1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Please look @ my DDS logs. Trojans/backdoor/viruses.

Discussion in 'Malware and Virus Removal Archive' started by jbh, 2009/03/06.

Thread Status:
Not open for further replies.
Page 1 of 3
  1. 2009/03/06
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    [Resolved] Please look @ my DDS logs. Trojans/backdoor/viruses.

    I think I'm in real trouble here. All of a sudden AVG keeps popping up w/many different viruses. I've updated and run AVG scan and it's not getting them.
    Please help!

    DDS (Ver_09-02-01.01) - NTFSx86
    Run by mom at 19:26:49.93 on Fri 03/06/2009
    Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_03
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.762 [GMT

    -6:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\mshta.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\mshta.exe
    c:\c37aAFf6.exe
    C:\WINDOWS\System32\mshta.exe
    c:\uQmTBXA3.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\mshta.exe
    c:\uQmTBXA3.exe
    c:\c37aAFf6.exe
    c:\uQmTBXA3.exe
    c:\uQmTBXA3.exe
    c:\c37aAFf6.exe
    c:\c37aAFf6.exe
    c:\c37aAFf6.exe
    C:\Documents and Settings\mom\Desktop\dds.scr
    c:\uQmTBXA3.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

    c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} -

    c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: NoExplorer - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program

    files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer:

    {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

    files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program

    files\bitcomet\tools\BitCometBHO_1.2.8.7.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program

    files\avg\avg8\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

    c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} -

    c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program

    files\java\jre1.6.0_03\bin\ssv.dll
    BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} -

    c:\progra~1\avg\avg8\AVGTOO~1.DLL
    TB: Rightdown Software SearchBar: {d6f180cb-e683-41a3-8cd2-c53dbaa0530d} -

    c:\program files\rightdown software searchbar\rssb.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

    c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} -

    c:\progra~1\avg\avg8\AVGTOO~1.DLL
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search &

    destroy\TeaTimer.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe "
    mRun: [NvMediaCenter] RUNDLL32.EXE

    c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"

    -osboot
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [Media Codec Update Service] c:\program files\essentials codec

    pack\update.exe -silent
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader

    9.0\reader\Reader_sl.exe "
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe "
    mRun: [GrooveMonitor] "c:\program files\microsoft

    office\office12\GrooveMonitor.exe "
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    uExplorerRun: [Msn] c:\DKItNVDq.exe
    uExplorerRun: [MsnHost] c:\DKItNVDq.exe
    uExplorerRun: [MsnLoad] c:\DKItNVDq.exe
    uExplorerRun: [MsnConvert] c:\DKItNVDq.exe
    uExplorerRun: [MsnMessendger] c:\DKItNVDq.exe
    dExplorerRun: [Msn] c:\JWmKK.exe
    dExplorerRun: [MsnHost] c:\JWmKK.exe
    dExplorerRun: [MsnLoad] c:\JWmKK.exe
    dExplorerRun: [MsnConvert] c:\GlV.exe
    dExplorerRun: [MsnMessendger] c:\GlV.exe
    StartupFolder: c:\docume~1\mom\startm~1\programs\startup\adobeg~1.lnk -

    c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk -

    c:\program files\intervideo\common\bin\WinCinemaMgr.exe
    uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    IE: &D&ownload &with BitComet - c:\program

    files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program

    files\bitcomet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program

    files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program

    files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

    Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

    files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program

    files\java\jre1.6.0_03\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} -

    {48E73304-E1D6-4330-914C-F5F514E3486C} -

    c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program

    files\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

    c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

    {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} -

    hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} -

    file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm

    .ocx
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} -

    hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebCon

    trol.cab?1208896645531
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} -

    file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelp

    er.ocx
    TCP: {417BAF00-08F8-42BA-92E4-045A1691F2EE} = 209.244.0.3 209.244.0.4
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program

    files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program

    files\avg\avg8\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    AppInit_DLLs: avgrsstx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} -

    c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath -

    c:\docume~1\mom\applic~1\mozilla\firefox\profiles\c9cxfovx.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - component: c:\documents and settings\mom\application

    data\mozilla\firefox\profiles\c9cxfovx.default\extensions\{b042753d-f57e-4e8e-a0

    1b-7379a6d4cefb}\components\IBitCometExtension.dll
    FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\defaults\pref\wildblue.js -

    pref( "network.proxy.type ", 2);

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver

    x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-17 96520]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver

    x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-17 26824]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-17

    231192]
    S2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware

    2007\aawservice.exe [2007-10-29 607576]
    S3 mgau;mgau;c:\windows\system32\drivers\mgaum.sys [2009-1-8 320384]
    S3 PCnetHL;AMD PCnet-Home Adapter

    Driver;c:\windows\system32\drivers\pcntn5hl.sys -->

    c:\windows\system32\drivers\pcntn5hl.sys [?]
    S3 XPAD910;XPADFilter Service 910;c:\windows\system32\drivers\xpad910.sys

    [2008-9-10 29405]

    =============== Created Last 30 ================

    2009-03-06 18:49 163,624 a------- C:\JWmKK2.exe
    2009-03-06 18:45 193,536 a------- C:\JWmKK.exe
    2009-03-06 18:45 8,150 a------- C:\FgPD.bat
    2009-03-06 18:45 206 a------- C:\giw.bat
    2009-03-06 18:30 8,150 a------- C:\d7e0gXA2.bat
    2009-03-06 18:30 204 a------- C:\Kjcg7Ubl.bat
    2009-03-06 16:37 133,216 a------- C:\pbk7Lfs2.exe
    2009-03-06 16:32 172,384 a------- C:\pbk7Lfs.exe
    2009-03-06 16:31 8,150 a------- C:\vl2qOuo.bat
    2009-03-06 16:31 221 a------- C:\xIK2CJo.bat
    2009-03-06 16:06 238,080 a------- C:\uQmTBXA32.exe
    2009-03-06 16:02 193,536 a------- C:\uQmTBXA3.exe
    2009-03-06 16:02 8,150 a------- C:\J9L7.bat
    2009-03-06 16:02 225 a------- C:\O8fKY.bat
    2009-03-06 15:47 238,080 a------- C:\c37aAFf62.exe
    2009-03-06 15:45 193,536 a------- C:\c37aAFf6.exe
    2009-03-06 15:45 8,150 a------- C:\u4d.bat
    2009-03-06 15:45 227 a------- C:\hMYQbigQ.bat
    2009-03-06 15:31 238,080 a------- C:\xTKHoP2.exe
    2009-03-06 15:30 193,536 a------- C:\xTKHoP.exe
    2009-03-06 15:30 8,150 a------- C:\bra.bat
    2009-03-06 15:30 213 a------- C:\MkH6MAyx.bat
    2009-03-06 15:05 238,080 a------- C:\xlfWb2.exe
    2009-03-06 15:01 193,536 a------- C:\xlfWb.exe
    2009-03-06 15:00 8,150 a------- C:\VGh0NAT.bat
    2009-03-06 15:00 211 a------- C:\CIalQ1.bat
    2009-03-06 14:32 238,080 a------- C:\T0lE2.exe
    2009-03-06 14:31 193,536 a------- C:\T0lE.exe
    2009-03-06 14:30 8,150 a------- C:\soI3yH.bat
    2009-03-06 14:30 205 a------- C:\KBC6.bat
    2009-03-06 13:52 18,980 a------- C:\LWm2.exe
    2009-03-06 13:46 193,536 a------- C:\LWm.exe
    2009-03-06 13:46 8,150 a------- C:\EF4.bat
    2009-03-06 13:46 195 a------- C:\jBuT56I.bat
    2009-03-06 13:34 238,080 a------- C:\hNzwU2.exe
    2009-03-06 13:31 99,912 a------- C:\hNzwU.exe
    2009-03-06 13:30 8,150 a------- C:\ipb5r68Y.bat
    2009-03-06 13:30 207 a------- C:\UTuhk.bat
    2009-03-06 13:21 0 a------- C:\Xhwm7goO2.exe
    2009-03-06 13:16 144,800 a------- C:\Xhwm7goO.exe
    2009-03-06 13:16 8,150 a------- C:\KhrCpC.bat
    2009-03-06 13:16 227 a------- C:\XojwoS.bat
    2009-03-06 12:54 4,344 a------- C:\Ls92.exe
    2009-03-06 12:48 193,536 a------- C:\Ls9.exe
    2009-03-06 12:47 8,150 a------- C:\mvagP.bat
    2009-03-06 12:47 196 a------- C:\Gke.bat
    2009-03-06 12:06 238,080 a------- C:\fUIaht2.exe
    2009-03-06 12:03 193,536 a------- C:\fUIaht.exe
    2009-03-06 12:03 8,150 a------- C:\zC2Xto.bat
    2009-03-06 12:03 217 a------- C:\GGil79e.bat
    2009-03-06 11:45 8,150 a------- C:\eE1X.bat
    2009-03-06 11:45 211 a------- C:\vJb.bat
    2009-03-06 11:34 238,080 a------- C:\yb52.exe
    2009-03-06 11:31 8,760 a------- C:\yb5.exe
    2009-03-06 11:30 8,150 a------- C:\MymXnThr.bat
    2009-03-06 11:30 197 a------- C:\LnhO.bat
    2009-03-06 11:18 40,544 a------- C:\bTnwkD2.exe
    2009-03-06 11:15 193,536 a------- C:\bTnwkD.exe
    2009-03-06 11:15 8,150 a------- C:\cTMQULVR.bat
    2009-03-06 11:15 212 a------- C:\Pr9zJD9B.bat
    2009-03-06 10:48 238,080 a------- C:\jA8QHQ62.exe
    2009-03-06 10:45 114,392 a------- C:\jA8QHQ6.exe
    2009-03-06 10:45 8,150 a------- C:\O6Fkr4.bat
    2009-03-06 10:45 222 a------- C:\ShU.bat
    2009-03-06 10:32 238,080 a------- C:\OD8i2.exe
    2009-03-06 10:31 193,536 a------- C:\OD8i.exe
    2009-03-06 10:30 8,150 a------- C:\ZxN9.bat
    2009-03-06 10:30 201 a------- C:\xbUOsH.bat
    2009-03-06 10:18 128,944 a------- C:\MYc2.exe
    2009-03-06 10:16 30,660 a------- C:\MYc.exe
    2009-03-06 10:15 8,150 a------- C:\O5uw0.bat
    2009-03-06 10:15 195 a------- C:\lC8.bat
    2009-03-06 10:05 238,080 a------- C:\bRRbB2.exe
    2009-03-06 10:01 193,536 a------- C:\bRRbB.exe
    2009-03-06 10:00 8,150 a------- C:\Yo92Z.bat
    2009-03-06 10:00 210 a------- C:\xSQSm3y.bat
    2009-03-06 09:34 18,824 a------- C:\LRy62.exe
    2009-03-06 09:31 193,536 a------- C:\LRy6.exe
    2009-03-06 09:30 8,150 a------- C:\zG0VWh.bat
    2009-03-06 09:30 201 a------- C:\fCPo9k8.bat
    2009-03-06 09:16 238,080 a------- C:\wdyP8S82.exe
    2009-03-06 09:15 193,536 a------- C:\wdyP8S8.exe
    2009-03-06 09:15 8,150 a------- C:\wJol.bat
    2009-03-06 09:15 219 a------- C:\LNJ5CfL.bat
    2009-03-06 09:01 170,820 a------- C:\Ml352.exe
    2009-03-06 09:00 193,536 a------- C:\Ml35.exe
    2009-03-06 09:00 8,150 a------- C:\FQj2N.bat
    2009-03-06 09:00 201 a------- C:\QJuVRhX.bat
    2009-03-06 08:48 238,080 a------- C:\WGakEaDb2.exe
    2009-03-06 08:45 193,536 a------- C:\WGakEaDb.exe
    2009-03-06 08:45 8,150 a------- C:\bNXQ4cT3.bat
    2009-03-06 08:45 226 a------- C:\bFyt.bat
    2009-03-06 08:19 34,849 a------- C:\svc11
    2009-03-06 08:19 73 a------- C:\svc10
    2009-03-06 08:16 238,080 a------- C:\Z0n2.exe
    2009-03-06 08:15 193,536 a------- C:\Z0n.exe
    2009-03-06 08:15 8,150 a------- C:\YH86.bat
    2009-03-06 08:15 199 a------- C:\mpGZMrYl.bat
    2009-03-06 08:00 193,536 a------- C:\dNzMhXc2.exe
    2009-03-06 08:00 8,150 a------- C:\sDJs0Two.bat
    2009-03-06 08:00 200 a------- C:\DYyb6Xh.bat
    2009-03-06 07:45 193,536 a------- C:\mRW.exe
    2009-03-06 07:45 8,150 a------- C:\Rsy.bat
    2009-03-06 07:45 179 a------- C:\OzHGlm.bat
    2009-03-06 07:30 193,536 a------- C:\AuiaUv.exe
    2009-03-06 07:30 8,150 a------- C:\ZIe9rqE.bat
    2009-03-06 07:30 190 a------- C:\e2HY.bat
    2009-03-06 07:15 193,536 a------- C:\xwEQ.exe
    2009-03-06 07:15 8,150 a------- C:\u1CWeQ.bat
    2009-03-06 07:15 182 a------- C:\h0Fv.bat
    2009-03-06 07:00 193,536 a------- C:\UHd.exe
    2009-03-06 07:00 8,150 a------- C:\OPrJWEL.bat
    2009-03-06 07:00 176 a------- C:\sHOjCin.bat
    2009-03-06 06:45 193,536 a------- C:\Nytzi.exe
    2009-03-06 06:45 8,150 a------- C:\GBWb.bat
    2009-03-06 06:45 185 a------- C:\PqS.bat
    2009-03-06 06:30 193,536 a------- C:\K8l.exe
    2009-03-06 06:30 8,150 a------- C:\wPkPuzGH.bat
    2009-03-06 06:30 179 a------- C:\qpOGafWe.bat
    2009-03-06 06:15 193,536 a------- C:\HDhY26.exe
    2009-03-06 06:15 8,150 a------- C:\ANGOIYh.bat
    2009-03-06 06:15 193 a------- C:\SxgA28.bat
    2009-03-06 06:00 193,536 a------- C:\dd7t7nh.exe
    2009-03-06 06:00 8,150 a------- C:\G5GV.bat
    2009-03-06 06:00 198 a------- C:\GDN.bat
    2009-03-06 05:45 193,536 a------- C:\gEfYYld.exe
    2009-03-06 05:45 8,150 a------- C:\jPHJi.bat
    2009-03-06 05:45 199 a------- C:\RkZ0.bat
    2009-03-06 05:32 28,672 a------- C:\F4Yj.21.exe
    2009-03-06 05:30 151 a------- C:\JHVF62.bat
    2009-03-06 05:30 8,150 a------- C:\v7KX9t.bat
    2009-03-06 05:30 202 a------- C:\JHVF6.bat
    2009-03-06 05:16 28,672 a------- C:\MWURtmSU.21.exe
    2009-03-06 05:15 161 a------- C:\VyktLf9Y2.bat
    2009-03-06 05:15 8,150 a------- C:\y71XbAV.bat
    2009-03-06 05:15 224 a------- C:\VyktLf9Y.bat
    2009-03-06 05:02 28,672 a------- C:\DT4Np.21.exe
    2009-03-06 05:00 151 a------- C:\FRaEdI9t2.bat
    2009-03-06 05:00 8,150 a------- C:\e0VGIO.bat
    2009-03-06 05:00 205 a------- C:\FRaEdI9t.bat
    2009-03-06 04:47 28,672 a------- C:\VIx5OGdY.21.exe
    2009-03-06 04:45 160 a------- C:\LiufxL2l2.bat
    2009-03-06 04:45 8,150 a------- C:\ipmeIPoT.bat
    2009-03-06 04:45 223 a------- C:\LiufxL2l.bat
    2009-03-06 04:32 28,672 a------- C:\HHu.21.exe
    2009-03-06 04:30 148 a------- C:\W9RK2.bat
    2009-03-06 04:30 8,150 a------- C:\UMbk.bat
    2009-03-06 04:30 196 a------- C:\W9RK.bat
    2009-03-06 04:17 28,672 a------- C:\Yhi7qNw.21.exe
    2009-03-06 04:15 161 a------- C:\YnjUgtOL2.bat
    2009-03-06 04:15 8,150 a------- C:\e87v4b.bat
    2009-03-06 04:15 221 a------- C:\YnjUgtOL.bat
    2009-03-06 04:02 28,672 a------- C:\o5TnH.21.exe
    2009-03-06 04:00 154 a------- C:\J3De0P2.bat
    2009-03-06 04:00 8,150 a------- C:\dlR.bat
    2009-03-06 04:00 208 a------- C:\J3De0P.bat
    2009-03-06 03:47 28,672 a------- C:\itm2.21.exe
    2009-03-06 03:46 126,976 a------- C:\itm222.exe
    2009-03-06 03:45 16,060 a------- C:\itm22.exe
    2009-03-06 03:45 153 a------- C:\SadaT2GR2.bat
    2009-03-06 03:45 8,150 a------- C:\frkYO.bat
    2009-03-06 03:45 204 a------- C:\SadaT2GR.bat
    2009-03-06 03:32 28,672 a------- C:\wqVqnh.21.exe
    2009-03-06 03:30 159 a------- C:\Imd3TrrF2.bat
    2009-03-06 03:30 8,150 a------- C:\oOakP.bat
    2009-03-06 03:30 216 a------- C:\Imd3TrrF.bat
    2009-03-06 03:17 28,672 a------- C:\v7eMeLr.21.exe
    2009-03-06 03:15 157 a------- C:\tC192.bat
    2009-03-06 03:15 8,150 a------- C:\GEVF9onH.bat
    2009-03-06 03:15 217 a------- C:\tC19.bat
    2009-03-06 03:02 28,672 a------- C:\SIK.21.exe
    2009-03-06 03:00 145 a------- C:\xg6j2PX2.bat
    2009-03-06 03:00 8,150 a------- C:\UFtBjdRP.bat
    2009-03-06 03:00 193 a------- C:\xg6j2PX.bat
    2009-03-06 02:47 28,672 a------- C:\rrm5xDS1.21.exe
    2009-03-06 02:45 161 a------- C:\QQw6KWu2.bat
    2009-03-06 02:45 8,150 a------- C:\kMi.bat
    2009-03-06 02:45 224 a------- C:\QQw6KWu.bat
    2009-03-06 02:30 165 a------- C:\boTC32.bat
    2009-03-06 02:30 8,150 a------- C:\s9rLQV0K.bat
    2009-03-06 02:30 228 a------- C:\boTC3.bat
    2009-03-06 02:17 28,672 a------- C:\ufnS6ZX.21.exe
    2009-03-06 02:15 160 a------- C:\g43iV2.bat
    2009-03-06 02:15 8,150 a------- C:\NkuGMt.bat
    2009-03-06 02:15 220 a------- C:\g43iV.bat
    2009-03-06 02:02 28,672 a------- C:\Ev1ncRV2.21.exe
    2009-03-06 02:00 163 a------- C:\j0qi2.bat
    2009-03-06 02:00 8,150 a------- C:\q57k.bat
    2009-03-06 02:00 226 a------- C:\j0qi.bat
    2009-03-06 01:47 28,672 a------- C:\iWNNlC.21.exe
    2009-03-06 01:45 154 a------- C:\kVeWsVO2.bat
    2009-03-06 01:45 8,150 a------- C:\zfVUov.bat
    2009-03-06 01:45 211 a------- C:\kVeWsVO.bat
    2009-03-06 01:32 28,672 a------- C:\xOlD0.21.exe
    2009-03-06 01:30 152 a------- C:\ZAq2.bat
    2009-03-06 01:30 8,150 a------- C:\pSiH20.bat
    2009-03-06 01:30 206 a------- C:\ZAq.bat
    2009-03-06 01:17 28,672 a------- C:\sjD2Azv.21.exe
    2009-03-06 01:15 161 a------- C:\bmV2.bat
    2009-03-06 01:15 8,150 a------- C:\SeZPnIr4.bat
    2009-03-06 01:15 221 a------- C:\bmV.bat
    2009-03-06 01:02 28,672 a------- C:\SGGhyZO1.21.exe
    2009-03-06 01:00 163 a------- C:\KWOTVGEX2.bat
    2009-03-06 01:00 8,150 a------- C:\ibUd3.bat
    2009-03-06 01:00 226 a------- C:\KWOTVGEX.bat
    2009-03-06 00:47 28,672 a------- C:\MtZs6m.21.exe
    2009-03-06 00:45 154 a------- C:\bHmsb2.bat
    2009-03-06 00:45 8,150 a------- C:\KbYuGUd.bat
    2009-03-06 00:45 211 a------- C:\bHmsb.bat
    2009-03-06 00:31 28,672 a------- C:\IJ5IJRL.21.exe
    2009-03-06 00:31 0 a------- C:\IJ5IJRL22.exe
    2009-03-06 00:30 160 a------- C:\Sjt2.bat
    2009-03-06 00:30 8,150 a------- C:\F0vg.bat
    2009-03-06 00:30 220 a------- C:\Sjt.bat
    2009-03-06 00:16 28,672 a------- C:\dyWuy.21.exe
    2009-03-06 00:16 0 a------- C:\dyWuy22.exe
    2009-03-06 00:15 154 a------- C:\ikU0Qi2.bat
    2009-03-06 00:15 8,150 a------- C:\fYVdb.bat
    2009-03-06 00:15 208 a------- C:\ikU0Qi.bat
    2009-03-06 00:02 28,672 a------- C:\rCj9.21.exe
    2009-03-06 00:00 151 a------- C:\jUb2.bat
    2009-03-06 00:00 8,150 a------- C:\XCf2xl.bat
    2009-03-06 00:00 202 a------- C:\jUb.bat
    2009-03-05 23:49 28,672 a------- C:\GIm.21.exe
    2009-03-05 23:45 145 a------- C:\FmZFQK92.bat
    2009-03-05 23:45 8,150 a------- C:\Mm3Wfs.bat
    2009-03-05 23:45 193 a------- C:\FmZFQK9.bat
    2009-03-05 23:34 28,672 a------- C:\u6S5T.21.exe
    2009-03-05 23:30 156 a------- C:\tTt02.bat
    2009-03-05 23:30 8,150 a------- C:\jLrQQSN.bat
    2009-03-05 23:30 210 a------- C:\tTt0.bat
    2009-03-05 23:20 28,672 a------- C:\Z1o.21.exe
    2009-03-05 23:17 63,712 a------- C:\Z1o.exe
    2009-03-05 23:16 153,088 a------- C:\Z1o2.exe
    2009-03-05 23:15 149 a------- C:\O5LtxE2.bat
    2009-03-05 23:15 8,150 a------- C:\Ndg0BLhb.bat
    2009-03-05 23:15 197 a------- C:\O5LtxE.bat
    2009-03-05 22:33 28,672 a------- C:\YAPWUGT.21.exe
    2009-03-05 22:30 136,112 a------- C:\YAPWUGT.exe
    2009-03-05 22:30 8,150 a------- C:\skCEDaz.bat
    2009-03-05 22:30 217 a------- C:\pPhJzvF.bat
    2009-03-05 22:30 157 a------- C:\pPhJzvF2.bat
    2009-03-05 22:18 28,672 a------- C:\VpWr.21.exe
    2009-03-05 22:15 149 a------- C:\I1ejRAJ2.bat
    2009-03-05 22:15 8,150 a------- C:\TfxhQ.bat
    2009-03-05 22:15 200 a------- C:\I1ejRAJ.bat
    2009-03-05 22:03 56,832 a-------

