Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

6 Viruses And 12 Infected Objects


  • This topic is locked This topic is locked
10 replies to this topic

#1 Dumb Blonde

Dumb Blonde

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Phila 4 Now
  • Local time:03:41 AM

Posted 04 June 2008 - 07:22 AM

This has been going on for a while. My son got on my computer and visited some game sites. Lord knows which ones. At the time I had Norton Internet Security with Anti Virus. My computer just went berserk. So I removed Norton, because I was mad that something like that could happen and I purchased Spyware Doctor with Anti Virus, it has gotten rid of some of the problems but not all. So after a continued online search I came to BC. I followed all the steps and did the online scan with Kaspersky, that is when it found the viruses and other infections.

Here they are: Win32.Delf.hki, Win32.Delf.ilj, Trojan-Clicker.Win32.VB.zo, Trojan.Win32.Agent.qxr, Trojan-Downloader.Win32.Delf.ijw



The last 1 is in there multiple times. Any idea on how to fix it?

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:41 AM

Posted 04 June 2008 - 02:49 PM

Hello Dumb Blonde,

Welcome to Bleeping Computer :thumbsup:

Please post a new HijackThis log so I can get an idea of what's going on. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Dumb Blonde

Dumb Blonde
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Phila 4 Now
  • Local time:03:41 AM

Posted 04 June 2008 - 07:58 PM

Hello Dumb Blonde,

Welcome to Bleeping Computer :thumbsup:

Please post a new HijackThis log so I can get an idea of what's going on. :)

Thanks,
tea



Ok, here we go, hope you can make sense of this, coz I don't...

Deckard's System Scanner v20071014.68
Run by Nikita BigBank on 2008-06-04 20:50:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Nikita BigBank.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:23 PM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afinding.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\routing.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\wserving.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nikita BigBank\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nikita BigBank.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nikitabigbank.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.shockwave.com/content/chocolati...eb.1.0.0.13.cab
O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} (IAMCE Class) - file://D:\win\setup\iamce.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (file missing)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe

--
End of file - 15571 bytes

-- Files created between 2008-05-04 and 2008-06-04 -----------------------------

2008-06-04 20:52:04 0 d-------- C:\Program Files\Trend Micro
2008-06-03 21:58:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-03 21:58:22 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-03 12:44:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-06-03 11:30:22 295936 --a------ C:\WINDOWS\system32\andt.sys
2008-06-03 00:51:33 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Lavasoft
2008-05-28 23:21:50 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Auslogics
2008-05-28 23:21:42 0 d-------- C:\Program Files\Auslogics
2008-05-26 22:53:09 0 d-------- C:\Program Files\Common Files\PC Tools
2008-05-26 22:53:01 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-24 16:39:29 0 d-------- C:\Documents and Settings\Nikita BigBank\CutStudio_AI-PlugIn_for_Windows_ver121 <CUTSTU~1>
2008-05-06 10:14:59 23104 --a------ C:\WINDOWS\system32\svcprmpt.dll
2008-05-06 10:14:58 30976 --a------ C:\WINDOWS\rascntrl.dll
2008-05-04 12:18:22 0 d-------- C:\Documents and Settings\LocalService\My Documents <MYDOCU~1>


