-01-31 08:41 39,424 ----a-w C:\WINDOWS\zipinst.exe
2008-01-29 00:26 42,003 ----a-w C:\WINDOWS\system32\mxglvguk.dll
2008-01-28 00:23 42,003 ----a-w C:\WINDOWS\system32\chnclemk.dll
2008-01-27 23:23 42,003 ----a-w C:\WINDOWS\system32\gyiquhtt.dll
2008-01-27 23:21 42,003 ----a-w C:\WINDOWS\system32\arnmjgks.dll
2008-01-27 22:20 42,003 ----a-w C:\WINDOWS\system32\ffiyxllm.dll
2008-01-27 21:20 42,003 ----a-w C:\WINDOWS\system32\bfhxwtsk.dll
2008-01-27 21:17 42,003 ----a-w C:\WINDOWS\system32\mfjuyhcs.dll
2008-01-27 20:17 42,003 ----a-w C:\WINDOWS\system32\arndntgp.dll
2008-01-27 19:17 42,003 ----a-w C:\WINDOWS\system32\hdgnaqui.dll
2008-01-27 19:14 42,003 ----a-w C:\WINDOWS\system32\mltkyvam.dll
2008-01-27 18:14 42,003 ----a-w C:\WINDOWS\system32\ykoeanjl.dll
2008-01-27 17:14 42,003 ----a-w C:\WINDOWS\system32\gtkkrpha.dll
2008-01-27 17:11 42,003 ----a-w C:\WINDOWS\system32\kvyhginv.dll
2008-01-27 16:11 42,003 ----a-w C:\WINDOWS\system32\gtlnxufx.dll
2008-01-27 15:11 42,003 ----a-w C:\WINDOWS\system32\vmxwhahg.dll
2008-01-27 15:08 42,003 ----a-w C:\WINDOWS\system32\abrnnujl.dll
2008-01-27 14:08 42,003 ----a-w C:\WINDOWS\system32\gddbgdvs.dll
2008-01-27 13:06 42,003 ----a-w C:\WINDOWS\system32\fsiismnh.dll
2008-01-27 12:05 42,003 ----a-w C:\WINDOWS\system32\qglvupwy.dll
2008-01-27 11:03 42,003 ----a-w C:\WINDOWS\system32\lgdslqmg.dll
2008-01-27 10:02 42,003 ----a-w C:\WINDOWS\system32\xymtauaj.dll
2008-01-27 08:59 42,003 ----a-w C:\WINDOWS\system32\mybdpodv.dll
2008-01-27 07:59 42,003 ----a-w C:\WINDOWS\system32\qxhsxjby.dll
2008-01-27 07:57 42,003 ----a-w C:\WINDOWS\system32\gyhlbvxr.dll
2008-01-27 06:56 42,003 ----a-w C:\WINDOWS\system32\ssmddted.dll
2008-01-27 05:56 42,003 ----a-w C:\WINDOWS\system32\srwrjfer.dll
2008-01-27 05:54 42,003 ----a-w C:\WINDOWS\system32\npktjavi.dll
2008-01-27 04:53 42,003 ----a-w C:\WINDOWS\system32\wxwlsovr.dll
2008-01-27 03:53 42,003 ----a-w C:\WINDOWS\system32\nrangufj.dll
2008-01-27 03:50 42,003 ----a-w C:\WINDOWS\system32\utktxfhu.dll
2008-01-27 02:50 42,003 ----a-w C:\WINDOWS\system32\vixxrpjp.dll
2008-01-27 01:50 42,003 ----a-w C:\WINDOWS\system32\fodgushh.dll
2008-01-27 01:47 42,003 ----a-w C:\WINDOWS\system32\oplswxjn.dll
2008-01-27 00:47 42,003 ----a-w C:\WINDOWS\system32\qbmemxjk.dll
2008-01-26 23:47 42,003 ----a-w C:\WINDOWS\system32\elfgofru.dll
2008-01-26 23:44 42,003 ----a-w C:\WINDOWS\system32\aocnysik.dll
2008-01-26 22:44 42,003 ----a-w C:\WINDOWS\system32\anwjhsks.dll
2008-01-26 21:44 42,003 ----a-w C:\WINDOWS\system32\wkfgbtpo.dll
2008-01-26 21:41 42,003 ----a-w C:\WINDOWS\system32\lnccnqro.dll
2008-01-26 20:41 42,003 ----a-w C:\WINDOWS\system32\budjhuuw.dll
2008-01-26 19:39 42,003 ----a-w C:\WINDOWS\system32\ytwjtmao.dll
2008-01-26 18:38 42,003 ----a-w C:\WINDOWS\system32\hteqrvgj.dll
2008-01-26 17:36 42,003 ----a-w C:\WINDOWS\system32\davnxmtj.dll
2007-09-19 18:12 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007082720070903\index.dat
2007-09-19 18:12 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007091920070920\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [ ]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2007-01-30 00:39 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 00:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 10:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 11:03 114688]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 23:35 49152]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 22:34 245760]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-01 21:49 98304]
"EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [2005-02-07 12:00 98304]
"Computer Alarm Clock"="" []
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 16:40 213936]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]