    c:\windows\system32\drivers\UACd.sys
    2009-03-05 22:03 28,672 a------- C:\hnE.21.exe
    2009-03-05 22:00 153,088 a------- C:\hnE2.exe
    2009-03-05 22:00 8,150 a------- C:\iI0X9.bat
    2009-03-05 22:00 147 a------- C:\teGg2rnV2.bat
    2009-03-05 22:00 195 a------- C:\teGg2rnV.bat
    2009-03-05 21:46 28,672 a------- C:\YLUh4if.21.exe
    2009-03-05 21:45 126,976 a------- C:\YLUh4if22.exe
    2009-03-05 21:45 153,088 a------- C:\YLUh4if2.exe
    2009-03-05 21:45 8,150 a------- C:\kjRLTHI.bat
    2009-03-05 21:45 159 a------- C:\VTCk2.bat
    2009-03-05 21:45 219 a------- C:\VTCk.bat
    2009-03-05 21:30 193,536 a------- C:\ivC5dbKY.exe
    2009-03-05 21:30 161 a------- C:\bbm2.bat
    2009-03-05 21:30 8,150 a------- C:\bVDIEX.bat
    2009-03-05 21:30 224 a------- C:\bbm.bat
    2009-03-05 21:16 193,536 a------- C:\kP6VC5n.exe
    2009-03-05 21:15 161 a------- C:\HYySzvNE2.bat
    2009-03-05 21:15 8,150 a------- C:\GyaXJW.bat
    2009-03-05 21:15 221 a------- C:\HYySzvNE.bat
    2009-03-05 21:02 28,672 a------- C:\IvbP.21.exe
    2009-03-05 21:01 46,336 a------- C:\IvbP22.exe
    2009-03-05 21:00 8,150 a------- C:\nHN5Q2f.bat
    2009-03-05 21:00 149 a------- C:\rLO2.bat
    2009-03-05 21:00 200 a------- C:\rLO.bat
    2009-03-05 20:47 28,672 a------- C:\Ptg.21.exe
    2009-03-05 20:46 0 a------- C:\Ptg22.exe
    2009-03-05 20:45 146 a------- C:\KKGEL2.bat
    2009-03-05 20:45 8,150 a------- C:\rJkPiM.bat
    2009-03-05 20:45 194 a------- C:\KKGEL.bat
    2009-03-05 20:17 28,672 a------- C:\vpx13Pc.21.exe
    2009-03-05 20:16 126,976 a------- C:\vpx13Pc22.exe
    2009-03-05 20:15 193,536 a------- C:\vpx13Pc.exe
    2009-03-05 20:15 153,088 a------- C:\vpx13Pc2.exe
    2009-03-05 20:15 8,150 a------- C:\vnypCjGl.bat
    2009-03-05 20:15 221 a------- C:\IUWF7Lx.bat
    2009-03-05 20:15 161 a------- C:\IUWF7Lx2.bat
    2009-03-03 23:45 193,536 a------- C:\JBt.exe
    2009-03-03 23:45 153,088 a------- C:\JBt2.exe
    2009-03-03 23:45 106 a------- C:\yXB52.bat
    2009-03-03 23:45 8,150 a------- C:\tlnq.bat
    2009-03-03 23:45 140 a------- C:\yXB5.bat
    2009-03-03 23:15 112 a------- C:\nX72e62.bat
    2009-03-03 23:15 8,150 a------- C:\XiVbWkuK.bat
    2009-03-03 23:15 152 a------- C:\nX72e6.bat
    2009-03-03 23:01 193,536 a------- C:\p1Ysnrq.exe
    2009-03-03 23:00 8,150 a------- C:\A5Gi.bat
    2009-03-03 23:00 112 a------- C:\EjPu2.bat
    2009-03-03 23:00 154 a------- C:\EjPu.bat
    2009-03-03 22:45 149,144 a------- C:\cmyT2.exe
    2009-03-03 22:45 191,136 a------- C:\cmyT.exe
    2009-03-03 22:45 110 a------- C:\hGSUjh2.bat
    2009-03-03 22:45 8,150 a------- C:\i5QqBjc.bat
    2009-03-03 22:45 146 a------- C:\hGSUjh.bat
    2009-03-03 22:30 153,088 a------- C:\tz42.exe
    2009-03-03 22:30 193,536 a------- C:\tz4.exe
    2009-03-03 22:30 108 a------- C:\RXHr2.bat
    2009-03-03 22:30 8,150 a------- C:\turoD0.bat
    2009-03-03 22:30 142 a------- C:\RXHr.bat
    2009-03-03 22:15 153,088 a------- C:\vTOnAXAC2.exe
    2009-03-03 22:15 111 a------- C:\DNs2.bat
    2009-03-03 22:15 8,150 a------- C:\R1DtT.bat
    2009-03-03 22:15 155 a------- C:\DNs.bat
    2009-03-03 22:01 153,088 a------- C:\RmaLcbq2.exe
    2009-03-03 22:01 193,536 a------- C:\RmaLcbq.exe
    2009-03-03 22:01 114 a------- C:\duXo2.bat
    2009-03-03 22:01 8,150 a------- C:\zKlkjDl.bat
    2009-03-03 22:01 156 a------- C:\duXo.bat
    2009-03-03 21:45 153,088 a------- C:\lfXBY2M2.exe
    2009-03-03 21:45 193,536 a------- C:\lfXBY2M.exe
    2009-03-03 21:45 8,150 a------- C:\dMA.bat
    2009-03-03 21:45 155 a------- C:\poa92.bat
    2009-03-03 21:45 113 a------- C:\poa922.bat
    2009-03-03 21:30 110 a------- C:\K4x42.bat
    2009-03-03 21:30 8,150 a------- C:\q1YQnb.bat
    2009-03-03 21:30 148 a------- C:\K4x4.bat
    2009-03-03 21:15 112 a------- C:\SviISQ2.bat
    2009-03-03 21:15 8,150 a------- C:\lAndtAf6.bat
    2009-03-03 21:15 152 a------- C:\SviISQ.bat
    2009-03-03 21:00 109 a------- C:\PvDvm4H2.bat
    2009-03-03 21:00 8,150 a------- C:\Qryyl.bat
    2009-03-03 21:00 149 a------- C:\PvDvm4H.bat
    2009-03-03 20:45 8,150 a------- C:\ZqBgDoF.bat
    2009-03-03 20:45 108 a------- C:\cYBN2.bat
    2009-03-03 20:45 142 a------- C:\cYBN.bat
    2009-03-03 20:30 110 a------- C:\TER2.bat
    2009-03-03 20:30 8,150 a------- C:\TUGQK0fo.bat
    2009-03-03 20:30 146 a------- C:\TER.bat
    2009-03-03 20:27 <DIR> --d----- c:\program files\Trend Micro
    2009-03-03 20:25 <DIR> --d----- C:\hjt
    2009-03-03 20:15 8,150 a------- C:\wkmiCXE8.bat
    2009-03-03 20:15 154 a------- C:\zePHC.bat
    2009-03-03 20:15 110 a------- C:\zePHC2.bat
    2009-03-03 20:00 8,150 a------- C:\DfeDolk.bat
    2009-03-03 20:00 113 a------- C:\HZl2.bat
    2009-03-03 20:00 153 a------- C:\HZl.bat
    2009-03-03 19:45 111 a------- C:\HxL2.bat
    2009-03-03 19:45 8,150 a------- C:\J4N.bat
    2009-03-03 19:45 153 a------- C:\HxL.bat
    2009-03-03 19:15 8,150 a------- C:\tHh.bat
    2009-03-03 19:15 145 a------- C:\OcN3AsD.bat
    2009-03-03 19:15 109 a------- C:\OcN3AsD2.bat
    2009-03-03 19:00 8,150 a------- C:\qs90.bat
    2009-03-03 19:00 114 a------- C:\ife6lrfl2.bat
    2009-03-03 19:00 158 a------- C:\ife6lrfl.bat
    2009-03-03 18:30 8,150 a------- C:\TlpSx8.bat
    2009-03-03 18:30 111 a------- C:\HikrmD2.bat
    2009-03-03 18:30 147 a------- C:\HikrmD.bat
    2009-03-03 18:16 193,536 a------- C:\DsTyfQ.exe
    2009-03-03 18:16 153,088 a------- C:\DsTyfQ2.exe
    2009-03-03 18:15 110 a------- C:\Eaz2.bat
    2009-03-03 18:15 8,150 a------- C:\gfcPfpSs.bat
    2009-03-03 18:15 150 a------- C:\Eaz.bat
    2009-03-03 15:00 153,088 a------- C:\S6d2.exe
    2009-03-03 15:00 193,536 a------- C:\S6d.exe
    2009-03-03 15:00 105 a------- C:\U1Z2.bat
    2009-03-03 15:00 8,150 a------- C:\kjUqxy1.bat
    2009-03-03 15:00 139 a------- C:\U1Z.bat
    2009-03-03 14:45 193,536 a------- C:\jcgKLNtu.exe
    2009-03-03 14:45 153,088 a------- C:\jcgKLNtu2.exe
    2009-03-03 14:45 114 a------- C:\BNeGRJ2.bat
    2009-03-03 14:45 8,150 a------- C:\lUU8HkTB.bat
    2009-03-03 14:45 158 a------- C:\BNeGRJ.bat
    2009-03-03 14:30 153,088 a------- C:\xUtxgRZ2.exe
    2009-03-03 14:30 113 a------- C:\PuncsoHa2.bat
    2009-03-03 14:30 8,150 a------- C:\zW8hbk4W.bat
    2009-03-03 14:30 155 a------- C:\PuncsoHa.bat
    2009-03-03 14:15 8,150 a------- C:\ijNGdOz.bat
    2009-03-03 14:15 152 a------- C:\AKiP.bat
    2009-03-03 14:15 112 a------- C:\AKiP2.bat
    2009-03-03 14:00 193,536 a------- C:\oiD.exe
    2009-03-03 14:00 153,088 a------- C:\oiD2.exe
    2009-03-03 14:00 107 a------- C:\bK8xmu2.bat
    2009-03-03 14:00 8,150 a------- C:\QnqUSq6m.bat
    2009-03-03 14:00 141 a------- C:\bK8xmu.bat
    2009-03-03 13:30 8,150 a------- C:\Kap.bat
    2009-03-03 13:30 108 a------- C:\swndGc2.bat
    2009-03-03 13:30 146 a------- C:\swndGc.bat
    2009-03-03 13:15 8,150 a------- C:\dSa2.bat
    2009-03-03 13:15 107 a------- C:\nhfbU2.bat
    2009-03-03 13:15 141 a------- C:\nhfbU.bat
    2009-03-03 13:00 8,150 a------- C:\CzQC6Sq.bat
    2009-03-03 13:00 112 a------- C:\VUrl2.bat
    2009-03-03 13:00 156 a------- C:\VUrl.bat
    2009-03-03 12:45 8,150 a------- C:\BAXeXg8.bat
    2009-03-03 12:45 146 a------- C:\PoWKsa.bat
    2009-03-03 12:45 108 a------- C:\PoWKsa2.bat
    2009-03-03 12:30 114 a------- C:\igwRcZ2.bat
    2009-03-03 12:30 8,150 a------- C:\sm0ZBuW.bat
    2009-03-03 12:30 158 a------- C:\igwRcZ.bat
    2009-03-03 09:45 106 a------- C:\wpuFSY2.bat
    2009-03-03 09:45 8,150 a------- C:\AGBALsr.bat
    2009-03-03 09:45 142 a------- C:\wpuFSY.bat
    2009-03-03 09:30 107 a------- C:\pZuzJYw82.bat
    2009-03-03 09:30 8,150 a------- C:\cR0.bat
    2009-03-03 09:30 143 a------- C:\pZuzJYw8.bat
    2009-03-03 09:15 105 a------- C:\zzcHjyOe2.bat
    2009-03-03 09:15 8,150 a------- C:\PLq.bat
    2009-03-03 09:15 139 a------- C:\zzcHjyOe.bat
    2009-03-03 09:00 113 a------- C:\cJDlS2.bat
    2009-03-03 09:00 8,150 a------- C:\tUy4jp.bat
    2009-03-03 09:00 153 a------- C:\cJDlS.bat
    2009-03-02 00:00 0 a------- C:\proxy.log.2009.03.02
    2009-03-01 01:00 8,150 a------- C:\dM4SOqRk.bat
    2009-03-01 01:00 107 a------- C:\cLqx2.bat
    2009-03-01 01:00 141 a------- C:\cLqx.bat
    2009-03-01 00:45 107 a------- C:\GyIzG2.bat
    2009-03-01 00:45 8,150 a------- C:\hCCAbDrT.bat
    2009-03-01 00:45 141 a------- C:\GyIzG.bat
    2009-03-01 00:30 8,150 a------- C:\AYNEZ08.bat
    2009-03-01 00:30 157 a------- C:\gy0.bat
    2009-03-01 00:30 113 a------- C:\gy02.bat
    2009-03-01 00:15 112 a------- C:\K7wAb8q2.bat
    2009-03-01 00:15 8,150 a------- C:\OVgL.bat
    2009-03-01 00:15 154 a------- C:\K7wAb8q.bat
    2009-03-01 00:00 200 a------- C:\proxy.log.2009.03.01
    2009-02-28 23:45 114 a------- C:\OSxXZ2.bat
    2009-02-28 23:45 8,150 a------- C:\Ylin.bat
    2009-02-28 23:45 156 a------- C:\OSxXZ.bat
    2009-02-28 23:30 8,150 a------- C:\pCI2Yn.bat
    2009-02-28 23:30 109 a------- C:\G3HrXkeB2.bat
    2009-02-28 23:30 145 a------- C:\G3HrXkeB.bat
    2009-02-28 23:00 8,150 a------- C:\cYA.bat
    2009-02-28 23:00 108 a------- C:\TcXoIaz2.bat
    2009-02-28 23:00 146 a------- C:\TcXoIaz.bat
    2009-02-28 22:30 8,150 a------- C:\DDwA7Xob.bat
    2009-02-28 22:30 112 a------- C:\j8a82.bat
    2009-02-28 22:30 154 a------- C:\j8a8.bat
    2009-02-28 22:16 113 a------- C:\oyhNFlOp2.bat
    2009-02-28 22:16 8,150 a------- C:\HYS9MfV.bat
    2009-02-28 22:16 155 a------- C:\oyhNFlOp.bat
    2009-02-28 21:47 10,136 a------- C:\jBzaZ.exe
    2009-02-28 21:45 108 a------- C:\xefGQlQ2.bat
    2009-02-28 21:45 8,150 a------- C:\i2H6X.bat
    2009-02-28 21:45 146 a------- C:\xefGQlQ.bat
    2009-02-28 20:45 114 a------- C:\jQ3KPdb2.bat
    2009-02-28 20:45 8,150 a------- C:\t9L.bat
    2009-02-28 20:45 158 a------- C:\jQ3KPdb.bat
    2009-02-28 20:31 23,168 a------- C:\vkd.exe
    2009-02-28 20:31 8,150 a------- C:\ZjCXCy.bat
    2009-02-28 20:31 109 a------- C:\BvTz2.bat
    2009-02-28 20:31 143 a------- C:\BvTz.bat
    2009-02-28 19:15 110 a------- C:\rgs2.bat
    2009-02-28 19:15 8,150 a------- C:\zrT.bat
    2009-02-28 19:15 144 a------- C:\rgs.bat
    2009-02-28 18:45 109 a------- C:\kZkIlS2.bat
    2009-02-28 18:45 8,150 a------- C:\OwDtG.bat
    2009-02-28 18:45 143 a------- C:\kZkIlS.bat
    2009-02-28 18:16 113 a------- C:\bGya5h2.bat
    2009-02-28 18:16 8,150 a------- C:\tMNp.bat
    2009-02-28 18:16 155 a------- C:\bGya5h.bat
    2009-02-28 17:46 106 a------- C:\ZEcqnRu2.bat
    2009-02-28 17:45 8,150 a------- C:\VKAKcD.bat
    2009-02-28 17:45 140 a------- C:\ZEcqnRu.bat
    2009-02-28 17:15 110 a------- C:\dwNqt2.bat
    2009-02-28 17:15 8,150 a------- C:\AIX2.bat
    2009-02-28 17:15 144 a------- C:\dwNqt.bat
    2009-02-28 17:00 111 a------- C:\l5652.bat
    2009-02-28 17:00 8,150 a------- C:\XNbkzC.bat
    2009-02-28 17:00 149 a------- C:\l565.bat
    2009-02-28 16:37 1,394 a------- c:\windows\system32\ahtn.htm
    2009-02-28 16:34 1 a------- c:\windows\system32\uniq.tll
    2009-02-28 16:34 3,576 a------- C:\proxy.log.2009.02.28
    2009-02-28 16:34 <DIR> --d----- C:\svc
    2009-02-28 16:31 127 a------- C:\z3o2.bat
    2009-02-28 16:31 8,150 a------- C:\hRXmW.bat
    2009-02-28 16:31 154 a------- C:\z3o.bat
    2009-02-28 15:45 8,098 a------- C:\sKCEpW1.bat
    2009-02-28 15:45 205 a------- C:\nDHO.bat
    2009-02-28 15:00 <DIR> --d----- c:\program files\Maxis
    2009-02-28 08:54 8,098 a------- C:\bctBA8B.bat
    2009-02-28 08:54 215 a------- C:\k1DJnp.bat
    2009-02-19 23:40 54,156 a---h--- c:\windows\QTFont.qfn
    2009-02-19 23:40 1,409 a------- c:\windows\QTFont.for
    2009-02-09 14:30 <DIR> --d----- c:\program files\StepMania
    2009-02-08 00:25 <DIR> --d----- c:\program files\Shockwave.com