-- Find3M Report ---------------------------------------------------------------

2008-06-04 20:51:20 0 d-------- C:\Program Files\Spyware Doctor
2008-06-04 20:50:29 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\DNA
2008-06-04 19:13:40 321 --a------ C:\WINDOWS\system32\tablet.dat
2008-06-03 00:51:13 0 d-------- C:\Program Files\Lavasoft
2008-06-03 00:40:25 0 d-------- C:\Program Files\mIRC
2008-06-01 16:58:15 0 d-------- C:\Program Files\BadgeHelp
2008-05-28 07:26:22 0 d-------- C:\Program Files\SmartVideoCodec
2008-05-26 22:53:09 0 d-------- C:\Program Files\Common Files
2008-05-25 16:40:10 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Adobe
2008-05-24 23:05:48 11285 --a------ C:\WINDOWS\mozver.dat
2008-05-05 22:25:13 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Yahoo!
2008-05-03 13:40:01 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Ubisoft
2008-04-30 20:11:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-30 20:06:41 0 d-------- C:\Program Files\Activision
2008-04-27 16:44:25 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-26 22:07:07 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Pogo Games
2008-04-26 00:38:59 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Gaijin Ent
2008-04-14 11:34:58 0 --a------ C:\Program Files\temp01
2008-04-14 11:34:55 0 d-------- C:\Program Files\bfgclient
2008-04-07 00:31:14 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Skype
2008-03-30 22:43:30 106 --a------ C:\Board.Dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [07/16/2004 03:17 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [03/23/2004 03:16 PM]
"sHotKey"="C:\Program Files\SONY\sHotKey\sHotKey.exe" [08/22/2003 09:22 AM]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 01:08 AM]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 02:56 PM]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [06/07/2005 11:31 AM]
"Alcmtr"="ALCMTR.EXE" [07/20/2004 10:22 AM C:\WINDOWS\ALCMTR.EXE]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [03/29/2007 11:14 PM]
"@"="" []
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 05:40 PM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe" [11/11/2004 06:14 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [05/15/2007 09:46 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [03/26/2008 05:40 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [12/17/2007 05:13 PM]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/07/2007 03:33 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/11/2008 09:52 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
"C:\Program Files\Windows Plus\Dancer\Dancer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cbe8c05-cdf2-11dc-aafb-00112fa4290c}]
AutoRun\command- J:\xyw9tmdj.com
explore\Command- J:\xyw9tmdj.com
open\Command- J:\xyw9tmdj.com




-- End of Deckard's System Scanner: finished at 2008-06-04 20:52:41 ------------

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:41 AM

Posted 05 June 2008 - 11:55 AM

Hello,

Thanks for that.....now let's fix it. :thumbsup:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Dumb Blonde

Dumb Blonde
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Phila 4 Now
  • Local time:03:41 AM

Posted 05 June 2008 - 08:42 PM

Hello,

Thanks for that.....now let's fix it. :thumbsup:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea


Thank You so much tea! This is a very long log :)

ComboFix 08-06-05.3 - Nikita BigBank 2008-06-05 21:01:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1308 [GMT -4:00]
Running from: C:\Documents and Settings\Nikita BigBank\My Documents\My Received Files\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\SmartVideoCodec
C:\Program Files\SmartVideoCodec\install.ico
C:\Program Files\SmartVideoCodec\SmartVideoCodec.ocx
C:\WINDOWS\dat.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\tmp0_435032132858.bk
C:\WINDOWS\system32\tmp0_574770530575.bk
C:\WINDOWS\system32\tmp0_586267146515.bk
C:\WINDOWS\system32\tmp0_733297233922.bk
C:\WINDOWS\system32\tmp0_768658615466.bk
C:\WINDOWS\system32\tmp0_782041371557.bk
C:\WINDOWS\system32\tmp0_796113448778.bk
C:\WINDOWS\system32\WServing.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_WSERVING
-------\Service_AFinding
-------\Service_perfmons
-------\Service_Routing
-------\Service_WServing