C:\Documents and Settings\toady.MOMMIES\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2007-09-02 20:36:07 256000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-23 23:34:58 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-02 18:47:56 124400]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 06:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Prayer Times.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Prayer Times.lnk
backup=C:\WINDOWS\pss\Prayer Times.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^toady.MOMMIES^Start Menu^Programs^Startup^BHODemon 2.0.lnk]
path=C:\Documents and Settings\toady.MOMMIES\Start Menu\Programs\Startup\BHODemon 2.0.lnk
backup=C:\WINDOWS\pss\BHODemon 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 3"=2 (0x2)
"iPodService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Program Files\\ASAP Games\\Pearl Harbor - Zero Hour\\PHarbor.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\ROBLOX Corporation\\ROBLOX\\Roblox.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\GameTap\\bin\\Release\\gametap.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\NETAMIN\\Real Baseball\\patcher\\fc.exe"=
"C:\\Program Files\\NETAMIN\\Real Baseball\\game\\RealBaseball.exe"=

R2 X4HSX32;X4HSX32;C:\Program Files\GameTap\bin\Release\X4HSX32.Sys [2008-03-07 07:18]
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\NETAMIN\Real Baseball\game\GameGuard\dump_wmimmc.sys []
S3 ProtoWall;ProtoWall Network Service;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys []
S3 XDva028;XDva028;C:\WINDOWS\system32\XDva028.sys []
S3 XDva034;XDva034;C:\WINDOWS\system32\XDva034.sys []
S3 XDva039;XDva039;C:\WINDOWS\system32\XDva039.sys []
S3 XDva041;XDva041;C:\WINDOWS\system32\XDva041.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2282b3e-609d-11dc-8b7d-0013d459d7db}]
\Shell\AutoRun\command - setupSNK.exe

*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-03-23 05:26:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 23:14:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-03 23:15:10
ComboFix-quarantined-files.txt 2008-04-04 06:15:01
ComboFix2.txt 2008-04-03 18:42:22
Pre-Run: 118,889,230,336 bytes free
Post-Run: 118,874,882,048 bytes free
.
2008-03-12 10:03:27 --- E O F ---


this is my Malwarebytes log

Malwarebytes' Anti-Malware 1.10
Database version: 589

Scan type: Quick Scan
Objects scanned: 39896
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\dnscache.dnscacheobj (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dnscache.dnscacheobj.1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:47 AM

Posted 04 April 2008 - 04:57 AM

Let's continue :thumbsup:

Please open notepad and copy/paste the text in the quotebox into it

File::
C:\WINDOWS\system32\ueofwrqk.dll
C:\WINDOWS\system32\qsialeiq.dll
C:\WINDOWS\system32\wcaxehop.dll
C:\WINDOWS\system32\ttmkcvgl.dll
C:\WINDOWS\system32\kyspexex.dll
C:\WINDOWS\system32\gjfxqhcn.dll
C:\WINDOWS\system32\imxjwcxd.dll
C:\WINDOWS\system32\mxmpimuu.dll
C:\WINDOWS\system32\ajjnwslh.dll
C:\WINDOWS\system32\mxglvguk.dll
C:\WINDOWS\system32\chnclemk.dll
C:\WINDOWS\system32\gyiquhtt.dll
C:\WINDOWS\system32\arnmjgks.dll
C:\WINDOWS\system32\ffiyxllm.dll
C:\WINDOWS\system32\bfhxwtsk.dll
C:\WINDOWS\system32\mfjuyhcs.dll
C:\WINDOWS\system32\arndntgp.dll
C:\WINDOWS\system32\hdgnaqui.dll
C:\WINDOWS\system32\mltkyvam.dll
C:\WINDOWS\system32\ykoeanjl.dll
C:\WINDOWS\system32\gtkkrpha.dll
C:\WINDOWS\system32\kvyhginv.dll
C:\WINDOWS\system32\gtlnxufx.dll
C:\WINDOWS\system32\vmxwhahg.dll
C:\WINDOWS\system32\abrnnujl.dll
C:\WINDOWS\system32\gddbgdvs.dll
C:\WINDOWS\system32\fsiismnh.dll
C:\WINDOWS\system32\qglvupwy.dll
C:\WINDOWS\system32\lgdslqmg.dll
C:\WINDOWS\system32\xymtauaj.dll
C:\WINDOWS\system32\mybdpodv.dll
C:\WINDOWS\system32\qxhsxjby.dll
C:\WINDOWS\system32\gyhlbvxr.dll
C:\WINDOWS\system32\ssmddted.dll
C:\WINDOWS\system32\srwrjfer.dll
C:\WINDOWS\system32\npktjavi.dll
C:\WINDOWS\system32\wxwlsovr.dll
C:\WINDOWS\system32\nrangufj.dll
C:\WINDOWS\system32\utktxfhu.dll
C:\WINDOWS\system32\vixxrpjp.dll
C:\WINDOWS\system32\fodgushh.dll
C:\WINDOWS\system32\oplswxjn.dll
C:\WINDOWS\system32\qbmemxjk.dll
C:\WINDOWS\system32\elfgofru.dll
C:\WINDOWS\system32\aocnysik.dll
C:\WINDOWS\system32\anwjhsks.dll
C:\WINDOWS\system32\wkfgbtpo.dll
C:\WINDOWS\system32\lnccnqro.dll
C:\WINDOWS\system32\budjhuuw.dll
C:\WINDOWS\system32\ytwjtmao.dll
C:\WINDOWS\system32\hteqrvgj.dll
C:\WINDOWS\system32\davnxmtj.dll


Save it as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Then please do the following....

Click on Start -> Run and type in:

devmgmt.msc

Click OK.

Device manager will open. Click on View -> Show Hidden Devices.

Now, scroll down the list up to Non Plug and Play Drivers

Search for the following driver:

XDva041

Right-click, choose Properties and please give me any and all manufacturer etc info on it what the properties say.
Hi there, stranger!

#7 phalanx13

phalanx13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 05 April 2008 - 03:21 AM

XDva041 information
Manufaturer: Unkown
Status: Stoped
Type: Demand


Here is my log

ComboFix 08-04-03.3 - toady 2008-04-05 1:14:52.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.226 [GMT -7:00]
Running from: C:\Documents and Settings\toady.MOMMIES\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\toady.MOMMIES\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.