    ==================== Find3M ====================

    2008-12-09 19:42 31 a------- c:\documents and

    settings\mom\jagex_runescape_preferences.dat

    ============= FINISH: 19:27:37.39 ===============
     
    Last edited: 2009/03/06
    jbh,
    #1
  2. 2009/03/06
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    UNLESS SPECIFICALLY

    INSTRUCTED, DO NOT POST

    THIS LOG.
    IF REQUESTED, ZIP IT UP &

    ATTACH IT

    DDS (Ver_09-02-01.01)

    Microsoft Windows XP

    Professional
    Boot Device:

    \Device\HarddiskVolume1
    Install Date: 12/4/2003

    11:24:40 PM
    System Uptime: 3/6/2009

    2:12:00 PM (5 hours ago)
    Processor: AMD Athlon(tm)

    XP 2200+ | | 1670/mhz

    ==== Disk Partitions

    =========================

    C: is FIXED (NTFS) - 128

    GiB total, 51.497 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)

    ==== Disabled Device

    Manager Items =============

    Class GUID:

    {4D36E97D-E325-11CE-BFC1-08

    002BE10318}
    Description: NVIDIA nForce

    PCI System Management
    Device ID:

    PCI\VEN_10DE&DEV_0064&SUBSY

    S_05311297&REV_A2\3&13C0B0C

    5&0&09
    Manufacturer: NVIDIA
    Name: NVIDIA nForce PCI

    System Management
    PNP Device ID:

    PCI\VEN_10DE&DEV_0064&SUBSY

    S_05311297&REV_A2\3&13C0B0C

    5&0&09
    Service:

    Class GUID:

    {4D36E96C-E325-11CE-BFC1-08

    002BE10318}
    Description: NVIDIA(R)

    nForce(TM) Audio Codec

    Interface
    Device ID:

    PCI\VEN_10DE&DEV_006A&SUBSY

    S_05311297&REV_A1\3&13C0B0C

    5&0&30
    Manufacturer: NVIDIA

    Corporation
    Name: NVIDIA(R) nForce(TM)

    Audio Codec Interface
    PNP Device ID:

    PCI\VEN_10DE&DEV_006A&SUBSY

    S_05311297&REV_A1\3&13C0B0C

    5&0&30
    Service: nvax

    ==== System Restore Points

    ===================

    RP308: 12/19/2008 6:10:08

    PM - System Checkpoint
    RP309: 12/20/2008 1:47:10

    AM - System Checkpoint
    RP310: 12/20/2008 7:51:12

    PM - Installed Age of

    Empires III
    RP311: 12/20/2008 7:55:18

    PM - Installed Age of

    Empires III
    RP312: 12/27/2008 11:00:38

    PM - System Checkpoint
    RP313: 12/29/2008 12:47:33

    PM - System Checkpoint
    RP314: 12/30/2008 1:12:07

    PM - System Checkpoint
    RP315: 12/31/2008 4:03:01

    PM - System Checkpoint
    RP316: 1/1/2009 4:25:48 PM

    - System Checkpoint
    RP317: 1/2/2009 7:11:02 PM

    - System Checkpoint
    RP318: 1/3/2009 7:37:14 PM

    - System Checkpoint
    RP319: 1/4/2009 10:53:58 PM

    - System Checkpoint
    RP320: 1/6/2009 12:03:15 AM

    - System Checkpoint
    RP321: 1/7/2009 1:13:51 AM

    - System Checkpoint
    RP322: 1/7/2009 5:09:24 PM

    - Installed Age of Empires

    III
    RP323: 1/7/2009 8:10:30 PM

    - Software Distribution

    Service 3.0
    RP324: 1/7/2009 8:15:43 PM

    - Installed Windows XP

    KB915865.
    RP325: 1/7/2009 8:16:38 PM

    - Installed Windows

    NLSDownlevelMapping.
    RP326: 1/7/2009 9:19:35 PM

    - Installed Windows XP

    KB915865.
    RP327: 1/7/2009 9:20:16 PM

    - Installed Windows

    NLSDownlevelMapping.
    RP328: 1/7/2009 9:43:31 PM

    - Installed Uniblue

    DriverScanner v1.0
    RP329: 1/7/2009 9:58:57 PM

    - Installed Uniblue

    DriverScanner v1.0
    RP330: 1/8/2009 9:59:46 AM

    - Removed Age of Empires

    III
    RP331: 1/8/2009 10:36:43 AM

    - Removed Age of Empires

    III
    RP332: 1/8/2009 10:47:40 AM

    - Installed Age of Empires

    III
    RP333: 1/8/2009 4:38:06 PM

    - Installed Age of Empires

    III
    RP334: 1/8/2009 5:06:54 PM

    - Installed Age of Empires

    III
    RP335: 1/8/2009 5:33:55 PM

    - Installed Age of Empires

    III
    RP336: 1/9/2009 2:35:43 PM

    - Installed Windows XP

    KB915865.
    RP337: 1/9/2009 2:36:22 PM

    - Installed Windows

    NLSDownlevelMapping.
    RP338: 1/9/2009 2:36:52 PM

    - Installed Windows

    IDNMitigationAPIs.
    RP339: 1/9/2009 2:37:25 PM

    - Installed Windows

    Internet Explorer 7.
    RP340: 1/9/2009 2:37:47 PM

    - Software Distribution

    Service 3.0
    RP341: 1/10/2009 2:59:57 PM

    - System Checkpoint
    RP342: 1/11/2009 11:05:38

    AM - Installed Windows XP

    KB915865.
    RP343: 1/11/2009 11:06:17

    AM - Installed Windows

    NLSDownlevelMapping.
    RP344: 1/11/2009 11:06:47

    AM - Installed Windows

    IDNMitigationAPIs.
    RP345: 1/11/2009 3:34:32 PM

    - Installed Windows

    Internet Explorer 8.
    RP346: 1/11/2009 3:51:37 PM

    - Software Distribution

    Service 3.0
    RP347: 1/11/2009 4:52:02 PM

    - Software Distribution

    Service 3.0
    RP348: 1/11/2009 7:47:20 PM

    - Installed Age of Empires

    III
    RP349: 1/11/2009 8:22:26 PM

    - Installed Age of Empires

    III
    RP350: 1/11/2009 9:05:10 PM

    - Installed Age of Empires

    III
    RP351: 1/12/2009 6:08:56 PM

    - Software Distribution

    Service 3.0
    RP352: 1/12/2009 8:27:33 PM

    - Software Distribution

    Service 3.0
    RP353: 1/13/2009 3:41:50 AM

    - Software Distribution

    Service 3.0
    RP354: 1/14/2009 3:46:16 AM

    - System Checkpoint
    RP355: 1/15/2009 4:45:57 AM

    - System Checkpoint
    RP356: 2/27/2009 10:33:32

    PM - System Checkpoint
    RP357: 1/16/2009 10:03:20

    PM - System Checkpoint
    RP358: 1/16/2009 10:51:14

    PM - Installed Age of

    Empires III
    RP359: 1/18/2009 12:17:00

    AM - System Checkpoint
    RP360: 1/19/2009 1:00:14 AM

    - System Checkpoint
    RP361: 1/20/2009 2:00:15 AM

    - System Checkpoint
    RP362: 1/20/2009 4:22:49 PM

    - Installed Age of Empires

    III
    RP363: 1/21/2009 10:42:16

    PM - System Checkpoint
    RP364: 1/23/2009 12:44:06

    AM - System Checkpoint
    RP365: 1/24/2009 12:19:17

    PM - System Checkpoint
    RP366: 1/25/2009 3:41:00 PM

    - System Checkpoint
    RP367: 1/27/2009 12:23:11

    AM - System Checkpoint
    RP368: 1/28/2009 12:32:31

    AM - System Checkpoint
    RP369: 1/29/2009 12:33:36

    AM - System Checkpoint
    RP370: 1/30/2009 1:00:16 AM

    - System Checkpoint
    RP371: 1/30/2009 5:40:22 PM

    - Installed Age of Empires

    III
    RP372: 1/30/2009 5:59:13 PM

    - Installed Age of Empires

    III - The WarChiefs
    RP373: 1/30/2009 6:06:47 PM

    - Installed Age of Empires

    III - The Asian Dynasties
    RP374: 1/31/2009 7:00:01 PM

    - System Checkpoint
    RP375: 2/1/2009 11:16:30 PM

    - System Checkpoint
    RP376: 2/3/2009 12:29:07 AM

    - System Checkpoint
    RP377: 2/4/2009 12:54:53 AM

    - System Checkpoint
    RP378: 2/5/2009 1:42:30 AM

    - System Checkpoint
    RP379: 2/6/2009 1:53:51 AM

    - System Checkpoint
    RP380: 2/7/2009 1:54:56 AM

    - System Checkpoint
    RP381: 2/8/2009 11:45:39 AM

    - System Checkpoint
    RP382: 2/9/2009 12:06:43 PM

    - System Checkpoint
    RP383: 2/10/2009 4:11:24 PM

    - System Checkpoint
    RP384: 2/11/2009 4:17:56 PM

    - System Checkpoint
    RP385: 2/12/2009 11:07:55

    PM - System Checkpoint
    RP386: 2/13/2009 11:44:34

    PM - System Checkpoint
    RP387: 2/15/2009 2:13:17 PM

    - System Checkpoint
    RP388: 2/16/2009 3:20:36 PM

    - System Checkpoint
    RP389: 2/17/2009 3:44:49 PM

    - System Checkpoint
    RP390: 2/18/2009 5:22:59 PM

    - System Checkpoint
    RP391: 2/19/2009 5:34:44 PM

    - System Checkpoint
    RP392: 2/20/2009 9:01:35 PM

    - System Checkpoint
    RP393: 2/21/2009 10:52:30

    PM - System Checkpoint
    RP394: 2/22/2009 11:47:54

    PM - System Checkpoint
    RP395: 2/24/2009 12:25:35

    AM - System Checkpoint
    RP396: 2/25/2009 12:32:01

    AM - System Checkpoint
    RP397: 2/26/2009 6:49:25 AM

    - System Checkpoint
    RP398: 2/27/2009 7:30:32 AM

    - System Checkpoint
    RP399: 2/28/2009 7:44:43 AM

    - System Checkpoint
    RP400: 3/1/2009 8:27:46 AM

    - System Checkpoint
    RP401: 3/2/2009 9:20:24 AM

    - System Checkpoint
    RP402: 3/3/2009 2:35:45 PM

    - System Checkpoint
    RP403: 3/4/2009 2:56:19 PM

    - System Checkpoint
    RP404: 3/5/2009 3:56:19 PM

    - System Checkpoint

    ==== Installed Programs

    ======================

    #1 DVD Ripper 7.2.5
    2007 Microsoft Office Suite

    Service Pack 1 (SP1)
    2008 Mahjongg Lite 4.0
    3D Home Architect(r) Deluxe

    3.0
    Acrobat.com
    Ad-Aware 2007
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10

    Plugin
    Adobe Flash Player ActiveX
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 9
    Adobe Shockwave Player
    Adobe Stock Photos 1.0
    Age of Empires III
    Age of Empires III - The