((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-04 20:52 . 2008-06-04 20:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-03 23:28 . 2008-06-03 23:28 <DIR> d-------- C:\Deckard
2008-06-03 21:58 . 2008-06-03 21:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-03 21:58 . 2008-06-03 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-03 00:51 . 2008-06-03 00:51 <DIR> d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Lavasoft
2008-05-28 23:21 . 2008-05-28 23:21 <DIR> d-------- C:\Program Files\Auslogics
2008-05-28 23:21 . 2008-05-28 23:21 <DIR> d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Auslogics
2008-05-26 22:53 . 2008-05-27 23:54 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-05-26 22:53 . 2008-05-26 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-26 22:53 . 2008-04-10 15:14 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-05-24 16:39 . 2008-05-24 16:39 <DIR> d-------- C:\Documents and Settings\Nikita BigBank\CutStudio_AI-PlugIn_for_Windows_ver121
2008-05-06 10:14 . 2008-05-06 10:14 30,976 --a------ C:\WINDOWS\rascntrl.dll
2008-05-06 10:14 . 2008-05-06 10:14 23,104 --a------ C:\WINDOWS\system32\svcprmpt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 01:08 --------- d-----w C:\Documents and Settings\Nikita BigBank\Application Data\DNA
2008-06-06 01:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 13:01 --------- d-----w C:\Program Files\BadgeHelp
2008-06-05 00:51 --------- d-----w C:\Program Files\Spyware Doctor
2008-06-03 04:51 --------- d-----w C:\Program Files\Lavasoft
2008-06-03 04:40 --------- d-----w C:\Program Files\mIRC
2008-05-26 02:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\NEAHZQSBYG
2008-05-06 02:25 --------- d-----w C:\Documents and Settings\Nikita BigBank\Application Data\Yahoo!
2008-05-06 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-03 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-03 17:40 --------- d-----w C:\Documents and Settings\Nikita BigBank\Application Data\Ubisoft
2008-05-01 00:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 00:06 --------- d-----w C:\Program Files\Activision
2008-04-27 20:44 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-27 02:07 --------- d-----w C:\Documents and Settings\Nikita BigBank\Application Data\Pogo Games
2008-04-26 04:38 --------- d-----w C:\Documents and Settings\Nikita BigBank\Application Data\Gaijin Ent
2008-04-19 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Citrix
2008-04-19 19:02 61,480 ----a-w C:\Documents and Settings\Nikita BigBank\GoToAssistDownloadHelper.exe
2008-04-15 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2008-04-14 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-04-14 15:34 0 ----a-w C:\Program Files\temp01
2008-04-14 15:34 --------- d-----w C:\Program Files\bfgclient
2008-04-14 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-04-07 04:31 --------- d-----w C:\Documents and Settings\Nikita BigBank\Application Data\Skype
2008-04-06 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WFAHZQSBYG