2008-04-03 23:17 . 2008-04-03 23:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-03 23:17 . 2008-04-03 23:17 <DIR> d-------- C:\Documents and Settings\toady.MOMMIES\Application Data\Malwarebytes
2008-04-03 23:17 . 2008-04-03 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-03 23:05 . 2008-04-03 23:07 <DIR> d-------- C:\NoLopBackups
2008-04-02 18:47 . 2008-04-04 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-31 21:59 . 2008-03-31 21:59 <DIR> d-------- C:\Program Files\THQ
2008-03-31 21:30 . 2008-03-31 21:30 <DIR> d-------- C:\Program Files\Dawn of War
2008-03-31 18:26 . 2008-04-01 02:48 <DIR> d-------- C:\Program Files\Buka
2008-03-27 21:01 . 2008-03-27 21:01 <DIR> d-------- C:\Documents and Settings\toady.MOMMIES\Application Data\InterVideo
2008-03-27 16:33 . 2008-03-27 16:34 <DIR> d-------- C:\WINDOWS\.silabclient_store_32
2008-03-27 13:00 . 2008-03-27 13:20 <DIR> d-------- C:\WINDOWS\.nos_store_32
2008-03-26 20:39 . 2008-03-31 17:17 <DIR> d-------- C:\Program Files\Activision
2008-03-26 09:16 . 2008-03-26 09:16 <DIR> d-------- C:\Program Files\P2PCleaner
2008-03-25 21:49 . 2008-03-25 21:49 <DIR> d-------- C:\Program Files\NETAMIN
2008-03-22 21:08 . 2008-03-22 21:08 85,672 --a------ C:\Documents and Settings\toady.MOMMIES\Application Data\GDIPFONTCACHEV1.DAT
2008-03-22 00:03 . 2008-03-22 00:03 0 --a------ C:\WINDOWS\DarkStone.INI
2008-03-18 19:35 . 2008-03-18 19:35 <DIR> d-------- C:\Program Files\GameTap
2008-03-18 19:35 . 2008-03-18 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameTap
2008-03-18 18:39 . 2008-03-18 18:39 <DIR> d-------- C:\Program Files\Riva
2008-03-18 17:37 . 1997-05-15 19:12 58,920 --a------ C:\Oldengl.TTF
2008-03-18 17:36 . 1997-02-04 12:42 44,464 --a------ C:\NECRON_XENOTRON.TTF
2008-03-18 17:36 . 1995-04-25 08:23 43,500 --a------ C:\IM______.TTF
2008-03-18 17:36 . 1995-04-26 09:51 35,708 --a------ C:\CHSR____.TTF
2008-03-18 17:36 . 1995-04-26 09:37 32,220 --a------ C:\MARINES_.TTF
2008-03-18 17:36 . 1995-04-25 08:31 26,196 --a------ C:\ELR_____.TTF
2008-03-18 17:36 . 1995-04-25 08:19 21,056 --a------ C:\ORKY-1__.TTF
2008-03-13 16:06 . 2008-03-13 16:06 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-12 03:03 . 2008-03-12 03:03 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-10 18:03 . 2008-03-13 17:44 169 --a------ C:\UnInstall.dat
2008-03-07 02:39 . 2008-03-07 02:39 835,883 --a------ C:\WINDOWS\system32\ork_blast1280.scr
2008-03-06 08:28 . 2008-03-06 08:30 <DIR> d-------- C:\Documents and Settings\toady.MOMMIES\Application Data\SWF To Screensaver Scout
2008-03-06 08:27 . 2008-03-06 08:30 <DIR> d-------- C:\Program Files\SWF To Screensaver Scout
2008-03-06 08:27 . 2007-09-17 16:09 688,024 --a------ C:\WINDOWS\system32\SWFToImage.dll
2008-03-06 08:23 . 2008-03-06 08:23 <DIR> d-------- C:\FkeySMTP
2008-03-06 08:15 . 2008-03-06 08:15 1,496 --a------ C:\WINDOWS\Warhammer 40k.sms
2008-03-06 08:10 . 2008-03-06 08:11 <DIR> d-------- C:\Documents and Settings\toady.MOMMIES\Application Data\GetRightToGo
2008-03-05 18:02 . 2008-03-18 18:28 <DIR> d-------- C:\Documents and Settings\toady.MOMMIES\dwhelper
2008-03-05 11:23 . 2008-03-05 11:23 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-05 11:10 . 2008-03-05 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 08:17 --------- d-----w C:\Program Files\PeerGuardian2
2008-04-05 04:37 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\LimeWire
2008-04-03 18:44 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\Xfire
2008-04-03 01:48 --------- d-----w C:\Program Files\Google
2008-04-02 23:12 --------- d-----w C:\Program Files\Opera