    Asian Dynasties
    Age of Empires III - The

    WarChiefs
    Age of Mythology
    Age of Wonders Shadow Magic
    Agere Systems PCI Soft

    Modem
    Any Video Converter 2.6.2
    Apple Software Update
    ATI - Software Uninstall

    Utility
    ATI Catalyst Control Center
    ATI Display Driver
    ATI Parental Control &

    Encoder
    Audiosurf
    Audiosurf Beta
    AutoUpdate
    AVG Free 8.0
    AVIVO Codecs
    BitComet 1.07
    Creative Audio Console
    Cubis Gold 2 (remove only)
    Cucusoft Ultimate DVD +

    Video Converter Suite

    7.6.7.5
    D&D Character Generator

    Demo
    Dark Messiah
    DawnOfWar
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    Doom Shareware for Windows

    95
    Field & Stream® Trophy Bass

    4
    FLV Player 2.0, build 23
    Fresian Screensaver
    Full Tilt! Pinball
    Full Tilt! Pinball Demo
    Game Elements GGE910

    Wireless PC Control Pad
    Half-Life 2
    Higher Score on the

    SAT/PSAT
    HijackThis 2.0.2
    Hotfix for Windows XP

    (KB915865)
    Hotfix for Windows XP

    (KB952287)
    Indeo® software
    InterActual Player
    InterVideo WinDVD 4
    IrfanView (remove only)
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    JawDropper 2007
    Kaplan Essential Review-

    Biology & Chemistry
    LimeWire 4.16.7
    Microsoft File Transfer

    Manager
    Microsoft .NET Framework

    2.0 Service Pack 1
    Microsoft Age of Empires II
    Microsoft Age of Empires

    II: The Conquerors

    Expansion
    Microsoft Combat Flight

    Simulator
    Microsoft Internationalized

    Domain Names Mitigation

    APIs
    Microsoft National Language

    Support Downlevel APIs
    Microsoft Office Access MUI

    (English) 2007
    Microsoft Office Access

    Setup Metadata MUI

    (English) 2007
    Microsoft Office Enterprise

    2007
    Microsoft Office Excel MUI

    (English) 2007
    Microsoft Office Groove MUI

    (English) 2007
    Microsoft Office Groove

    Setup Metadata MUI

    (English) 2007
    Microsoft Office InfoPath

    MUI (English) 2007
    Microsoft Office OneNote

    MUI (English) 2007
    Microsoft Office Outlook

    MUI (English) 2007
    Microsoft Office PowerPoint

    MUI (English) 2007
    Microsoft Office Proof

    (English) 2007
    Microsoft Office Proof

    (French) 2007
    Microsoft Office Proof

    (Spanish) 2007
    Microsoft Office Proofing

    (English) 2007
    Microsoft Office Publisher

    MUI (English) 2007
    Microsoft Office Shared MUI

    (English) 2007
    Microsoft Office Shared

    Setup Metadata MUI

    (English) 2007
    Microsoft Office Word MUI

    (English) 2007
    Microsoft Silverlight
    Microsoft Software Update

    for Web Folders (English)

    12
    Microsoft Visual C++ 2005

    Redistributable
    Moraff's 3D-Jongg Freeware

    1.1
    Moraff's MahJongg Freeware

    1.1
    Moraff's MarbleJongg 1.11

    Freeware
    Moraff's RingJongg Freeware

    1.1
    Moraff's SpaceJongg

    Freeware 1.1
    Moraff's SphereJongg 10.1
    MovieShop
    Mozilla Firefox (3.0.7)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML4 Parser
    neoDVDstandard
    neoDVDstandard4
    Nero Suite
    NVIDIA Drivers
    NVIDIA Windows 2000/XP

    nForce Drivers
    Peggle Deluxe
    Peggle Extreme
    Portal
    QuickTime
    RACE 07 Demo
    RealPlayer
    Rhapsody Player Engine
    Ricochet Lost Worlds Demo
    Rightdown Software -

    Toolbar
    Security Update for 2007

    Microsoft Office System

    (KB951550)
    Security Update for 2007

    Microsoft Office System

    (KB951944)
    Security Update for 2007

    Microsoft Office System

    (KB958439)
    Security Update for

    Microsoft Office Excel 2007

    (KB958437)
    Security Update for

    Microsoft Office OneNote

    2007 (KB950130)
    Security Update for

    Microsoft Office PowerPoint

    2007 (KB951338)
    Security Update for

    Microsoft Office Publisher

    2007 (KB950114)
    Security Update for

    Microsoft Office system

    2007 (KB954326)
    Security Update for

    Microsoft Office system

    2007 (KB956828)
    Security Update for

    Microsoft Office Word 2007

    (KB956358)
    Security Update for Windows

    Internet Explorer 8

    (KB960714)
    Security Update for Windows

    XP (KB890046)
    Security Update for Windows

    XP (KB893756)
    Security Update for Windows

    XP (KB896358)
    Security Update for Windows

    XP (KB896423)
    Security Update for Windows

    XP (KB896428)
    Security Update for Windows

    XP (KB899587)
    Security Update for Windows

    XP (KB899591)
    Security Update for Windows

    XP (KB900725)
    Security Update for Windows

    XP (KB901017)
    Security Update for Windows

    XP (KB901214)
    Security Update for Windows

    XP (KB902400)
    Security Update for Windows

    XP (KB905414)
    Security Update for Windows

    XP (KB905749)
    Security Update for Windows

    XP (KB908519)
    Security Update for Windows

    XP (KB911562)
    Security Update for Windows

    XP (KB911927)
    Security Update for Windows

    XP (KB913580)
    Security Update for Windows

    XP (KB914388)
    Security Update for Windows

    XP (KB914389)
    Security Update for Windows

    XP (KB918118)
    Security Update for Windows

    XP (KB918439)
    Security Update for Windows

    XP (KB920213)
    Security Update for Windows

    XP (KB920670)
    Security Update for Windows

    XP (KB920683)
    Security Update for Windows

    XP (KB920685)
    Security Update for Windows

    XP (KB923191)
    Security Update for Windows

    XP (KB923789)
    Security Update for Windows

    XP (KB923980)
    Security Update for Windows

    XP (KB924270)
    Security Update for Windows

    XP (KB924667)
    Security Update for Windows

    XP (KB925902)
    Security Update for Windows

    XP (KB926255)
    Security Update for Windows

    XP (KB926436)
    Security Update for Windows

    XP (KB927779)
    Security Update for Windows

    XP (KB927802)
    Security Update for Windows

    XP (KB928255)
    Security Update for Windows

    XP (KB928843)
    Security Update for Windows

    XP (KB929123)
    Security Update for Windows

    XP (KB930178)
    Security Update for Windows

    XP (KB931261)
    Security Update for Windows

    XP (KB933729)
    Security Update for Windows

    XP (KB935839)
    Security Update for Windows

    XP (KB935840)
    Security Update for Windows

    XP (KB937894)
    Security Update for Windows

    XP (KB938464)
    Security Update for Windows

    XP (KB941569)
    Security Update for Windows

    XP (KB943055)
    Security Update for Windows

    XP (KB943460)
    Security Update for Windows

    XP (KB943485)
    Security Update for Windows

    XP (KB944338-v2)
    Security Update for Windows

    XP (KB944653)
    Security Update for Windows

    XP (KB945553)
    Security Update for Windows

    XP (KB946026)
    Security Update for Windows

    XP (KB946648)
    Security Update for Windows

    XP (KB950749)
    Security Update for Windows

    XP (KB950762)
    Security Update for Windows

    XP (KB950974)
    Security Update for Windows

    XP (KB951066)
    Security Update for Windows

    XP (KB951376-v2)
    Security Update for Windows

    XP (KB951698)
    Security Update for Windows

    XP (KB951748)
    Security Update for Windows

    XP (KB952954)
    Security Update for Windows

    XP (KB953838)
    Security Update for Windows

    XP (KB953839)
    Security Update for Windows

    XP (KB954211)
    Security Update for Windows

    XP (KB954600)
    Security Update for Windows

    XP (KB955069)
    Security Update for Windows

    XP (KB956390)
    Security Update for Windows

    XP (KB956391)
    Security Update for Windows

    XP (KB956802)
    Security Update for Windows

    XP (KB956803)
    Security Update for Windows

    XP (KB956841)
    Security Update for Windows

    XP (KB957095)
    Security Update for Windows

    XP (KB957097)
    Security Update for Windows

    XP (KB958644)
    Sid Meier's Civilization 4

    Gold
    Sierra On-Line Games

    (Remove only)
    Spybot - Search & Destroy
    Star Wars Battlefront II
    Steam
    StepMania (remove only)
    Stronghold Crusader
    Super Text Twist®
    Synaesthete (v1.0)
    System Requirements Lab
    Team Fortress 2
    The Battle for Middle-earth

    (tm) II
    The Lord of the Rings, The

    Rise of the Witch-king
    Twilight Mahjongg Demo v1.6
    Typer Shark Deluxe 1.01
    Update for Microsoft Office

    2007 Help for Common

    Features (KB957244)
    Update for Microsoft Office

    Excel 2007 Help (KB957242)
    Update for Microsoft Office

    InfoPath 2007 Help

    (KB957243)
    Update for Microsoft Office

    OneNote 2007 Help

    (KB957245)
    Update for Microsoft Office

    Outlook 2007 (KB952142)
    Update for Microsoft Office

    Outlook 2007 Help

    (KB957246)
    Update for Microsoft Office

    PowerPoint 2007 Help

    (KB957247)
    Update for Microsoft Office

    Publisher 2007 Help

    (KB957249)
    Update for Microsoft Script

    Editor Help (KB957253)
    Update for Office 2007

    (KB946691)
    Update for Outlook 2007

    Junk Email Filter

    (kb958619)
    Update for Windows XP

    (KB894391)
    Update for Windows XP

    (KB900485)
    Update for Windows XP

    (KB904942)
    Update for Windows XP

    (KB908531)
    Update for Windows XP

    (KB910437)
    Update for Windows XP

    (KB911280)
    Update for Windows XP

    (KB916595)
    Update for Windows XP

    (KB920872)
    Update for Windows XP

    (KB922582)
    Update for Windows XP

    (KB927891)
    Update for Windows XP

    (KB930916)
    Update for Windows XP

    (KB938828)
    Update for Windows XP

    (KB951072-v2)
    Update for Windows XP

    (KB955839)
    VideoLAN VLC media player

    0.8.6h
    Wal-Mart Digital Photo

    Manager
    WarRock
    WebFldrs XP
    WildBlue Optimizer Ver

    2008-02-01
    Windows Essentials Media

    Codec Pack 1.0
    Windows Genuine Advantage

    Notifications (KB905474)
    Windows Genuine Advantage

    Validation Tool (KB892130)
    Windows Installer 3.1

    (KB893803)
    Windows Internet Explorer 8

    Beta 2
    Windows XP Hotfix -

    KB873339
    Windows XP Hotfix -

    KB885835
    Windows XP Hotfix -

    KB885836
    Windows XP Hotfix -

    KB886185
    Windows XP Hotfix -

    KB888302
    Windows XP Hotfix -

    KB890859
    Windows XP Hotfix -

    KB891781
    WinRAR archiver
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Toolbar

    ==== Event Viewer Messages

    From Past Week ========

    3/3/2009 8:52:58 AM, error:

    Service Control Manager

    [7031] - The Ad-Aware 2007

    Service service terminated

    unexpectedly. It has done

    this 1 time(s). The

    following corrective action

    will be taken in 5000

    milliseconds: Restart the

    service.
    3/2/2009 10:51:39 PM,

    error: Service Control

    Manager [7034] - The

    Ad-Aware 2007 Service

    service terminated

    unexpectedly. It has done

    this 3 time(s).
    3/2/2009 10:51:09 PM,

    error: Service Control

    Manager [7031] - The

    Ad-Aware 2007 Service

    service terminated

    unexpectedly. It has done

    this 2 time(s). The

    following corrective action

    will be taken in 10000

    milliseconds: Restart the

    service.
    3/3/2009 6:18:48 PM, error:

    Service Control Manager

    [7031] - The Print Spooler

    service terminated

    unexpectedly. It has done

    this 1 time(s). The

    following corrective action

    will be taken in 60000

    milliseconds: Restart the

    service.
    3/3/2009 6:18:55 PM, error:

    Service Control Manager

    [7034] - The PnkBstrA

    service terminated

    unexpectedly. It has done

    this 1 time(s).
    3/3/2009 6:19:00 PM, error:

    Service Control Manager

    [7034] - The Agere Modem

    Call Progress Audio service

    terminated unexpectedly.

    It has done this 1 time(s).
    3/3/2009 6:34:19 PM, error:

    Service Control Manager

    [7034] - The Ati HotKey

    Poller service terminated

    unexpectedly. It has done

    this 1 time(s).
    3/4/2009 9:42:18 PM, error:

    Service Control Manager

    [7034] - The Ad-Aware 2007

    Service service terminated

    unexpectedly. It has done

    this 4 time(s).

    ==== End Of File

    ===========================
     
    jbh,
    #2


  3. to hide this advert.

  4. 2009/03/08
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi jbh
    Sorry Juliet. posted at the same time. :)

    Please follow Juliets instructions.

    Thanks
    Geri
     
    Geri,
    #3
  5. 2009/03/08
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    LOL Gerri

    Please do this first.

    Open notepad (Start > Run, type in: notepad)
    At the top click on Format, uncheck word wrap.

    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2
    Link 3

    [​IMG]


    [​IMG]
    --------------------------------------------------------------------
    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    (Click on this link to see a list of programs that should be disabled.)
    http://www.bleepingcomputer.com/forums/topic114351.html


    Double click on Combo-Fix.exe & follow the prompts.

    Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

    No Validation is Required.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



    ** Please Note:
    At times ComboFix may appear to stall, please be patient.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

    Please only run the tool once, ty.

    Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
    Don't select to run the Recovery Console as we don't need it.
    By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

    You may need several replies to post the requested logs, otherwise they might get cut off.
     
    Last edited: 2009/03/08
    Juliet,
    #4
  6. 2009/03/08
    Randa

    Randa Inactive

    Joined:
    2009/03/08
    Messages:
    3
    Likes Received:
    0
    Please check my DDS log for Malware/virus/Trojans

    DDS (Ver_09-02-01.01) - NTFSx86
    Run by randa at 21:05:13.04 on 08/03/2009
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1015.537 [GMT 2:00]

    AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
    FW: Kaspersky Internet Security *enabled*

    ============== Running Processes ===============

    E:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    E:\WINDOWS\System32\svchost.exe -k netsvcs
    E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    E:\Program Files\Broadcom\BACS\bacstray.exe
    E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    D:\My Documents\avp.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\MSN Messenger\MsnMsgr.Exe
    E:\Program Files\WinZip\WZQKPICK.EXE
    D:\My Documents\avp.exe
    E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    E:\WINDOWS\System32\svchost.exe -k imgsvc
    E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    E:\WINDOWS\system32\wuauclt.exe
    E:\Program Files\MSN Messenger\usnsvc.exe
    E:\WINDOWS\system32\msiexec.exe
    E:\WINDOWS\explorer.exe
    E:\Program Files\Internet Explorer\iexplore.exe
    E:\Program Files\Internet Explorer\iexplore.exe
    E:\WINDOWS\system32\wuauclt.exe
    E:\Documents and Settings\randa\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    uSearch Bar = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    mDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - e:\program files\search settings\kb127\SearchSettings.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - e:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - d:\my documents\ievkbd.dll
    BHO: DealioBHO Class: {6a87b991-a31f-4130-ae72-6d0c294bf082} - e:\program files\dealio\kb127\Dealio.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - e:\program files\java\jre6\bin\ssv.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - e:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - e:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
    BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - e:\program files\windows live toolbar\msntb.dll
    BHO: NoExplorer - No File
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - e:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - e:\program files\search settings\kb127\SearchSettings.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - e:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
    TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - e:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
    TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - e:\program files\windows live toolbar\msntb.dll
    TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - e:\program files\google\google toolbar\GoogleToolbar.dll
    TB: Dealio: {e67c74f4-a00a-4f2c-9fec-fd9dc004a67f} - e:\program files\dealio\kb127\Dealio.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [kamsoft] e:\windows\system32\kamsoft.exe
    uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
    uRun: [MsnMsgr] "e:\program files\msn messenger\MsnMsgr.Exe" /background
    uRun: [swg] e:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [BitComet] "e:\program files\bitcomet\BitComet.exe" /tray
    mRun: [Smapp] e:\program files\analog devices\soundmax\SMTray.exe
    mRun: [bacstray] e:\program files\broadcom\bacs\bacstray.exe
    mRun: [IMJPMIG8.1] "e:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] e:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] e:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] e:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [PCSuiteTrayApplication] e:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
    mRun: [TkBellExe] "e:\program files\mpcstar\codecs\real\rcaplugins\realsched.exe" -osboot
    mRun: [SearchSettings] e:\program files\search settings\SearchSettings.exe
    mRun: [XP-11646D96] e:\windows\system32\XP-11646D96.EXE
    mRun: [AVP] "d:\my documents\avp.exe "
    dRun: [Nokia.PCSync] e:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
    dRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
    StartupFolder: e:\docume~1\randa\startm~1\programs\startup\75cd~1.lnk - e:\windows\system32\XP-11646D96.EXE
    StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - e:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - e:\program files\winzip\WZQKPICK.EXE
    uPolicies-explorer: NofolderOptions = 1 (0x1)
    uPolicies-system: DisableTaskMgr = 1 (0x1)
    uPolicies-system: DisableRegistryTools = 1 (0x1)
    dPolicies-explorer: NofolderOptions = 1 (0x1)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    dPolicies-system: DisableRegistryTools = 1 (0x1)
    IE: &Windows Live Search - e:\program files\windows live toolbar\msntb.dll/search.htm
    IE: Add to Banner Ad Blocker - d:\my documents\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
    IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - d:\my documents\SCIEPlgn.dll
    DPF: DirectAnimation Java Classes - file://e:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://e:\windows\java\classes\xmldso.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - e:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Notify: klogon - e:\windows\system32\klogon.dll
    AppInit_DLLs: d:\mydocu~1\mzvkbd.dll,d:\mydocu~1\mzvkbd3.dll,d:\mydocu~1\adialhk.dll,d:\mydocu~1\kloehk.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R0 kl1;Kl1;e:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
    R0 klbg;Kaspersky Lab Boot Guard Driver;e:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
    R1 KLIF;Kaspersky Lab Driver;e:\windows\system32\drivers\klif.sys [2009-3-8 213520]
    R2 AVP;Kaspersky Internet Security;d:\my documents\avp.exe [2008-7-29 206088]
    R3 KLFLTDEV;Kaspersky Lab KLFltDev;e:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;e:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
    S3 AVPsys;AVPsys;\??\e:\windows\system32\drivers\cdaudio.sys --> e:\windows\system32\drivers\cdaudio.sys [?]