2008-03-31 02:43 106 ----a-w C:\Board.Dat
2007-12-27 14:01 4 ----a-w C:\Documents and Settings\Nikita BigBank\EPGame.dat
2007-12-03 13:49 4 ----a-w C:\Documents and Settings\Nikita BigBank\PPGame.dat
2007-09-29 03:41 24,192 ----a-w C:\Documents and Settings\Nikita BigBank\usbsermptxp.sys
2007-09-29 03:41 22,768 ----a-w C:\Documents and Settings\Nikita BigBank\usbsermpt.sys
2007-08-02 23:09 1,366 ----a-w C:\Program Files\MasterTickerList.Test
2007-08-02 22:10 1,366 ----a-w C:\Program Files\MasterTickerList.Txt
2007-04-23 18:59 557,056 ----a-w C:\Documents and Settings\Nikita BigBank\GoToAssist_phone__317_en.exe
2007-01-08 19:56 487,424 ----a-w C:\Documents and Settings\Nikita BigBank\GoToAssist_phone__268_en.exe
2006-11-30 00:55 218 ----a-w C:\Documents and Settings\Nikita BigBank\Out.Dat
2006-11-29 15:03 72 ----a-w C:\Documents and Settings\Nikita BigBank\Temp.Bat
2006-11-29 15:03 71 ----a-w C:\Documents and Settings\Nikita BigBank\Input.Dat
2006-11-29 05:00 218 ----a-w C:\Documents and Settings\Nikita BigBank\Output.Dat
2006-11-29 04:57 456,192 ----a-w C:\Documents and Settings\Nikita BigBank\CYGWin1.DLL
2006-11-29 04:57 122,368 ----a-w C:\Documents and Settings\Nikita BigBank\phalanx.exe
2006-11-20 16:47 630,784 ----a-w C:\Documents and Settings\Nikita BigBank\chatlnk.exe
2006-09-26 19:06 0 ----a-w C:\Documents and Settings\Nikita BigBank\remote.exe
1995-01-25 01:13 44,640 ----a-w C:\Documents and Settings\Nikita BigBank\CALC.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-17 17:13 3810544]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-11 09:52 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 15:17 53248]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 15:16 135168]
"sHotKey"="C:\Program Files\SONY\sHotKey\sHotKey.exe" [2003-08-22 09:22 45056]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08 28672]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 11:31 819712]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 23:14 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe" [2004-11-11 18:14 49152]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [ ]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-15 21:46 551032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2008-03-26 17:40 2577120]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 19:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
C:\Program Files\Windows Plus\Dancer\Dancer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Sony\\Click to DVD 2\\AuthoringServerExe.exe"=
"C:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-04-10 15:14]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 epppdt;EPSON 1394.3 Class;C:\WINDOWS\system32\DRIVERS\epppdt.sys [2006-10-24 02:02]
S3 epppdtpr;EPSON 1394.3 Printer Class;C:\WINDOWS\system32\DRIVERS\epppdtpr.sys [2006-10-24 02:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cbe8c05-cdf2-11dc-aafb-00112fa4290c}]
\Shell\AutoRun\command - J:\xyw9tmdj.com
\Shell\explore\Command - J:\xyw9tmdj.com
\Shell\open\Command - J:\xyw9tmdj.com