2008-04-02 20:46 --------- d-----w C:\Program Files\World of Warcraft
2008-04-02 05:45 --------- d-----w C:\Program Files\BHODemon 2
2008-04-01 09:39 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\uTorrent
2008-04-01 04:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-25 13:35 --------- d-----w C:\Program Files\America's Army
2008-03-25 02:22 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-25 02:22 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-22 02:56 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-21 04:52 --------- d-s---w C:\Program Files\Xfire
2008-03-20 05:57 --------- d-----w C:\Program Files\Total War
2008-03-12 18:24 --------- d-----w C:\Program Files\Growler Guncam
2008-03-12 18:18 --------- d-----w C:\Program Files\Common Files\GC Install
2008-03-11 18:58 --------- d-----w C:\Program Files\EA GAMES
2008-03-06 15:06 --------- d-----w C:\Program Files\Real
2008-03-06 15:06 --------- d-----w C:\Program Files\Common Files\Real
2008-03-06 15:04 --------- d-----w C:\Program Files\Microsoft Games
2008-03-06 14:59 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-03-06 13:39 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\Sierra
2008-03-05 18:42 --------- d--h--w C:\Documents and Settings\toady.MOMMIES\Application Data\ijjigame
2008-03-01 21:12 921,632 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-01 20:52 5,920 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-01 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-01 11:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 10:55 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-01 10:55 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-01 10:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-29 14:07 --------- d-----w C:\Program Files\Shareaza
2008-02-29 08:14 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\dvdcss
2008-02-28 08:22 --------- d-----w C:\Program Files\Opera2
2008-02-27 04:49 729,088 -c--a-w C:\WINDOWS\iun6002.exe
2008-02-19 22:51 --------- d-----w C:\Program Files\DriftCity
2008-02-19 00:57 --------- d-----w C:\Documents and Settings\toady.MOMMIES\Application Data\vlc
2008-02-18 22:55 19,256,320 ----a-w C:\WINDOWS\New_Background.scr
2008-02-18 22:49 40,830,464 ----a-w C:\WINDOWS\New_New_Background.scr
2008-02-18 22:38 41,887,232 ----a-w C:\WINDOWS\New_Background2.scr
2008-02-15 21:33 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\muvee Technologies
2008-02-15 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-02-15 17:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-14 18:46 91,200 ----a-w C:\WINDOWS\system32\ueofwrqk.dll
2008-02-13 18:43 98,368 ----a-w C:\WINDOWS\system32\qsialeiq.dll
2008-02-12 18:42 93,248 ----a-w C:\WINDOWS\system32\wcaxehop.dll
2008-02-12 13:29 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-12 06:40 --------- d-----w C:\Program Files\Voyage Century Online
2008-02-12 05:38 --------- d-----w C:\Program Files\Dudez
2008-02-11 18:42 93,248 ----a-w C:\WINDOWS\system32\ttmkcvgl.dll
2008-02-09 21:45 93,760 ----a-w C:\WINDOWS\system32\kyspexex.dll
2008-02-08 22:56 --------- d-----w C:\Documents and Settings\mela\Application Data\yahoo!
2008-02-08 05:56 95,808 ----a-w C:\WINDOWS\system32\gjfxqhcn.dll
2008-02-07 05:55 92,224 ----a-w C:\WINDOWS\system32\imxjwcxd.dll
2008-02-06 05:54 94,272 ----a-w C:\WINDOWS\system32\mxmpimuu.dll
2008-02-05 05:54 93,248 ----a-w C:\WINDOWS\system32\ajjnwslh.dll
2008-01-31 08:41 39,424 ----a-w C:\WINDOWS\zipinst.exe
2008-01-29 00:26 42,003 ----a-w C:\WINDOWS\system32\mxglvguk.dll
2008-01-28 00:23 42,003 ----a-w C:\WINDOWS\system32\chnclemk.dll