    =============== Created Last 30 ================

    2009-03-08 18:33 101,287 a------- e:\windows\system32\drivers\klin.dat
    2009-03-08 18:33 89,601 a------- e:\windows\system32\drivers\klick.dat
    2009-03-08 18:32 3,831,328 a--sh--- e:\windows\system32\drivers\fidbox.dat
    2009-03-08 18:32 589,856 a--sh--- e:\windows\system32\drivers\fidbox2.dat
    2009-03-08 18:32 33,108 a--sh--- e:\windows\system32\drivers\fidbox.idx
    2009-03-08 18:32 5,192 a--sh--- e:\windows\system32\drivers\fidbox2.idx
    2009-03-08 12:50 0 a------- e:\windows\system32\REN28.tmp
    2009-03-08 12:50 0 a------- e:\windows\system32\REN27.tmp
    2009-03-08 12:50 0 a------- e:\windows\system32\REN26.tmp
    2009-03-08 12:20 <DIR> --d-h--- e:\windows\PIF
    2009-03-07 23:10 <DIR> --d----- e:\docume~1\alluse~1\applic~1\Kaspersky Lab
    2009-03-07 23:07 <DIR> --d----- e:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
    2009-03-05 18:34 69 ---shr-- E:\autorun.inf
    2009-03-04 18:44 20,992 a------- e:\windows\system32\APADB64.EXE
    2009-03-04 18:44 20,992 ---sh--- e:\windows\system32\wemtoreg.exe
    2009-03-03 07:55 56 a---h--- e:\windows\system32\ezsidmv.dat
    2009-02-28 18:01 20,992 a------- e:\windows\system32\OA-AE13B.EXE
    2009-02-28 18:01 20,992 ---sh--- e:\windows\system32\wemtareg.exe
    2009-02-20 22:09 20,992 ---sh--- e:\windows\system32\wimtareg.exe
    2009-02-19 18:35 20,992 a------- e:\windows\system32\OX-AE13B.EXE
    2009-02-19 18:35 20,992 ---sh--- e:\windows\system32\wimzareg.exe
    2009-02-14 23:05 1,097,728 ----h--- e:\windows\system32\krnln.fnr
    2009-02-14 23:05 323,584 ----h--- e:\windows\system32\eAPI.fne
    2009-02-14 23:05 270,336 ----h--- e:\windows\system32\com.run
    2009-02-14 23:05 217,088 ----h--- e:\windows\system32\RegEx.fnr
    2009-02-14 23:05 184,320 ----h--- e:\windows\system32\internet.fne
    2009-02-14 23:05 114,688 ----h--- e:\windows\system32\dp1.fne
    2009-02-14 23:05 73,728 ----h--- e:\windows\system32\spec.fne
    2009-02-14 23:05 40,960 ----h--- e:\windows\system32\shell.fne
    2009-02-14 23:04 2,404 a--sh--- e:\windows\system32\ul.dll
    2009-02-14 23:04 2,048 -------- e:\windows\system32\og.EDT
    2009-02-14 23:04 827 -------- e:\windows\system32\og.dll

    ==================== Find3M ====================

    2009-03-08 19:48 94,720 ---shr-- e:\windows\system32\nmdfgds0.dll
    2009-03-08 19:45 33,808 a------- e:\windows\system32\drivers\klbg.sys
    2009-03-07 23:41 81,984 a------- e:\windows\system32\bdod.bin
    2009-03-03 15:08 57,016 ac------ e:\docume~1\randa\applic~1\GDIPFONTCACHEV1.DAT
    2008-12-22 08:05 410,976 a------- e:\windows\system32\deploytk.dll

    ============= FINISH: 21:05:46.62 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-02-01.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 16/08/2008 20:43:52
    System Uptime: 03/08/2009 20:22:47 (-3551 hours ago)

    Motherboard: Hewlett-Packard | | 0984h
    Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | XU1 PROCESSOR | 3391/800mhz
    Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | XU1 PROCESSOR | 3391/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 44 GiB total, 36.597 GiB free.
    D: is FIXED (NTFS) - 21 GiB total, 5.251 GiB free.
    E: is FIXED (NTFS) - 10 GiB total, 2.062 GiB free.
    F: is CDROM ()
    G: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Video Controller (VGA Compatible)
    Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_3005103C&REV_04\3&B1BFB68&0&10
    Manufacturer:
    Name: Video Controller (VGA Compatible)
    PNP Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_3005103C&REV_04\3&B1BFB68&0&10
    Service:

    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Description: PS/2 Compatible Mouse
    Device ID: ACPI\PNP0F13\4&1117367&0
    Manufacturer: Microsoft
    Name: PS/2 Compatible Mouse
    PNP Device ID: ACPI\PNP0F13\4&1117367&0
    Service: i8042prt

    Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&1117367&0
    Manufacturer: (Standard keyboards)
    Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&1117367&0
    Service: i8042prt

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: N93i
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: N93i
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd

    ==== System Restore Points ===================

    RP179: 08/03/2009 15:13:01 - Removed Kaspersky Internet Security 2009.
    RP180: 08/03/2009 18:32:48 - Installed Kaspersky Internet Security 2009.

    ==== Installed Programs ======================

    Adobe Reader 7.0
    Apple Software Update
    Ask Toolbar
    Broadcom Management Programs
    Choice Guard
    Highlight Viewer (Windows Live Toolbar)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954708)
    Java(TM) 6 Update 10
    Kaspersky Internet Security 2009
    Map Button (Windows Live Toolbar)
    Media Player Codec Pack 3.2.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Live Add-in 1.3
    Microsoft Office XP Professional
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.5
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Octoshape add-in for Adobe Flash Player
    PC Connectivity Solution
    PCFriendly
    QuickTime
    QuickTime Converter 2.1
    RealPlayer
    Rhapsody Player Engine
    Search Settings 1.2
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Sibelius Scorch (ActiveX Only)
    Smart Menus (Windows Live Toolbar)
    SoundMAX
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    WebFldrs XP
    Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
    Windows Driver Package - Nokia Modem (02/15/2007 3.1)
    Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Live Mail
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Media Format 11 runtime
    Windows XP Hotfix - KB885884
    Windows XP Service Pack 2
    WinRAR archiver
    WinZip 11.2

    ==== Event Viewer Messages From Past Week ========

    01/03/2009 12:03:07, error: Service Control Manager [7000] - The BitDefender Desktop Update Service service failed to start due to the following error: The system cannot find the file specified.
    01/03/2009 07:42:44, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    01/03/2009 22:12:14, error: Print [6161] -
    05/03/2009 16:24:34, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
    05/03/2009 16:25:19, error: Service Control Manager [7022] - The BitDefender Virus Shield service hung on starting.
    05/03/2009 16:31:03, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
    05/03/2009 16:35:56, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
    05/03/2009 16:36:23, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the PlugPlay service.
    05/03/2009 16:37:00, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    05/03/2009 16:38:11, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
    05/03/2009 16:38:57, error: Service Control Manager [7000] - The Network Location Awareness (NLA) service failed to start due to the following error: All pipe instances are busy.
    05/03/2009 16:43:02, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    05/03/2009 16:45:33, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/03/2009 23:34:16, error: Service Control Manager [7000] - The AVPsys service failed to start due to the following error: A device attached to the system is not functioning.
    07/03/2009 23:34:16, error: Service Control Manager [7000] - The AVPsys service failed to start due to the following error: The system cannot find the file specified.
    07/03/2009 23:38:25, error: Service Control Manager [7031] - The Kaspersky Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    08/03/2009 08:02:36, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the path specified.
    07/03/2009 23:34:32, information: Windows File Protection [64002] - File replacement was attempted on the protected system file cdaudio.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    08/03/2009 07:52:54, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\bckg.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:54, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\bckgres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:54, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\bckgzm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:54, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\chkr.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:54, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\chkrres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:54, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\chkrzm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:54, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\cmnclim.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.629.1.
    08/03/2009 07:52:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\cmnresm.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\hrtz.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\hrtzres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\hrtzzm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\rvse.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\rvseres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\rvsezm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\shvl.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\shvlres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\shvlzm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\uniansi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\zclientm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\zcorem.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\zeeverm.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.629.1.
    08/03/2009 07:52:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\znetm.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\zoneclim.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
    08/03/2009 07:52:55, information: Windows File Protection [64002] - File replacement was attempted on the protected system file e:\program files\msn gaming zone\windows\zonelibm.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

    ==== End Of File ===========================
     
    Randa,
    #5
  7. 2009/03/08
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Hi Randa

    This topic was started by jbh.

    In order to avoid any confusion I must ask that you start your own topic requesting help.

    An Advisor will be you as soon as possible, thank you.
     
    Juliet,
    #6
  8. 2009/03/08
    Randa

    Randa Inactive

    Joined:
    2009/03/08
    Messages:
    3
    Likes Received:
    0
    sure Julie .. sorry & thank u
     
    Randa,
    #7
  9. 2009/03/09
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    Thanks so much for replying. I am anxious to get this computer cleaned up.

    Here are the reports you request.

    ComboFix 09-03-06.02 - mom 2009-03-09 14:16:15.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1106 [GMT -5:00]
    Running from: c:\documents and settings\mom\Desktop\Combo-Fix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Downloaded Program Files\ODCTOOLS
    .
    ---- Previous Run -------
    .
    c:\windows\system32\ahtn.htm
    c:\windows\system32\uniq.tll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_UACd.sys


    ((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
    .