.
Contents of the 'Scheduled Tasks' folder
"2008-06-05 11:38:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-31 00:01:50 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Nikita BigBank.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2004-11-06 04:50:00 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 21:10:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
.
**************************************************************************
.
Completion time: 2008-06-05 21:26:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-06 01:25:32

Pre-Run: 149,930,872,832 bytes free
Post-Run: 149,859,725,312 bytes free

521 --- E O F --- 2008-05-28 03:41:34

here is the 2nd one


Deckard's System Scanner v20071014.68
Run by Nikita BigBank on 2008-06-05 21:40:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Nikita BigBank.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:09 PM, on 6/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Nikita BigBank\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\NIKITA~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nikitabigbank.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.shockwave.com/content/chocolati...eb.1.0.0.13.cab
O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} (IAMCE Class) - file://D:\win\setup\iamce.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (file missing)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 13841 bytes

-- Files created between 2008-05-05 and 2008-06-05 -----------------------------

2008-06-05 20:57:14 68096 --a------ C:\WINDOWS\zip.exe
2008-06-05 20:57:14 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-05 20:57:14 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-05 20:57:14 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-05 20:57:14 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-05 20:57:14 98816 --a------ C:\WINDOWS\sed.exe
2008-06-05 20:57:14 80412 --a------ C:\WINDOWS\grep.exe
2008-06-05 20:57:14 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-04 20:52:04 0 d-------- C:\Program Files\Trend Micro
2008-06-03 21:58:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-03 21:58:22 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-03 12:44:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-06-03 00:51:33 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Lavasoft
2008-05-28 23:21:50 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Auslogics
2008-05-28 23:21:42 0 d-------- C:\Program Files\Auslogics
2008-05-26 22:53:09 0 d-------- C:\Program Files\Common Files\PC Tools
2008-05-26 22:53:01 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-24 16:39:29 0 d-------- C:\Documents and Settings\Nikita BigBank\CutStudio_AI-PlugIn_for_Windows_ver121
2008-05-06 10:14:59 23104 --a------ C:\WINDOWS\system32\svcprmpt.dll
2008-05-06 10:14:58 30976 --a------ C:\WINDOWS\rascntrl.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-05 21:30:25 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\DNA
2008-06-05 21:09:56 321 --a------ C:\WINDOWS\system32\tablet.dat
2008-06-05 09:01:41 0 d-------- C:\Program Files\BadgeHelp
2008-06-04 20:51:20 0 d-------- C:\Program Files\Spyware Doctor
2008-06-03 00:51:13 0 d-------- C:\Program Files\Lavasoft
2008-06-03 00:40:25 0 d-------- C:\Program Files\mIRC
2008-05-26 22:53:09 0 d-------- C:\Program Files\Common Files
2008-05-25 16:40:10 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Adobe
2008-05-24 23:05:48 11285 --a------ C:\WINDOWS\mozver.dat
2008-05-05 22:25:13 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Yahoo!
2008-05-03 13:40:01 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Ubisoft
2008-04-30 20:11:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-30 20:06:41 0 d-------- C:\Program Files\Activision
2008-04-27 16:44:25 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-26 22:07:07 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Pogo Games
2008-04-26 00:38:59 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Gaijin Ent
2008-04-14 11:34:58 0 --a------ C:\Program Files\temp01
2008-04-14 11:34:55 0 d-------- C:\Program Files\bfgclient
2008-04-07 00:31:14 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Skype
2008-03-30 22:43:30 106 --a------ C:\Board.Dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [07/16/2004 03:17 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [03/23/2004 03:16 PM]
"sHotKey"="C:\Program Files\SONY\sHotKey\sHotKey.exe" [08/22/2003 09:22 AM]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 01:08 AM]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 02:56 PM]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [06/07/2005 11:31 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [03/29/2007 11:14 PM]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 05:40 PM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe" [11/11/2004 06:14 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [05/15/2007 09:46 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [03/26/2008 05:40 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [12/17/2007 05:13 PM]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/07/2007 03:33 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/11/2008 09:52 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
"C:\Program Files\Windows Plus\Dancer\Dancer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cbe8c05-cdf2-11dc-aafb-00112fa4290c}]
AutoRun\command- J:\xyw9tmdj.com
explore\Command- J:\xyw9tmdj.com
open\Command- J:\xyw9tmdj.com




-- End of Deckard's System Scanner: finished at 2008-06-05 21:40:29 ------------

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:41 AM

Posted 06 June 2008 - 07:34 PM

Hello,

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

File::
J:\xyw9tmdj.com

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cbe8c05-cdf2-11dc-aafb-00112fa4290c}]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. How is it running please?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Dumb Blonde

Dumb Blonde
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Phila 4 Now
  • Local time:03:41 AM

Posted 06 June 2008 - 11:46 PM

Hi Tea,

it has been getting better....ty

here is the log

ComboFix 08-06-05.3 - Nikita BigBank 2008-06-06 22:21:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1330 [GMT -4:00]
Running from: C:\Documents and Settings\Nikita BigBank\My Documents\My Received Files\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nikita BigBank\Desktop\cfscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
J:\xyw9tmdj.com
.

((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))
.

2008-06-04 20:52 . 2008-06-04 20:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-03 23:28 . 2008-06-03 23:28 <DIR> d-------- C:\Deckard
2008-06-03 21:58 . 2008-06-03 21:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-03 21:58 . 2008-06-03 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-03 00:51 . 2008-06-03 00:51 <DIR> d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Lavasoft
2008-05-28 23:21 . 2008-05-28 23:21 <DIR> d-------- C:\Program Files\Auslogics
2008-05-28 23:21 . 2008-05-28 23:21 <DIR> d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Auslogics
2008-05-26 22:53 . 2008-05-27 23:54 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-05-26 22:53 . 2008-05-26 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-26 22:53 . 2008-04-10 15:14 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-05-24 16:39 . 2008-05-24 16:39 <DIR> d-------- C:\Documents and Settings\Nikita BigBank\CutStudio_AI-PlugIn_for_Windows_ver121