2008-01-27 23:23 42,003 ----a-w C:\WINDOWS\system32\gyiquhtt.dll
2008-01-27 23:21 42,003 ----a-w C:\WINDOWS\system32\arnmjgks.dll
2008-01-27 22:20 42,003 ----a-w C:\WINDOWS\system32\ffiyxllm.dll
2008-01-27 21:20 42,003 ----a-w C:\WINDOWS\system32\bfhxwtsk.dll
2008-01-27 21:17 42,003 ----a-w C:\WINDOWS\system32\mfjuyhcs.dll
2008-01-27 20:17 42,003 ----a-w C:\WINDOWS\system32\arndntgp.dll
2008-01-27 19:17 42,003 ----a-w C:\WINDOWS\system32\hdgnaqui.dll
2008-01-27 19:14 42,003 ----a-w C:\WINDOWS\system32\mltkyvam.dll
2008-01-27 18:14 42,003 ----a-w C:\WINDOWS\system32\ykoeanjl.dll
2008-01-27 17:14 42,003 ----a-w C:\WINDOWS\system32\gtkkrpha.dll
2008-01-27 17:11 42,003 ----a-w C:\WINDOWS\system32\kvyhginv.dll
2008-01-27 16:11 42,003 ----a-w C:\WINDOWS\system32\gtlnxufx.dll
2008-01-27 15:11 42,003 ----a-w C:\WINDOWS\system32\vmxwhahg.dll
2008-01-27 15:08 42,003 ----a-w C:\WINDOWS\system32\abrnnujl.dll
2008-01-27 14:08 42,003 ----a-w C:\WINDOWS\system32\gddbgdvs.dll
2008-01-27 13:06 42,003 ----a-w C:\WINDOWS\system32\fsiismnh.dll
2008-01-27 12:05 42,003 ----a-w C:\WINDOWS\system32\qglvupwy.dll
2008-01-27 11:03 42,003 ----a-w C:\WINDOWS\system32\lgdslqmg.dll
2008-01-27 10:02 42,003 ----a-w C:\WINDOWS\system32\xymtauaj.dll
2008-01-27 08:59 42,003 ----a-w C:\WINDOWS\system32\mybdpodv.dll
2008-01-27 07:59 42,003 ----a-w C:\WINDOWS\system32\qxhsxjby.dll
2008-01-27 07:57 42,003 ----a-w C:\WINDOWS\system32\gyhlbvxr.dll
2008-01-27 06:56 42,003 ----a-w C:\WINDOWS\system32\ssmddted.dll
2008-01-27 05:56 42,003 ----a-w C:\WINDOWS\system32\srwrjfer.dll
2008-01-27 05:54 42,003 ----a-w C:\WINDOWS\system32\npktjavi.dll
2008-01-27 04:53 42,003 ----a-w C:\WINDOWS\system32\wxwlsovr.dll
2008-01-27 03:53 42,003 ----a-w C:\WINDOWS\system32\nrangufj.dll
2008-01-27 03:50 42,003 ----a-w C:\WINDOWS\system32\utktxfhu.dll
2008-01-27 02:50 42,003 ----a-w C:\WINDOWS\system32\vixxrpjp.dll
2008-01-27 01:50 42,003 ----a-w C:\WINDOWS\system32\fodgushh.dll
2008-01-27 01:47 42,003 ----a-w C:\WINDOWS\system32\oplswxjn.dll
2008-01-27 00:47 42,003 ----a-w C:\WINDOWS\system32\qbmemxjk.dll
2008-01-26 23:47 42,003 ----a-w C:\WINDOWS\system32\elfgofru.dll
2008-01-26 23:44 42,003 ----a-w C:\WINDOWS\system32\aocnysik.dll
2008-01-26 22:44 42,003 ----a-w C:\WINDOWS\system32\anwjhsks.dll
2008-01-26 21:44 42,003 ----a-w C:\WINDOWS\system32\wkfgbtpo.dll
2008-01-26 21:41 42,003 ----a-w C:\WINDOWS\system32\lnccnqro.dll
2008-01-26 20:41 42,003 ----a-w C:\WINDOWS\system32\budjhuuw.dll
2008-01-26 19:39 42,003 ----a-w C:\WINDOWS\system32\ytwjtmao.dll
2008-01-26 18:38 42,003 ----a-w C:\WINDOWS\system32\hteqrvgj.dll
2008-01-26 17:36 42,003 ----a-w C:\WINDOWS\system32\davnxmtj.dll
2007-09-19 18:12 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007082720070903\index.dat
2007-09-19 18:12 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007091920070920\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [ ]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2007-01-30 00:39 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 00:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 10:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 11:03 114688]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 23:35 49152]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 22:34 245760]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-01 21:49 98304]
"EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [2005-02-07 12:00 98304]
"Computer Alarm Clock"="" []
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 16:40 213936]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]