    2009-03-09 13:45 . 2009-03-09 13:47 238,080 --a------ C:\Scdj2.exe
    2009-03-09 13:45 . 2009-03-09 13:45 192,512 --a------ C:\Scdj.exe
    2009-03-09 13:45 . 2009-03-09 13:45 8,150 --a------ C:\dBj.bat
    2009-03-09 13:45 . 2009-03-09 13:45 204 --a------ C:\IxM.bat
    2009-03-09 13:32 . 2009-03-09 13:34 238,080 --a------ C:\Ujm9meF2.exe
    2009-03-09 13:30 . 2009-03-09 13:32 192,512 --a------ C:\Ujm9meF.exe
    2009-03-09 13:30 . 2009-03-09 13:30 8,150 --a------ C:\RRw.bat
    2009-03-09 13:30 . 2009-03-09 13:30 220 --a------ C:\ifq.bat
    2009-03-09 13:17 . 2009-03-09 13:19 238,080 --a------ C:\niQ2.exe
    2009-03-09 13:15 . 2009-03-09 13:17 192,512 --a------ C:\niQ.exe
    2009-03-09 13:15 . 2009-03-09 13:15 8,150 --a------ C:\gBN9JHVy.bat
    2009-03-09 13:15 . 2009-03-09 13:15 194 --a------ C:\vnzVj0V.bat
    2009-03-09 12:47 . 2009-03-09 12:49 238,080 --a------ C:\Qtwi2.exe
    2009-03-09 12:45 . 2009-03-09 12:47 192,512 --a------ C:\Qtwi.exe
    2009-03-09 12:45 . 2009-03-09 12:45 8,150 --a------ C:\NEtyk4.bat
    2009-03-09 12:45 . 2009-03-09 12:45 205 --a------ C:\jqgX.bat
    2009-03-09 12:23 . 2009-03-09 12:23 0 --a------ C:\CSVomeKb2.exe
    2009-03-09 12:17 . 2009-03-09 12:23 165,072 --a------ C:\CSVomeKb.exe
    2009-03-09 12:16 . 2009-03-09 12:16 8,150 --a------ C:\MeZ.bat
    2009-03-09 12:16 . 2009-03-09 12:16 224 --a------ C:\bluFL5I.bat
    2009-03-09 12:00 . 2009-03-09 12:00 8,150 --a------ C:\BFG5Ta2b.bat
    2009-03-09 12:00 . 2009-03-09 12:00 205 --a------ C:\zq9ytg6.bat
    2009-03-09 11:45 . 2009-03-09 11:45 8,150 --a------ C:\OBxSgNZ.bat
    2009-03-09 11:45 . 2009-03-09 11:45 214 --a------ C:\KrxZW.bat
    2009-03-09 11:32 . 2009-03-09 11:32 8,150 --a------ C:\JF2eq.bat
    2009-03-09 11:32 . 2009-03-09 11:32 204 --a------ C:\a3d.bat
    2009-03-09 11:32 . 2009-03-09 11:32 0 --a------ C:\oh0y.exe
    2009-03-09 11:19 . 2009-03-09 11:24 120,184 --a------ C:\QJe5M2.exe
    2009-03-09 11:17 . 2009-03-09 11:19 23,168 --a------ C:\QJe5M.exe
    2009-03-09 11:17 . 2009-03-09 11:17 8,150 --a------ C:\wSaf.bat
    2009-03-09 11:17 . 2009-03-09 11:17 210 --a------ C:\MOn2.bat
    2009-03-09 11:03 . 2009-03-09 11:04 238,080 --a------ C:\BxOtYM2.exe
    2009-03-09 11:03 . 2009-03-09 11:03 192,512 --a------ C:\BxOtYM.exe
    2009-03-09 11:02 . 2009-03-09 11:02 8,150 --a------ C:\vnrrt.bat
    2009-03-09 11:02 . 2009-03-09 11:02 216 --a------ C:\Kozqwv.bat
    2009-03-09 10:47 . 2009-03-09 10:48 238,080 --a------ C:\Z7Wrg2.exe
    2009-03-09 10:46 . 2009-03-09 10:47 192,512 --a------ C:\Z7Wrg.exe
    2009-03-09 10:45 . 2009-03-09 10:45 8,150 --a------ C:\AYZ3X.bat
    2009-03-09 10:45 . 2009-03-09 10:45 208 --a------ C:\hO4.bat
    2009-03-09 10:05 . 2009-03-09 10:09 238,080 --a------ C:\y9agu33j2.exe
    2009-03-09 10:01 . 2009-03-09 10:05 192,512 --a------ C:\y9agu33j.exe
    2009-03-09 10:00 . 2009-03-09 10:00 8,150 --a------ C:\DfzTm.bat
    2009-03-09 10:00 . 2009-03-09 10:00 224 --a------ C:\RDCortNO.bat
    2009-03-09 09:46 . 2009-03-09 09:48 238,080 --a------ C:\vp9ePwn2.exe
    2009-03-09 09:45 . 2009-03-09 09:46 192,512 --a------ C:\vp9ePwn.exe
    2009-03-09 09:45 . 2009-03-09 09:45 8,150 --a------ C:\byZ.bat
    2009-03-09 09:45 . 2009-03-09 09:45 221 --a------ C:\sTT.bat
    2009-03-09 09:31 . 2009-03-09 09:32 238,080 --a------ C:\eesru2b2.exe
    2009-03-09 09:30 . 2009-03-09 09:31 192,512 --a------ C:\eesru2b.exe
    2009-03-09 09:30 . 2009-03-09 09:30 8,150 --a------ C:\JI62R1.bat
    2009-03-09 09:30 . 2009-03-09 09:30 223 --a------ C:\KmZe0d.bat
    2009-03-09 09:16 . 2009-03-09 09:18 238,080 --a------ C:\a8rNbfvD2.exe
    2009-03-09 09:15 . 2009-03-09 09:15 8,150 --a------ C:\oNZhpoOr.bat
    2009-03-09 09:15 . 2009-03-09 09:16 1,448 --a------ C:\a8rNbfvD.exe
    2009-03-09 09:15 . 2009-03-09 09:15 229 --a------ C:\qyZ.bat
    2009-03-09 09:01 . 2009-03-09 09:02 4,344 --a------ C:\fuOXC2O2.exe
    2009-03-09 09:00 . 2009-03-09 09:00 8,150 --a------ C:\JsGuMbj6.bat
    2009-03-09 09:00 . 2009-03-09 09:01 4,344 --a------ C:\fuOXC2O.exe
    2009-03-09 09:00 . 2009-03-09 09:00 222 --a------ C:\sM2Ft8os.bat
    2009-03-09 08:49 . 2009-03-09 08:51 238,080 --a------ C:\y4iAH2.exe
    2009-03-09 08:49 . 2009-03-09 08:53 214,304 --a------ C:\V7Gh2bP2.exe
    2009-03-09 08:47 . 2009-03-09 08:49 192,512 --a------ C:\y4iAH.exe
    2009-03-09 08:47 . 2009-03-09 08:49 192,512 --a------ C:\V7Gh2bP.exe
    2009-03-09 08:47 . 2009-03-09 08:47 8,150 --a------ C:\h3XaCL.bat
    2009-03-09 08:47 . 2009-03-09 08:47 8,150 --a------ C:\DFupj.bat
    2009-03-09 08:47 . 2009-03-09 08:47 218 --a------ C:\CdWVDZt.bat
    2009-03-09 08:47 . 2009-03-09 08:47 210 --a------ C:\FWDh33.bat
    2009-03-09 08:18 . 2009-03-09 08:20 238,080 --a------ C:\Uiy2.exe
    2009-03-09 08:16 . 2009-03-09 08:18 192,512 --a------ C:\Uiy.exe
    2009-03-09 08:15 . 2009-03-09 08:15 8,150 --a------ C:\yxbQ.bat
    2009-03-09 08:15 . 2009-03-09 08:15 8,150 --a------ C:\QdW.bat
    2009-03-09 08:15 . 2009-03-09 08:15 211 --a------ C:\cuiGFJ.bat
    2009-03-09 08:15 . 2009-03-09 08:15 197 --a------ C:\fcO6h7EF.bat
    2009-03-09 06:01 . 2009-03-09 06:02 238,080 --a------ C:\kyq4nK2.exe
    2009-03-09 06:00 . 2009-03-09 06:01 192,512 --a------ C:\kyq4nK.exe
    2009-03-09 06:00 . 2009-03-09 06:00 8,150 --a------ C:\nXunR.bat
    2009-03-09 06:00 . 2009-03-09 06:00 213 --a------ C:\rX39.bat
    2009-03-09 05:46 . 2009-03-09 05:47 238,080 --a------ C:\V7L2.exe
    2009-03-09 05:45 . 2009-03-09 05:46 192,512 --a------ C:\V7L.exe
    2009-03-09 05:45 . 2009-03-09 05:45 8,150 --a------ C:\QBBOB.bat
    2009-03-09 05:45 . 2009-03-09 05:45 195 --a------ C:\S8MpD.bat
    2009-03-09 05:32 . 2009-03-09 05:34 238,080 --a------ C:\bZHv2.exe
    2009-03-09 05:30 . 2009-03-09 05:32 192,512 --a------ C:\bZHv.exe
    2009-03-09 05:30 . 2009-03-09 05:30 8,150 --a------ C:\wOs0.bat
    2009-03-09 05:30 . 2009-03-09 05:30 205 --a------ C:\qH0.bat
    2009-03-09 05:19 . 2009-03-09 05:21 238,080 --a------ C:\BOXKHJ2.exe
    2009-03-09 05:16 . 2009-03-09 05:19 192,512 --a------ C:\BOXKHJ.exe
    2009-03-09 05:16 . 2009-03-09 05:16 8,150 --a------ C:\AQX3.bat
    2009-03-09 05:16 . 2009-03-09 05:16 213 --a------ C:\ogQB.bat
    2009-03-09 05:06 . 2009-03-09 05:09 238,080 --a------ C:\JWfV8BK02.exe
    2009-03-09 05:03 . 2009-03-09 05:06 192,512 --a------ C:\JWfV8BK0.exe
    2009-03-09 05:02 . 2009-03-09 05:02 8,150 --a------ C:\CtXaqKfc.bat
    2009-03-09 05:02 . 2009-03-09 05:02 229 --a------ C:\YeEmSZ6g.bat
    2009-03-09 04:45 . 2009-03-09 04:45 8,150 --a------ C:\l6uKqIqU.bat
    2009-03-09 04:45 . 2009-03-09 04:45 201 --a------ C:\Wqkmv.bat
    2009-03-09 04:45 . 2009-03-09 04:45 0 --a------ C:\psyU.exe
    2009-03-09 04:31 . 2009-03-09 04:31 8,150 --a------ C:\BGc.bat
    2009-03-09 04:31 . 2009-03-09 04:31 208 --a------ C:\PuIzvU4.bat
    2009-03-09 04:22 . 2009-03-09 04:23 1,448 --a------ C:\Y3vf2.exe
    2009-03-09 04:16 . 2009-03-09 04:22 183,896 --a------ C:\Y3vf.exe
    2009-03-09 04:15 . 2009-03-09 04:15 8,150 --a------ C:\NjFV.bat
    2009-03-09 04:15 . 2009-03-09 04:15 205 --a------ C:\gw4zr.bat
    2009-03-09 03:52 . 2009-03-09 04:01 225,888 --a------ C:\isQzvf2.exe
    2009-03-09 03:46 . 2009-03-09 03:51 86,880 --a------ C:\isQzvf.exe
    2009-03-09 03:45 . 2009-03-09 03:45 8,150 --a------ C:\Izk.bat
    2009-03-09 03:45 . 2009-03-09 03:45 213 --a------ C:\vybVucX.bat
    2009-03-09 03:35 . 2009-03-09 03:35 8,150 --a------ C:\h72PkuN1.bat
    2009-03-09 03:35 . 2009-03-09 03:35 204 --a------ C:\l3sZOQSI.bat
    2009-03-09 03:16 . 2009-03-09 03:16 8,150 --a------ C:\zPGZJ.bat
    2009-03-09 03:16 . 2009-03-09 03:16 228 --a------ C:\seQKRK.bat
    2009-03-09 02:34 . 2009-03-09 02:40 182,448 --a------ C:\e23BDN2.exe
    2009-03-09 02:32 . 2009-03-09 02:33 13,032 --a------ C:\e23BDN.exe
    2009-03-09 02:31 . 2009-03-09 02:31 8,150 --a------ C:\NvQ.bat
    2009-03-09 02:31 . 2009-03-09 02:31 216 --a------ C:\Fa03.bat
    2009-03-09 01:33 . 2009-03-09 01:33 8,150 --a------ C:\tXoLqSoO.bat
    2009-03-09 01:33 . 2009-03-09 01:33 204 --a------ C:\pza3vTU7.bat
    2009-03-09 01:00 . 2009-03-09 01:00 8,150 --a------ C:\iPf9.bat
    2009-03-09 01:00 . 2009-03-09 01:00 211 --a------ C:\y3ap.bat
    2009-03-09 00:16 . 2009-03-09 00:16 8,150 --a------ C:\dipg9.bat
    2009-03-09 00:16 . 2009-03-09 00:16 214 --a------ C:\mptg.bat
    2009-03-08 23:49 . 2009-03-08 23:50 14,480 --a------ C:\IJAQW1.exe
    2009-03-08 23:48 . 2009-03-08 23:48 8,150 --a------ C:\Umf.bat
    2009-03-08 23:48 . 2009-03-08 23:48 215 --a------ C:\HjLp.bat
    2009-03-08 23:19 . 2009-03-08 23:23 238,080 --a------ C:\YU2PGPi2.exe
    2009-03-08 23:15 . 2009-03-08 23:19 192,512 --a------ C:\YU2PGPi.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-09 19:23 --------- d-----w c:\program files\Steam
    2009-03-09 02:31 --------- d-----w c:\program files\BitComet
    2009-03-01 02:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-02-27 14:37 --------- d-----w c:\documents and settings\mom\Application Data\LimeWire
    2009-02-08 06:25 --------- d-----w c:\program files\Shockwave.com
    2009-01-31 00:13 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-31 00:13 --------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3
    2009-01-30 23:42 --------- d-----w c:\program files\Microsoft Games
    2009-01-23 21:45 --------- d-----w c:\program files\Kap.SATr
    2009-01-23 03:30 --------- d-----w c:\documents and settings\mom\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
    2009-01-21 00:18 --------- d-----w c:\program files\Electronic Arts
    2009-01-17 02:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-11 22:52 --------- d-----w c:\program files\LSI SoftModem
    2009-01-11 19:47 --------- d-----w c:\program files\Microsoft Silverlight
    2008-12-10 01:42 31 ----a-w c:\documents and settings\mom\jagex_runescape_preferences.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam "= "c:\program files\steam\steam.exe" [2008-10-07 1410296]
    "SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "Yahoo! Pager "= "c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
    "NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-07 185896]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
    "Media Codec Update Service "= "c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
    "AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-08-17 1232152]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
    "GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "nwiz "= "nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe]
    "CTHelper "= "CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
    "CTxfiHlp "= "CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]

    [HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "Msn "= "c:\Scdj.exe" [2009-03-09 192512]
    "MsnHost "= "c:\Scdj.exe" [2009-03-09 192512]
    "MsnLoad "= "c:\Scdj.exe" [2009-03-09 192512]

    c:\documents and settings\mom\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-07-17 106496]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop "= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\LimeWire\\LimeWire.exe "=
    "c:\\Program Files\\Steam\\Steam.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\BitComet\\BitComet.exe "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD "=
    "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe "=
    "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "c:\\Program Files\\Microsoft Games\\Combat Flight Simulator\\COMBATFS.EXE "=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
    "c:\\Program Files\\PopCap Games\\Typer Shark Deluxe\\WinTS.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7715:TCP "= 7715:TCP:BitCometBeta 7715 TCP
    "7715:UDP "= 7715:UDP:BitCometBeta 7715 UDP

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-17 96520]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-17 231192]
    S3 mgau;mgau;c:\windows\system32\drivers\mgaum.sys [2009-01-08 320384]
    S3 PCnetHL;AMD PCnet-Home Adapter Driver;c:\windows\system32\DRIVERS\pcntn5hl.sys --> c:\windows\system32\DRIVERS\pcntn5hl.sys [?]
    S3 XPAD910;XPADFilter Service 910;c:\windows\system32\drivers\xpad910.sys [2008-09-10 29405]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1597b92-26eb-11d8-9b81-806d6172696f}]
    \Shell\AutoRun\command - E:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8fc89fb-fbc4-11dd-b5d7-00301b3a532e}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2009-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

    2009-03-09 c:\windows\Tasks\At35.job
    - >:\_ []

    2009-03-09 c:\windows\Tasks\User_Feed_Synchronization-{1EB108CF-ECF5-4F4F-9BC0-8533B710F6A7}.job
    - c:\windows\system32\msfeedssync.exe [2008-08-22 04:05]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Explorer_Run-Msn - c:\DKItNVDq.exe
    HKCU-Explorer_Run-MsnHost - c:\DKItNVDq.exe
    HKCU-Explorer_Run-MsnLoad - c:\DKItNVDq.exe
    HKCU-Explorer_Run-MsnConvert - c:\DKItNVDq.exe
    HKCU-Explorer_Run-MsnMessendger - c:\DKItNVDq.exe
    HKU-Default-Explorer_Run-MsnConvert - c:\GlV.exe
    HKU-Default-Explorer_Run-MsnMessendger - c:\GlV.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: {417BAF00-08F8-42BA-92E4-045A1691F2EE} = 209.244.0.3 209.244.0.4
    FF - ProfilePath - c:\documents and settings\mom\Application Data\Mozilla\Firefox\Profiles\c9cxfovx.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - component: c:\documents and settings\mom\Application Data\Mozilla\Firefox\Profiles\c9cxfovx.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\defaults\pref\wildblue.js - pref( "network.proxy.type ", 2);
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-09 14:23:19
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1123561945-343818398-725345543-1003\Software\SecuROM\License information*]
    "datasecu "=hex:01,0d,ff,c3,ff,c1,98,3c,1f,c0,bf,0a,51,aa,b5,fc,17,03,aa,ad,bb,
    83,93,9b,b1,bb,e0,8c,54,12,1b,20,f8,68,d9,21,cd,ec,78,13,2b,de,11,10,43,c8,\
    "rkeysecu "=hex:c5,61,7a,13,89,99,85,1c,32,8f,0c,85,3d,dd,17,c8
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(716)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\Iac25_32.ax
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\agrsmsvc.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    .
    **************************************************************************
    .
    Completion time: 2009-03-09 14:27:05 - machine was rebooted [mom]
    ComboFix-quarantined-files.txt 2009-03-09 19:27:03

    Pre-Run: 54,406,127,616 bytes free
    Post-Run: 64,965,169,152 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    316 --- E O F --- 2008-11-13 09:05:15
     
    jbh,
    #8
  10. 2009/03/09
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:33:04 PM, on 3/9/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18241)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    c:\wyk2.exe
    c:\wyk.exe
    c:\wyk.exe
    c:\wyk.exe
    c:\wyk.exe
    c:\wyk.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe "
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Msn] c:\wyk.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnHost] c:\wyk.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnLoad] c:\wyk.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Msn] c:\wyk.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1208896645531
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{417BAF00-08F8-42BA-92E4-045A1691F2EE}: NameServer = 209.244.0.3 209.244.0.4
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 9456 bytes
     
    jbh,
    #9
  11. 2009/03/09
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Welcome back

    Quite a bit of infection still on the machine.

    There are many files listed I cannot find information on so I think it best to have you ....have a few scanned, we can't just delete without knowing.


    Go to My Computer->Tools->Folder Options->View tab:

    [*]Under the Hidden files and folders heading:

    [*]Select - Show hidden files and folders.

    [*]Uncheck- Hide protected operating system files (recommended) option.

    [*]Also, make sure there is no checkmark beside Hide file extensions for known file types.

    [*] Click OK. (Remember to Hide files and folders once done)

    Please go to: VirusTotal


    • [​IMG]


    • Click the Browse button and search for the following file: C:\Scdj2.exe
    • Click Open
    • Then click Send File
    • Please be patient while the file is scanned.
    • Once the scan results appear, please provide them in your next reply.
    If it says already scanned -- click "reanalyze now "

    Also please have the next files scanned.
    C:\Ujm9meF2.exe
    C:\niQ2.exe

    I feel all the files will be related.

    Please post the information in your next reply.
     
    Juliet,
    #10
  12. 2009/03/09
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    No need to have those files scanned, I found additional info.

    While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
    Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.



    # Open Spybot Search & Destroy.
    # In the Mode menu click "Advanced mode" if not already selected.
    # Choose "Yes" at the Warning prompt.
    # Expand the "Tools" menu.
    # Click "Resident ".
    # Uncheck the "Resident "TeaTimer" (Protection of overall system settings)
    active." box.
    # In the File menu click "Exit" to exit Spybot Search & Destroy.

    * See this link for a tutorial http://russelltexas.com/malware/teatimer.htm




    Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

    O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Msn] c:\wyk.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnHost] c:\wyk.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnLoad] c:\wyk.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Msn] c:\wyk.exe (User 'Default user')




    Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
    This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

    Click on this link Here to see a list of programs that should be disabled.
    The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
    Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.
    Code:
    File:: 
C:\Scdj2.exe
C:\Scdj.exe
C:\dBj.bat
C:\IxM.bat
C:\Ujm9meF2.exe
C:\Ujm9meF.exe
C:\RRw.bat
C:\ifq.bat
C:\niQ2.exe
C:\niQ.exe
C:\gBN9JHVy.bat
C:\vnzVj0V.bat
C:\Qtwi2.exe
C:\Qtwi.exe
C:\NEtyk4.bat
C:\jqgX.bat
C:\CSVomeKb2.exe
C:\CSVomeKb.exe
C:\MeZ.bat
C:\bluFL5I.bat
C:\BFG5Ta2b.bat
C:\zq9ytg6.bat
C:\OBxSgNZ.bat
C:\KrxZW.bat
C:\JF2eq.bat
C:\a3d.bat
C:\oh0y.exe
C:\QJe5M2.exe
C:\QJe5M.exe
C:\wSaf.bat
C:\MOn2.bat
C:\BxOtYM2.exe
C:\BxOtYM.exe
C:\vnrrt.bat
C:\Kozqwv.bat
C:\Z7Wrg2.exe
C:\Z7Wrg.exe
C:\AYZ3X.bat
C:\hO4.bat
C:\y9agu33j2.exe
C:\y9agu33j.exe
C:\DfzTm.bat
C:\RDCortNO.bat
C:\vp9ePwn2.exe
C:\vp9ePwn.exe
C:\byZ.bat
C:\sTT.bat
C:\eesru2b2.exe
C:\eesru2b.exe
C:\JI62R1.bat
C:\KmZe0d.bat
C:\a8rNbfvD2.exe
C:\oNZhpoOr.bat
C:\a8rNbfvD.exe
C:\qyZ.bat
C:\fuOXC2O2.exe
C:\JsGuMbj6.bat
C:\fuOXC2O.exe
C:\sM2Ft8os.bat
C:\y4iAH2.exe
C:\V7Gh2bP2.exe
C:\y4iAH.exe
C:\V7Gh2bP.exe
C:\h3XaCL.bat
C:\DFupj.bat
C:\CdWVDZt.bat
C:\FWDh33.bat
C:\Uiy2.exe
C:\Uiy.exe
C:\yxbQ.bat
C:\QdW.bat
C:\cuiGFJ.bat
C:\fcO6h7EF.bat
C:\kyq4nK2.exe
C:\kyq4nK.exe
C:\nXunR.bat
C:\rX39.bat
C:\V7L2.exe
C:\V7L.exe
C:\QBBOB.bat
C:\S8MpD.bat
C:\bZHv2.exe
C:\bZHv.exe
C:\wOs0.bat
C:\qH0.bat
C:\BOXKHJ2.exe
C:\BOXKHJ.exe
C:\AQX3.bat
C:\ogQB.bat
C:\JWfV8BK02.exe
C:\JWfV8BK0.exe
C:\CtXaqKfc.bat
C:\YeEmSZ6g.bat
C:\l6uKqIqU.bat
C:\Wqkmv.bat
C:\psyU.exe
C:\BGc.bat
C:\PuIzvU4.bat
C:\Y3vf2.exe
C:\Y3vf.exe
C:\NjFV.bat
C:\gw4zr.bat
C:\isQzvf2.exe
C:\isQzvf.exe
C:\Izk.bat
C:\vybVucX.bat
C:\h72PkuN1.bat
C:\l3sZOQSI.bat
C:\zPGZJ.bat
C:\seQKRK.bat
C:\e23BDN2.exe
C:\e23BDN.exe
C:\NvQ.bat
C:\Fa03.bat
C:\tXoLqSoO.bat
C:\pza3vTU7.bat
C:\iPf9.bat
C:\y3ap.bat
C:\dipg9.bat
C:\mptg.bat
C:\IJAQW1.exe
C:\Umf.bat
C:\HjLp.bat
C:\YU2PGPi2.exe
C:\YU2PGPi.exe
E:\autorun.exe
c:\wyk2.exe