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 02:23 --------- d-----w C:\Documents and Settings\Nikita BigBank\Application Data\DNA
2008-06-07 02:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 02:17 --------- d-----w C:\Program Files\Spyware Doctor
2008-06-05 13:01 --------- d-----w C:\Program Files\BadgeHelp
2008-06-03 04:51 --------- d-----w C:\Program Files\Lavasoft
2008-06-03 04:40 --------- d-----w C:\Program Files\mIRC
2008-05-26 02:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\NEAHZQSBYG
2008-05-06 14:14 30,976 ----a-w C:\WINDOWS\rascntrl.dll
2008-05-06 14:14 23,104 ----a-w C:\WINDOWS\system32\svcprmpt.dll
2008-05-06 02:25 --------- d-----w C:\Documents and Settings\Nikita BigBank\Application Data\Yahoo!
2008-05-06 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-03 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-03 17:40 --------- d-----w C:\Documents and Settings\Nikita BigBank\Application Data\Ubisoft
2008-05-01 00:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 00:06 --------- d-----w C:\Program Files\Activision
2008-04-27 20:44 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-27 02:07 --------- d-----w C:\Documents and Settings\Nikita BigBank\Application Data\Pogo Games
2008-04-26 04:38 --------- d-----w C:\Documents and Settings\Nikita BigBank\Application Data\Gaijin Ent
2008-04-19 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Citrix
2008-04-19 19:02 61,480 ----a-w C:\Documents and Settings\Nikita BigBank\GoToAssistDownloadHelper.exe
2008-04-15 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2008-04-14 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-04-14 15:34 0 ----a-w C:\Program Files\temp01
2008-04-14 15:34 --------- d-----w C:\Program Files\bfgclient
2008-04-14 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-04-07 04:31 --------- d-----w C:\Documents and Settings\Nikita BigBank\Application Data\Skype
2008-03-31 02:43 106 ----a-w C:\Board.Dat
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-12-27 14:01 4 ----a-w C:\Documents and Settings\Nikita BigBank\EPGame.dat
2007-12-03 13:49 4 ----a-w C:\Documents and Settings\Nikita BigBank\PPGame.dat
2007-09-29 03:41 24,192 ----a-w C:\Documents and Settings\Nikita BigBank\usbsermptxp.sys
2007-09-29 03:41 22,768 ----a-w C:\Documents and Settings\Nikita BigBank\usbsermpt.sys
2007-08-02 23:09 1,366 ----a-w C:\Program Files\MasterTickerList.Test
2007-08-02 22:10 1,366 ----a-w C:\Program Files\MasterTickerList.Txt
2007-04-23 18:59 557,056 ----a-w C:\Documents and Settings\Nikita BigBank\GoToAssist_phone__317_en.exe
2007-01-08 19:56 487,424 ----a-w C:\Documents and Settings\Nikita BigBank\GoToAssist_phone__268_en.exe
2006-11-30 00:55 218 ----a-w C:\Documents and Settings\Nikita BigBank\Out.Dat
2006-11-29 15:03 72 ----a-w C:\Documents and Settings\Nikita BigBank\Temp.Bat
2006-11-29 15:03 71 ----a-w C:\Documents and Settings\Nikita BigBank\Input.Dat
2006-11-29 05:00 218 ----a-w C:\Documents and Settings\Nikita BigBank\Output.Dat
2006-11-29 04:57 456,192 ----a-w C:\Documents and Settings\Nikita BigBank\CYGWin1.DLL
2006-11-29 04:57 122,368 ----a-w C:\Documents and Settings\Nikita BigBank\phalanx.exe
2006-11-20 16:47 630,784 ----a-w C:\Documents and Settings\Nikita BigBank\chatlnk.exe
2006-09-26 19:06 0 ----a-w C:\Documents and Settings\Nikita BigBank\remote.exe
1995-01-25 01:13 44,640 ----a-w C:\Documents and Settings\Nikita BigBank\CALC.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-17 17:13 3810544]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-11 09:52 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 15:17 53248]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 15:16 135168]
"sHotKey"="C:\Program Files\SONY\sHotKey\sHotKey.exe" [2003-08-22 09:22 45056]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08 28672]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 11:31 819712]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 23:14 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe" [2004-11-11 18:14 49152]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [ ]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-15 21:46 551032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2008-03-26 17:40 2577120]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 19:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
C:\Program Files\Windows Plus\Dancer\Dancer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Sony\\Click to DVD 2\\AuthoringServerExe.exe"=
"C:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-04-10 15:14]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 epppdt;EPSON 1394.3 Class;C:\WINDOWS\system32\DRIVERS\epppdt.sys [2006-10-24 02:02]
S3 epppdtpr;EPSON 1394.3 Printer Class;C:\WINDOWS\system32\DRIVERS\epppdtpr.sys [2006-10-24 02:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-05 11:38:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-07 00:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Nikita BigBank.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2004-11-06 04:50:00 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 22:28:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-06-06 22:37:05
ComboFix-quarantined-files.txt 2008-06-07 02:36:02
ComboFix2.txt 2008-06-06 01:26:13