C:\Documents and Settings\toady.MOMMIES\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2007-09-02 20:36:07 256000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-23 23:34:58 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-02 18:47:56 124400]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 06:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Prayer Times.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Prayer Times.lnk
backup=C:\WINDOWS\pss\Prayer Times.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^toady.MOMMIES^Start Menu^Programs^Startup^BHODemon 2.0.lnk]
path=C:\Documents and Settings\toady.MOMMIES\Start Menu\Programs\Startup\BHODemon 2.0.lnk
backup=C:\WINDOWS\pss\BHODemon 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 3"=2 (0x2)
"iPodService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Program Files\\ASAP Games\\Pearl Harbor - Zero Hour\\PHarbor.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\ROBLOX Corporation\\ROBLOX\\Roblox.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\GameTap\\bin\\Release\\gametap.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\NETAMIN\\Real Baseball\\patcher\\fc.exe"=
"C:\\Program Files\\NETAMIN\\Real Baseball\\game\\RealBaseball.exe"=

R2 X4HSX32;X4HSX32;C:\Program Files\GameTap\bin\Release\X4HSX32.Sys [2008-03-07 07:18]
S3 ProtoWall;ProtoWall Network Service;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys []
S3 XDva028;XDva028;C:\WINDOWS\system32\XDva028.sys []
S3 XDva034;XDva034;C:\WINDOWS\system32\XDva034.sys []
S3 XDva039;XDva039;C:\WINDOWS\system32\XDva039.sys []
S3 XDva041;XDva041;C:\WINDOWS\system32\XDva041.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2282b3e-609d-11dc-8b7d-0013d459d7db}]
\Shell\AutoRun\command - setupSNK.exe