Registry::
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
 "Msn "= "-
 "MsnHost "=-
 "MsnLoad "=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{b1597b92-26eb-11d8-9b81-806d6172696f}]

AtJob::
    [​IMG]

    Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


    In your next reply post:
    ComboFix.txt
    New HJT log
     
    Juliet,
    #11
  13. 2009/03/09
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    Here's the requested logs.
    Again, thanks!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:42:43 PM, on 3/9/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18241)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe "
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1208896645531
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{417BAF00-08F8-42BA-92E4-045A1691F2EE}: NameServer = 209.244.0.3 209.244.0.4
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 9043 bytes
     
    jbh,
    #12
  14. 2009/03/09
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    ComboFix 09-03-06.02 - mom 2009-03-09 18:26:56.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1006 [GMT -5:00]
    Running from: c:\documents and settings\mom\Desktop\Combo-Fix.exe
    Command switches used :: c:\documents and settings\mom\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
    * Created a new restore point

    FILE ::
    C:\a3d.bat
    C:\a8rNbfvD.exe
    C:\a8rNbfvD2.exe
    C:\AQX3.bat
    C:\AYZ3X.bat
    C:\BFG5Ta2b.bat
    C:\BGc.bat
    C:\bluFL5I.bat
    C:\BOXKHJ.exe
    C:\BOXKHJ2.exe
    C:\BxOtYM.exe
    C:\BxOtYM2.exe
    C:\byZ.bat
    C:\bZHv.exe
    C:\bZHv2.exe
    C:\CdWVDZt.bat
    C:\CSVomeKb.exe
    C:\CSVomeKb2.exe
    C:\CtXaqKfc.bat
    C:\cuiGFJ.bat
    C:\dBj.bat
    C:\DFupj.bat
    C:\DfzTm.bat
    C:\dipg9.bat
    C:\e23BDN.exe
    C:\e23BDN2.exe
    C:\eesru2b.exe
    C:\eesru2b2.exe
    C:\Fa03.bat
    C:\fcO6h7EF.bat
    C:\fuOXC2O.exe
    C:\fuOXC2O2.exe
    C:\FWDh33.bat
    C:\gBN9JHVy.bat
    C:\gw4zr.bat
    C:\h3XaCL.bat
    C:\h72PkuN1.bat
    C:\HjLp.bat
    C:\hO4.bat
    C:\ifq.bat
    C:\IJAQW1.exe
    C:\iPf9.bat
    C:\isQzvf.exe
    C:\isQzvf2.exe
    C:\IxM.bat
    C:\Izk.bat
    C:\JF2eq.bat
    C:\JI62R1.bat
    C:\jqgX.bat
    C:\JsGuMbj6.bat
    C:\JWfV8BK0.exe
    C:\JWfV8BK02.exe
    C:\KmZe0d.bat
    C:\Kozqwv.bat
    C:\KrxZW.bat
    C:\kyq4nK.exe
    C:\kyq4nK2.exe
    C:\l3sZOQSI.bat
    C:\l6uKqIqU.bat
    C:\MeZ.bat
    C:\MOn2.bat
    C:\mptg.bat
    C:\NEtyk4.bat
    C:\niQ.exe
    C:\niQ2.exe
    C:\NjFV.bat
    C:\NvQ.bat
    C:\nXunR.bat
    C:\OBxSgNZ.bat
    C:\ogQB.bat
    C:\oh0y.exe
    C:\oNZhpoOr.bat
    C:\psyU.exe
    C:\PuIzvU4.bat
    C:\pza3vTU7.bat
    C:\QBBOB.bat
    C:\QdW.bat
    C:\qH0.bat
    C:\QJe5M.exe
    C:\QJe5M2.exe
    C:\Qtwi.exe
    C:\Qtwi2.exe
    C:\qyZ.bat
    C:\RDCortNO.bat
    C:\RRw.bat
    C:\rX39.bat
    C:\S8MpD.bat
    C:\Scdj.exe
    C:\Scdj2.exe
    C:\seQKRK.bat
    C:\sM2Ft8os.bat
    C:\sTT.bat
    C:\tXoLqSoO.bat
    C:\Uiy.exe
    C:\Uiy2.exe
    C:\Ujm9meF.exe
    C:\Ujm9meF2.exe
    C:\Umf.bat
    C:\V7Gh2bP.exe
    C:\V7Gh2bP2.exe
    C:\V7L.exe
    C:\V7L2.exe
    C:\vnrrt.bat
    C:\vnzVj0V.bat
    C:\vp9ePwn.exe
    C:\vp9ePwn2.exe
    C:\vybVucX.bat
    C:\wOs0.bat
    C:\Wqkmv.bat
    C:\wSaf.bat
    c:\wyk2.exe
    C:\y3ap.bat
    C:\Y3vf.exe
    C:\Y3vf2.exe
    C:\y4iAH.exe
    C:\y4iAH2.exe
    C:\y9agu33j.exe
    C:\y9agu33j2.exe
    C:\YeEmSZ6g.bat
    C:\YU2PGPi.exe
    C:\YU2PGPi2.exe
    C:\yxbQ.bat
    C:\Z7Wrg.exe
    C:\Z7Wrg2.exe
    C:\zPGZJ.bat
    C:\zq9ytg6.bat
    E:\autorun.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\a3d.bat
    C:\a8rNbfvD.exe
    C:\a8rNbfvD2.exe
    C:\AQX3.bat
    C:\AYZ3X.bat
    C:\BFG5Ta2b.bat
    C:\BGc.bat
    C:\bluFL5I.bat
    C:\BOXKHJ.exe
    C:\BOXKHJ2.exe
    C:\BxOtYM.exe
    C:\BxOtYM2.exe
    C:\byZ.bat
    C:\bZHv.exe
    C:\bZHv2.exe
    C:\CdWVDZt.bat
    C:\CSVomeKb.exe
    C:\CSVomeKb2.exe
    C:\CtXaqKfc.bat
    C:\cuiGFJ.bat
    C:\dBj.bat
    C:\DFupj.bat
    C:\DfzTm.bat
    C:\dipg9.bat
    C:\e23BDN.exe
    C:\e23BDN2.exe
    C:\eesru2b.exe
    C:\eesru2b2.exe
    C:\Fa03.bat
    C:\fcO6h7EF.bat
    C:\fuOXC2O.exe
    C:\fuOXC2O2.exe
    C:\FWDh33.bat
    C:\gBN9JHVy.bat
    C:\gw4zr.bat
    C:\h3XaCL.bat
    C:\h72PkuN1.bat
    C:\HjLp.bat
    C:\hO4.bat
    C:\ifq.bat
    C:\IJAQW1.exe
    C:\iPf9.bat
    C:\isQzvf.exe
    C:\isQzvf2.exe
    C:\IxM.bat
    C:\Izk.bat
    C:\JF2eq.bat
    C:\JI62R1.bat
    C:\jqgX.bat
    C:\JsGuMbj6.bat
    C:\JWfV8BK0.exe
    C:\JWfV8BK02.exe
    C:\KmZe0d.bat
    C:\Kozqwv.bat
    C:\KrxZW.bat
    C:\kyq4nK.exe
    C:\kyq4nK2.exe
    C:\l3sZOQSI.bat
    C:\l6uKqIqU.bat
    C:\MeZ.bat
    C:\MOn2.bat
    C:\mptg.bat
    C:\NEtyk4.bat
    C:\niQ.exe
    C:\niQ2.exe
    C:\NjFV.bat
    C:\NvQ.bat
    C:\nXunR.bat
    C:\OBxSgNZ.bat
    C:\ogQB.bat
    C:\oh0y.exe
    C:\oNZhpoOr.bat
    C:\psyU.exe
    C:\PuIzvU4.bat
    C:\pza3vTU7.bat
    C:\QBBOB.bat
    C:\QdW.bat
    C:\qH0.bat
    C:\QJe5M.exe
    C:\QJe5M2.exe
    C:\Qtwi.exe
    C:\Qtwi2.exe
    C:\qyZ.bat
    C:\RDCortNO.bat
    C:\RRw.bat
    C:\rX39.bat
    C:\S8MpD.bat
    C:\Scdj.exe
    C:\Scdj2.exe
    C:\seQKRK.bat
    C:\sM2Ft8os.bat
    C:\sTT.bat
    C:\tXoLqSoO.bat
    C:\Uiy.exe
    C:\Uiy2.exe
    C:\Ujm9meF.exe
    C:\Ujm9meF2.exe
    C:\Umf.bat
    C:\V7Gh2bP.exe
    C:\V7Gh2bP2.exe
    C:\V7L.exe
    C:\V7L2.exe
    C:\vnrrt.bat
    C:\vnzVj0V.bat
    C:\vp9ePwn.exe
    C:\vp9ePwn2.exe
    C:\vybVucX.bat
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At25.job
    c:\windows\Tasks\At26.job
    c:\windows\Tasks\At27.job
    c:\windows\Tasks\At28.job
    c:\windows\Tasks\At29.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At30.job
    c:\windows\Tasks\At31.job
    c:\windows\Tasks\At32.job
    c:\windows\Tasks\At33.job
    c:\windows\Tasks\At34.job
    c:\windows\Tasks\At35.job
    c:\windows\Tasks\At36.job
    c:\windows\Tasks\At37.job
    c:\windows\Tasks\At38.job
    c:\windows\Tasks\At39.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At40.job
    c:\windows\Tasks\At41.job
    c:\windows\Tasks\At42.job
    c:\windows\Tasks\At43.job
    c:\windows\Tasks\At44.job
    c:\windows\Tasks\At45.job
    c:\windows\Tasks\At46.job
    c:\windows\Tasks\At47.job
    c:\windows\Tasks\At48.job
    c:\windows\Tasks\At49.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At50.job
    c:\windows\Tasks\At51.job
    c:\windows\Tasks\At52.job
    c:\windows\Tasks\At53.job
    c:\windows\Tasks\At54.job
    c:\windows\Tasks\At55.job
    c:\windows\Tasks\At56.job
    c:\windows\Tasks\At57.job
    c:\windows\Tasks\At58.job
    c:\windows\Tasks\At59.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At60.job
    c:\windows\Tasks\At61.job
    c:\windows\Tasks\At62.job
    c:\windows\Tasks\At63.job
    c:\windows\Tasks\At64.job
    c:\windows\Tasks\At65.job
    c:\windows\Tasks\At66.job
    c:\windows\Tasks\At67.job
    c:\windows\Tasks\At68.job
    c:\windows\Tasks\At69.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At70.job
    c:\windows\Tasks\At71.job
    c:\windows\Tasks\At72.job
    c:\windows\Tasks\At73.job
    c:\windows\Tasks\At74.job
    c:\windows\Tasks\At75.job
    c:\windows\Tasks\At76.job
    c:\windows\Tasks\At77.job
    c:\windows\Tasks\At78.job
    c:\windows\Tasks\At79.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At80.job
    c:\windows\Tasks\At81.job
    c:\windows\Tasks\At82.job
    c:\windows\Tasks\At83.job
    c:\windows\Tasks\At84.job
    c:\windows\Tasks\At85.job
    c:\windows\Tasks\At86.job
    c:\windows\Tasks\At87.job
    c:\windows\Tasks\At88.job
    c:\windows\Tasks\At89.job
    c:\windows\Tasks\At9.job
    c:\windows\Tasks\At90.job
    c:\windows\Tasks\At91.job
    c:\windows\Tasks\At92.job
    c:\windows\Tasks\At93.job
    c:\windows\Tasks\At94.job
    c:\windows\Tasks\At95.job
    c:\windows\Tasks\At96.job
    C:\wOs0.bat
    C:\Wqkmv.bat
    C:\wSaf.bat
    c:\wyk2.exe
    C:\y3ap.bat
    C:\Y3vf.exe
    C:\Y3vf2.exe
    C:\y4iAH.exe
    C:\y4iAH2.exe
    C:\y9agu33j.exe
    C:\y9agu33j2.exe
    C:\YeEmSZ6g.bat
    C:\YU2PGPi.exe
    C:\YU2PGPi2.exe
    C:\yxbQ.bat
    C:\Z7Wrg.exe
    C:\Z7Wrg2.exe
    C:\zPGZJ.bat
    C:\zq9ytg6.bat
    E:\autorun.exe . . . . failed to delete

    .
    ((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
    .