Pre-Run: 149,780,385,792 bytes free
Post-Run: 149,761,146,880 bytes free

176 --- E O F --- 2008-05-28 03:41:34


Part 2

Deckard's System Scanner v20071014.68
Run by Nikita BigBank on 2008-06-07 00:43:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Nikita BigBank.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:10 AM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Nikita BigBank\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\NIKITA~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nikitabigbank.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.shockwave.com/content/chocolati...eb.1.0.0.13.cab
O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} (IAMCE Class) - file://D:\win\setup\iamce.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (file missing)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14101 bytes

-- Files created between 2008-05-07 and 2008-06-07 -----------------------------

2008-06-05 20:57:14 68096 --a------ C:\WINDOWS\zip.exe
2008-06-05 20:57:14 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-05 20:57:14 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-05 20:57:14 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-05 20:57:14 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-05 20:57:14 98816 --a------ C:\WINDOWS\sed.exe
2008-06-05 20:57:14 80412 --a------ C:\WINDOWS\grep.exe
2008-06-05 20:57:14 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-04 20:52:04 0 d-------- C:\Program Files\Trend Micro
2008-06-03 21:58:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-03 21:58:22 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-03 12:44:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-06-03 00:51:33 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Lavasoft
2008-05-28 23:21:50 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Auslogics
2008-05-28 23:21:42 0 d-------- C:\Program Files\Auslogics
2008-05-26 22:53:09 0 d-------- C:\Program Files\Common Files\PC Tools
2008-05-26 22:53:01 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-24 16:39:29 0 d-------- C:\Documents and Settings\Nikita BigBank\CutStudio_AI-PlugIn_for_Windows_ver121


-- Find3M Report ---------------------------------------------------------------

2008-06-07 00:43:16 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\DNA
2008-06-06 22:17:38 0 d-------- C:\Program Files\Spyware Doctor
2008-06-05 21:09:56 321 --a------ C:\WINDOWS\system32\tablet.dat
2008-06-05 09:01:41 0 d-------- C:\Program Files\BadgeHelp
2008-06-03 00:51:13 0 d-------- C:\Program Files\Lavasoft
2008-06-03 00:40:25 0 d-------- C:\Program Files\mIRC
2008-05-26 22:53:09 0 d-------- C:\Program Files\Common Files
2008-05-25 16:40:10 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Adobe
2008-05-24 23:05:48 11285 --a------ C:\WINDOWS\mozver.dat
2008-05-06 10:14:59 23104 --a------ C:\WINDOWS\system32\svcprmpt.dll
2008-05-06 10:14:58 30976 --a------ C:\WINDOWS\rascntrl.dll
2008-05-05 22:25:13 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Yahoo!
2008-05-03 13:40:01 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Ubisoft
2008-04-30 20:11:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-30 20:06:41 0 d-------- C:\Program Files\Activision
2008-04-27 16:44:25 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-26 22:07:07 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Pogo Games
2008-04-26 00:38:59 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Gaijin Ent
2008-04-14 11:34:58 0 --a------ C:\Program Files\temp01
2008-04-14 11:34:55 0 d-------- C:\Program Files\bfgclient
2008-04-07 00:31:14 0 d-------- C:\Documents and Settings\Nikita BigBank\Application Data\Skype
2008-03-30 22:43:30 106 --a------ C:\Board.Dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [07/16/2004 03:17 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [03/23/2004 03:16 PM]
"sHotKey"="C:\Program Files\SONY\sHotKey\sHotKey.exe" [08/22/2003 09:22 AM]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 01:08 AM]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 02:56 PM]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [06/07/2005 11:31 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [03/29/2007 11:14 PM]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 05:40 PM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe" [11/11/2004 06:14 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [05/15/2007 09:46 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [03/26/2008 05:40 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [12/17/2007 05:13 PM]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/07/2007 03:33 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/11/2008 09:52 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
"C:\Program Files\Windows Plus\Dancer\Dancer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-06-07 00:43:34 ------------