*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-03-23 05:26:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 01:17:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-05 1:18:30
ComboFix-quarantined-files.txt 2008-04-05 08:18:21
ComboFix2.txt 2008-04-05 00:39:46
ComboFix3.txt 2008-04-03 18:42:22
Pre-Run: 118,615,150,592 bytes free
Post-Run: 118,603,071,488 bytes free
.
2008-03-12 10:03:27 --- E O F ---

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:47 AM

Posted 05 April 2008 - 06:40 AM

Okay, let's try this instead. :blink:

Please download VundoFix.exe to your desktop..
  • Open a new notepad window.
  • Paste the list of files from the quotebox below into the notepad window (only the filepaths..).

    C:\WINDOWS\system32\ueofwrqk.dll
    C:\WINDOWS\system32\qsialeiq.dll
    C:\WINDOWS\system32\wcaxehop.dll
    C:\WINDOWS\system32\ttmkcvgl.dll
    C:\WINDOWS\system32\kyspexex.dll
    C:\WINDOWS\system32\gjfxqhcn.dll
    C:\WINDOWS\system32\imxjwcxd.dll
    C:\WINDOWS\system32\mxmpimuu.dll
    C:\WINDOWS\system32\ajjnwslh.dll
    C:\WINDOWS\system32\mxglvguk.dll
    C:\WINDOWS\system32\chnclemk.dll
    C:\WINDOWS\system32\gyiquhtt.dll
    C:\WINDOWS\system32\arnmjgks.dll
    C:\WINDOWS\system32\ffiyxllm.dll
    C:\WINDOWS\system32\bfhxwtsk.dll
    C:\WINDOWS\system32\mfjuyhcs.dll
    C:\WINDOWS\system32\arndntgp.dll
    C:\WINDOWS\system32\hdgnaqui.dll
    C:\WINDOWS\system32\mltkyvam.dll
    C:\WINDOWS\system32\ykoeanjl.dll
    C:\WINDOWS\system32\gtkkrpha.dll
    C:\WINDOWS\system32\kvyhginv.dll
    C:\WINDOWS\system32\gtlnxufx.dll
    C:\WINDOWS\system32\vmxwhahg.dll
    C:\WINDOWS\system32\abrnnujl.dll
    C:\WINDOWS\system32\gddbgdvs.dll
    C:\WINDOWS\system32\fsiismnh.dll
    C:\WINDOWS\system32\qglvupwy.dll
    C:\WINDOWS\system32\lgdslqmg.dll
    C:\WINDOWS\system32\xymtauaj.dll
    C:\WINDOWS\system32\mybdpodv.dll
    C:\WINDOWS\system32\qxhsxjby.dll
    C:\WINDOWS\system32\gyhlbvxr.dll
    C:\WINDOWS\system32\ssmddted.dll
    C:\WINDOWS\system32\srwrjfer.dll
    C:\WINDOWS\system32\npktjavi.dll
    C:\WINDOWS\system32\wxwlsovr.dll
    C:\WINDOWS\system32\nrangufj.dll
    C:\WINDOWS\system32\utktxfhu.dll
    C:\WINDOWS\system32\vixxrpjp.dll
    C:\WINDOWS\system32\fodgushh.dll
    C:\WINDOWS\system32\oplswxjn.dll
    C:\WINDOWS\system32\qbmemxjk.dll
    C:\WINDOWS\system32\elfgofru.dll
    C:\WINDOWS\system32\aocnysik.dll
    C:\WINDOWS\system32\anwjhsks.dll
    C:\WINDOWS\system32\wkfgbtpo.dll
    C:\WINDOWS\system32\lnccnqro.dll
    C:\WINDOWS\system32\budjhuuw.dll
    C:\WINDOWS\system32\ytwjtmao.dll
    C:\WINDOWS\system32\hteqrvgj.dll
    C:\WINDOWS\system32\davnxmtj.dll

  • Save this as vundofix.vft and Save as type "all files".
  • Double-click VundoFix.exe to run it.
  • Drag vundofix.vft onto the listbox (white box) of VundoFix as shown below.
    Posted Image
  • Click the "Remove Vundo" button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread. :thumbsup:
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
Hi there, stranger!

#9 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:47 AM

Posted 14 April 2008 - 02:51 PM

Due to lack of feedback, this thread has been closed. If you're the original poster and need this topic reopened, please PM me.
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users