Now tell me is there anything else I can do? And why didn't Spyware Doctor + Anti Virus catch these files? Also, I noticed in the log that I still have synmantec norten etc in there....thought I cought all of them how do I get rid of it?

Thanks! PS...u should see something on ur end 2...I dropped something 4 u.

Edited by Dumb Blonde, 06 June 2008 - 11:53 PM.


#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:41 AM

Posted 07 June 2008 - 12:30 AM

Hello,

Thank you, and you're welcome. :) I'm glad it's running better, and everything looks good. We'll get rid of Norton and do a final clean up and it should run even better. :thumbsup:

The Norton uninstall tool uninstalls ALL Norton 2004/2005/2006/2007/2008 products from your computer. It also uninstalls Norton Ghost 10.0/9.0/2003. http://service1.symantec.com/SUPPORT/tsgen...005033108162039

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

As to your other questions, no one program gets everything. Some are better than others, and some simply pick up different things than others. Malware is ever changing so it's a struggle for ALL programs to keep up with them. :)

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

You should definitely maintain a firewall. Some good free firewalls are Kerio, or Outpost. I use Comodo on my own system and really like it. http://comodo.com
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Dumb Blonde

Dumb Blonde
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Phila 4 Now
  • Local time:03:41 AM

Posted 07 June 2008 - 08:11 AM

Hello,

Thank you, and you're welcome. :) I'm glad it's running better, and everything looks good. We'll get rid of Norton and do a final clean up and it should run even better. :thumbsup:

The Norton uninstall tool uninstalls ALL Norton 2004/2005/2006/2007/2008 products from your computer. It also uninstalls Norton Ghost 10.0/9.0/2003. http://service1.symantec.com/SUPPORT/tsgen...005033108162039

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

As to your other questions, no one program gets everything. Some are better than others, and some simply pick up different things than others. Malware is ever changing so it's a struggle for ALL programs to keep up with them. :)

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

You should definitely maintain a firewall. Some good free firewalls are Kerio, or Outpost. I use Comodo on my own system and really like it. http://comodo.com
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care!
tea



Hi Tea,

I think the problem is still not gone, I performed the Norton Removal tool as well did that before and I still have files from them on my computer. And now I have a added sound that sound like a flopping sound where it flopps 1 time every couple of seconds. Also tell me it found new Hardware that I have no clue what it is. MTP Device...what is that? I found something in my process called wudfhost.exe what is that? It keeps popping in and out and my virtual memory is again nearly all used up :)

Thanks

Edited by Dumb Blonde, 07 June 2008 - 08:25 AM.


#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:41 AM

Posted 07 June 2008 - 07:14 PM

Hello there,

wudfhost.exe is legit.
http://www.liutilities.com/products/wintas...brary/wudfhost/

MTP Device is also legit.
http://msdn.microsoft.com/en-us/library/bb262774(VS.85).aspx

Both have to do with Hardware. If you'll post a new HijackThis log for me I'll make sure there's no malware present. If there isn't, then I'll have to send you to the Hardware Department. Malware is my forte, and I'm not much good to you when you get too far beyond the basics.

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:41 AM

Posted 28 June 2008 - 11:04 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users