    2009-03-09 17:55 . 2009-03-09 18:01 189,688 --a------ C:\S3aAq2.exe
    2009-03-09 17:47 . 2009-03-09 17:55 192,512 --a------ C:\S3aAq.exe
    2009-03-09 17:46 . 2009-03-09 17:46 8,150 --a------ C:\pyN0H2X8.bat
    2009-03-09 17:46 . 2009-03-09 17:46 210 --a------ C:\I3v1Dfug.bat
    2009-03-09 17:42 . 2009-03-09 17:46 104,256 --a------ C:\gWGv2.exe
    2009-03-09 17:38 . 2009-03-09 17:42 192,512 --a------ C:\gWGv.exe
    2009-03-09 17:36 . 2009-03-09 17:36 8,150 --a------ C:\rGZdKblQ.bat
    2009-03-09 17:36 . 2009-03-09 17:36 200 --a------ C:\Fezf1.bat
    2009-03-09 17:19 . 2009-03-09 17:19 238,080 --a------ C:\sowAyX12.exe
    2009-03-09 17:18 . 2009-03-09 17:19 192,512 --a------ C:\sowAyX1.exe
    2009-03-09 17:18 . 2009-03-09 17:18 8,150 --a------ C:\CnoT.bat
    2009-03-09 17:18 . 2009-03-09 17:18 220 --a------ C:\Gezj.bat
    2009-03-09 17:02 . 2009-03-09 17:03 238,080 --a------ C:\lsUnP422.exe
    2009-03-09 17:02 . 2009-03-09 17:02 192,512 --a------ C:\lsUnP42.exe
    2009-03-09 17:01 . 2009-03-09 17:01 8,150 --a------ C:\eYXL.bat
    2009-03-09 17:01 . 2009-03-09 17:01 219 --a------ C:\csFbDWt1.bat
    2009-03-09 16:49 . 2009-03-09 16:54 238,080 --a------ C:\b3h2.exe
    2009-03-09 16:47 . 2009-03-09 16:49 192,512 --a------ C:\b3h.exe
    2009-03-09 16:46 . 2009-03-09 16:46 8,150 --a------ C:\bPqWcK9.bat
    2009-03-09 16:46 . 2009-03-09 16:46 197 --a------ C:\N7p6dU.bat
    2009-03-09 16:18 . 2009-03-09 16:22 238,080 --a------ C:\kzFZJw2.exe
    2009-03-09 16:15 . 2009-03-09 16:17 53,576 --a------ C:\kzFZJw.exe
    2009-03-09 16:15 . 2009-03-09 16:15 8,150 --a------ C:\QOQF.bat
    2009-03-09 16:15 . 2009-03-09 16:15 215 --a------ C:\WzYCG.bat
    2009-03-09 15:49 . 2009-03-09 15:55 144,800 --a------ C:\pLcY2.exe
    2009-03-09 15:46 . 2009-03-09 15:49 192,512 --a------ C:\pLcY.exe
    2009-03-09 15:45 . 2009-03-09 15:45 8,150 --a------ C:\yY3ks.bat
    2009-03-09 15:45 . 2009-03-09 15:45 201 --a------ C:\ZPmzDtm2.bat
    2009-03-09 15:33 . 2009-03-09 15:35 238,080 --a------ C:\zACa6Y2.exe
    2009-03-09 15:30 . 2009-03-09 15:33 192,512 --a------ C:\zACa6Y.exe
    2009-03-09 15:30 . 2009-03-09 15:30 8,150 --a------ C:\MTNwA.bat
    2009-03-09 15:30 . 2009-03-09 15:30 216 --a------ C:\n8nkgATk.bat
    2009-03-09 15:17 . 2009-03-09 15:19 238,080 --a------ C:\ifPDYZSh2.exe
    2009-03-09 15:16 . 2009-03-09 15:17 192,512 --a------ C:\ifPDYZSh.exe
    2009-03-09 15:15 . 2009-03-09 15:15 8,150 --a------ C:\pNtl.bat
    2009-03-09 15:15 . 2009-03-09 15:15 225 --a------ C:\drpBk3F1.bat
    2009-03-09 15:05 . 2009-03-09 15:07 238,080 --a------ C:\HwVTgs22.exe
    2009-03-09 15:02 . 2009-03-09 15:05 192,512 --a------ C:\HwVTgs2.exe
    2009-03-09 15:02 . 2009-03-09 15:02 8,150 --a------ C:\oxQjB5f.bat
    2009-03-09 15:02 . 2009-03-09 15:02 222 --a------ C:\H8YjYj8.bat
    2009-03-09 14:47 . 2009-03-09 14:50 238,080 --a------ C:\czTDtf2n2.exe
    2009-03-09 14:45 . 2009-03-09 14:47 192,512 --a------ C:\czTDtf2n.exe
    2009-03-09 14:45 . 2009-03-09 14:45 8,150 --a------ C:\G9ycd.bat
    2009-03-09 14:45 . 2009-03-09 14:45 227 --a------ C:\oRT.bat
    2009-03-09 14:30 . 2009-03-09 14:30 192,512 --a------ C:\wyk.exe
    2009-03-09 14:30 . 2009-03-09 14:30 8,150 --a------ C:\D88IuCmI.bat
    2009-03-09 14:30 . 2009-03-09 14:30 198 --a------ C:\TStp1.bat
    2009-03-08 23:15 . 2009-03-08 23:15 8,150 --a------ C:\CHC3l.bat
    2009-03-08 23:15 . 2009-03-08 23:15 222 --a------ C:\TDifc.bat
    2009-03-08 23:02 . 2009-03-08 23:04 238,080 --a------ C:\HWJH0q2.exe
    2009-03-08 23:01 . 2009-03-08 23:02 192,512 --a------ C:\HWJH0q.exe
    2009-03-08 23:00 . 2009-03-08 23:00 8,150 --a------ C:\yZeJF3tA.bat
    2009-03-08 23:00 . 2009-03-08 23:00 212 --a------ C:\ik9ko.bat
    2009-03-08 22:46 . 2009-03-08 22:46 0 --a------ C:\o9k4Jw2.exe
    2009-03-08 22:45 . 2009-03-08 22:46 192,512 --a------ C:\o9k4Jw.exe
    2009-03-08 22:45 . 2009-03-08 22:45 8,150 --a------ C:\LOVda.bat
    2009-03-08 22:45 . 2009-03-08 22:45 215 --a------ C:\FXI8WF.bat
    2009-03-08 22:34 . 2009-03-08 22:37 238,080 --a------ C:\mxGMBZC2.exe
    2009-03-08 22:32 . 2009-03-08 22:34 192,512 --a------ C:\mxGMBZC.exe
    2009-03-08 22:31 . 2009-03-08 22:31 8,150 --a------ C:\HO5xIqB.bat
    2009-03-08 22:31 . 2009-03-08 22:31 221 --a------ C:\BC7hc.bat
    2009-03-08 22:18 . 2009-03-08 22:21 56,472 --a------ C:\BMe6SNu.exe
    2009-03-08 22:17 . 2009-03-08 22:17 8,150 --a------ C:\kgD.bat
    2009-03-08 22:17 . 2009-03-08 22:17 219 --a------ C:\LYT.bat
    2009-03-08 22:08 . 2009-03-08 22:10 238,080 --a------ C:\RQnD2.exe
    2009-03-08 22:03 . 2009-03-08 22:08 192,512 --a------ C:\RQnD.exe
    2009-03-08 22:02 . 2009-03-08 22:02 8,150 --a------ C:\ZzMz.bat
    2009-03-08 22:02 . 2009-03-08 22:02 205 --a------ C:\Wh17d.bat
    2009-03-08 21:48 . 2009-03-08 21:51 238,080 --a------ C:\wKgm2.exe
    2009-03-08 21:46 . 2009-03-08 21:48 192,512 --a------ C:\wKgm.exe
    2009-03-08 21:45 . 2009-03-08 21:45 8,150 --a------ C:\LTY.bat
    2009-03-08 21:45 . 2009-03-08 21:45 200 --a------ C:\ZHG8.bat
    2009-03-08 21:37 . 2009-03-08 21:37 0 --a------ C:\kd7gn2.exe
    2009-03-08 21:35 . 2009-03-08 21:37 192,512 --a------ C:\kd7gn.exe
    2009-03-08 21:35 . 2009-03-08 21:35 8,150 --a------ C:\ArXtS7p.bat
    2009-03-08 21:35 . 2009-03-08 21:35 207 --a------ C:\fYIX.bat
    2009-03-08 21:22 . 2009-03-08 21:22 0 --a------ C:\Bey2.exe
    2009-03-08 21:17 . 2009-03-08 21:22 192,512 --a------ C:\Bey.exe
    2009-03-08 21:16 . 2009-03-08 21:16 8,150 --a------ C:\AihQt.bat
    2009-03-08 21:16 . 2009-03-08 21:16 198 --a------ C:\Vz2vXs.bat
    2009-03-08 21:06 . 2009-03-08 21:14 238,080 --a------ C:\zZ1U2.exe
    2009-03-08 21:03 . 2009-03-08 21:06 186,792 --a------ C:\zZ1U.exe
    2009-03-08 21:03 . 2009-03-08 21:03 8,150 --a------ C:\h6EF.bat
    2009-03-08 21:03 . 2009-03-08 21:03 203 --a------ C:\yz5czK.bat
    2009-03-08 20:48 . 2009-03-08 20:49 238,080 --a------ C:\GfG1r42.exe
    2009-03-08 20:47 . 2009-03-08 20:48 192,512 --a------ C:\GfG1r4.exe
    2009-03-08 20:46 . 2009-03-08 20:46 8,150 --a------ C:\l2Fmg3Z.bat
    2009-03-08 20:46 . 2009-03-08 20:46 216 --a------ C:\RNIP3.bat
    2009-03-08 20:34 . 2009-03-08 20:37 238,080 --a------ C:\nc0AjcvD2.exe
    2009-03-08 20:31 . 2009-03-08 20:34 192,512 --a------ C:\nc0AjcvD.exe
    2009-03-08 20:30 . 2009-03-08 20:30 8,150 --a------ C:\SrutYer.bat
    2009-03-08 20:30 . 2009-03-08 20:30 228 --a------ C:\DGa68RG.bat
    2009-03-08 20:16 . 2009-03-08 20:17 238,080 --a------ C:\F5Dwg2.exe
    2009-03-08 20:15 . 2009-03-08 20:16 192,512 --a------ C:\F5Dwg.exe
    2009-03-08 20:15 . 2009-03-08 20:15 8,150 --a------ C:\xxIlI0nN.bat
    2009-03-08 20:15 . 2009-03-08 20:15 210 --a------ C:\kgADj.bat
    2009-03-08 19:49 . 2009-03-08 19:53 238,080 --a------ C:\GvLfCYz2.exe
    2009-03-08 19:45 . 2009-03-08 19:49 192,512 --a------ C:\GvLfCYz.exe
    2009-03-08 19:45 . 2009-03-08 19:45 8,150 --a------ C:\m37EQ9WR.bat
    2009-03-08 19:45 . 2009-03-08 19:45 222 --a------ C:\XF9.bat
    2009-03-08 19:07 . 2009-03-08 19:07 0 --a------ C:\Y9VTDZ2.exe
    2009-03-08 19:03 . 2009-03-08 19:07 192,512 --a------ C:\Y9VTDZ.exe
    2009-03-08 19:02 . 2009-03-08 19:02 8,150 --a------ C:\iKgl7Ani.bat
    2009-03-08 19:01 . 2009-03-08 19:01 214 --a------ C:\hrI8J.bat
    2009-03-08 18:47 . 2009-03-08 18:49 238,080 --a------ C:\U7t9p2.exe
    2009-03-08 18:45 . 2009-03-08 18:47 192,512 --a------ C:\U7t9p.exe
    2009-03-08 18:45 . 2009-03-08 18:45 8,150 --a------ C:\bNKA.bat
    2009-03-08 18:45 . 2009-03-08 18:45 207 --a------ C:\KE2BlVSE.bat
    2009-03-08 18:34 . 2009-03-08 18:35 238,080 --a------ C:\TQyxdliu2.exe
    2009-03-08 18:31 . 2009-03-08 18:34 192,512 --a------ C:\TQyxdliu.exe
    2009-03-08 18:30 . 2009-03-08 18:30 8,150 --a------ C:\ML8ER2o8.bat
    2009-03-08 18:30 . 2009-03-08 18:30 228 --a------ C:\K6jW.bat
    2009-03-08 14:03 . 2009-03-08 14:04 238,080 --a------ C:\X36EE2.exe
    2009-03-08 14:01 . 2009-03-08 14:03 192,512 --a------ C:\X36EE.exe
    2009-03-08 14:00 . 2009-03-08 14:00 8,150 --a------ C:\YML.bat
    2009-03-08 14:00 . 2009-03-08 14:00 206 --a------ C:\x1jg3gH.bat
    2009-03-08 13:33 . 2009-03-08 13:37 51,100 --a------ C:\tGAy2.exe
    2009-03-08 13:32 . 2009-03-08 13:32 8,150 --a------ C:\aHla.bat
    2009-03-08 13:32 . 2009-03-08 13:33 5,792 --a------ C:\tGAy.exe
    2009-03-08 13:32 . 2009-03-08 13:32 203 --a------ C:\bZr.bat
    2009-03-08 13:06 . 2009-03-08 13:11 238,080 --a------ C:\qdK0FVi2.exe
    2009-03-08 13:02 . 2009-03-08 13:06 192,512 --a------ C:\qdK0FVi.exe
    2009-03-08 13:01 . 2009-03-08 13:01 8,150 --a------ C:\efq.bat
    2009-03-08 13:01 . 2009-03-08 13:01 218 --a------ C:\ivNgS5.bat
    2009-03-08 12:51 . 2009-03-08 12:53 23,360 --a------ C:\FoEgBE2.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-09 23:36 --------- d-----w c:\program files\Steam
    2009-03-09 02:31 --------- d-----w c:\program files\BitComet
    2009-03-01 02:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-02-27 14:37 --------- d-----w c:\documents and settings\mom\Application Data\LimeWire
    2009-02-08 06:25 --------- d-----w c:\program files\Shockwave.com
    2009-01-31 00:13 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-31 00:13 --------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3
    2009-01-30 23:42 --------- d-----w c:\program files\Microsoft Games
    2009-01-23 21:45 --------- d-----w c:\program files\Kap.SATr
    2009-01-23 03:30 --------- d-----w c:\documents and settings\mom\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
    2009-01-21 00:18 --------- d-----w c:\program files\Electronic Arts
    2009-01-17 02:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-11 22:52 --------- d-----w c:\program files\LSI SoftModem
    2009-01-11 19:47 --------- d-----w c:\program files\Microsoft Silverlight
    2008-12-10 01:42 31 ----a-w c:\documents and settings\mom\jagex_runescape_preferences.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam "= "c:\program files\steam\steam.exe" [2008-10-07 1410296]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "Yahoo! Pager "= "c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
    "SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
    "NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-07 185896]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
    "AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-08-17 1232152]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
    "GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "Media Codec Update Service "= "c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
    "nwiz "= "nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe]
    "CTHelper "= "CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
    "CTxfiHlp "= "CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]

    c:\documents and settings\mom\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-07-17 106496]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop "= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\LimeWire\\LimeWire.exe "=
    "c:\\Program Files\\Steam\\Steam.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\BitComet\\BitComet.exe "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD "=
    "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe "=
    "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "c:\\Program Files\\Microsoft Games\\Combat Flight Simulator\\COMBATFS.EXE "=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
    "c:\\Program Files\\PopCap Games\\Typer Shark Deluxe\\WinTS.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7715:TCP "= 7715:TCP:BitCometBeta 7715 TCP
    "7715:UDP "= 7715:UDP:BitCometBeta 7715 UDP

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-17 96520]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-17 231192]
    S3 mgau;mgau;c:\windows\system32\drivers\mgaum.sys [2009-01-08 320384]
    S3 PCnetHL;AMD PCnet-Home Adapter Driver;c:\windows\system32\DRIVERS\pcntn5hl.sys --> c:\windows\system32\DRIVERS\pcntn5hl.sys [?]
    S3 XPAD910;XPADFilter Service 910;c:\windows\system32\drivers\xpad910.sys [2008-09-10 29405]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1597b92-26eb-11d8-9b81-806d6172696f}]
    \Shell\AutoRun\command - E:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8fc89fb-fbc4-11dd-b5d7-00301b3a532e}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

    2009-03-09 c:\windows\Tasks\User_Feed_Synchronization-{1EB108CF-ECF5-4F4F-9BC0-8533B710F6A7}.job
    - c:\windows\system32\msfeedssync.exe [2008-08-22 04:05]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\mom\Application Data\Mozilla\Firefox\Profiles\c9cxfovx.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - component: c:\documents and settings\mom\Application Data\Mozilla\Firefox\Profiles\c9cxfovx.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\defaults\pref\wildblue.js - pref( "network.proxy.type ", 2);
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-09 18:37:48
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1123561945-343818398-725345543-1003\Software\SecuROM\License information*]
    "datasecu "=hex:01,0d,ff,c3,ff,c1,98,3c,1f,c0,bf,0a,51,aa,b5,fc,17,03,aa,ad,bb,
    83,93,9b,b1,bb,e0,8c,54,12,1b,20,f8,68,d9,21,cd,ec,78,13,2b,de,11,10,43,c8,\
    "rkeysecu "=hex:c5,61,7a,13,89,99,85,1c,32,8f,0c,85,3d,dd,17,c8
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(716)
    c:\windows\system32\Ati2evxx.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\agrsmsvc.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-03-09 18:41:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-03-09 23:41:18
    ComboFix2.txt 2009-03-09 19:27:07

    Pre-Run: 64,900,984,832 bytes free
    Post-Run: 64,920,150,016 bytes free

    637 --- E O F --- 2008-11-13 09:05:15
     
    jbh,
    #13
  15. 2009/03/09
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Welcome back

    Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.


    # Open Spybot Search & Destroy.
    # In the Mode menu click "Advanced mode" if not already selected.
    # Choose "Yes" at the Warning prompt.
    # Expand the "Tools" menu.
    # Click "Resident ".
    # Uncheck the "Resident "TeaTimer" (Protection of overall system settings)
    active." box.
    # In the File menu click "Exit" to exit Spybot Search & Destroy.


    Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

    O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent



    Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
    This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

    Click on this link Here to see a list of programs that should be disabled.
    The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.
    Code:
    File:: 
C:\S3aAq2.exe
C:\S3aAq.exe
C:\pyN0H2X8.bat
C:\I3v1Dfug.bat
C:\gWGv2.exe
C:\gWGv.exe
C:\rGZdKblQ.bat
C:\Fezf1.bat
C:\sowAyX12.exe
C:\sowAyX1.exe
C:\CnoT.bat
C:\Gezj.bat
C:\lsUnP422.exe
C:\lsUnP42.exe
C:\eYXL.bat
C:\csFbDWt1.bat
C:\b3h2.exe
C:\b3h.exe
C:\bPqWcK9.bat
C:\N7p6dU.bat
C:\kzFZJw2.exe
C:\kzFZJw.exe
C:\QOQF.bat
C:\WzYCG.bat
C:\pLcY2.exe
C:\pLcY.exe
C:\yY3ks.bat
C:\ZPmzDtm2.bat
C:\zACa6Y2.exe
C:\zACa6Y.exe
C:\MTNwA.bat
C:\n8nkgATk.bat
C:\ifPDYZSh2.exe
C:\ifPDYZSh.exe
C:\pNtl.bat
C:\drpBk3F1.bat
C:\HwVTgs22.exe
C:\HwVTgs2.exe
C:\oxQjB5f.bat
C:\H8YjYj8.bat
C:\czTDtf2n2.exe
C:\czTDtf2n.exe
C:\G9ycd.bat
C:\oRT.bat
C:\wyk.exe
C:\D88IuCmI.bat
C:\TStp1.bat
C:\CHC3l.bat
C:\TDifc.bat
C:\HWJH0q2.exe
C:\HWJH0q.exe
C:\yZeJF3tA.bat
C:\ik9ko.bat
C:\o9k4Jw2.exe
C:\o9k4Jw.exe
C:\LOVda.bat
C:\FXI8WF.bat
C:\mxGMBZC2.exe
C:\mxGMBZC.exe
C:\HO5xIqB.bat
C:\BC7hc.bat
C:\BMe6SNu.exe
C:\kgD.bat
C:\LYT.bat
C:\RQnD2.exe
C:\RQnD.exe
C:\ZzMz.bat
C:\Wh17d.bat
C:\wKgm2.exe
C:\wKgm.exe
C:\LTY.bat
C:\ZHG8.bat
C:\kd7gn2.exe
C:\kd7gn.exe
C:\ArXtS7p.bat
C:\fYIX.bat
C:\Bey2.exe
C:\Bey.exe
C:\AihQt.bat
C:\Vz2vXs.bat
C:\zZ1U2.exe
C:\zZ1U.exe
C:\h6EF.bat
C:\yz5czK.bat
C:\GfG1r42.exe
C:\GfG1r4.exe
C:\l2Fmg3Z.bat
C:\RNIP3.bat
C:\nc0AjcvD2.exe
C:\nc0AjcvD.exe
C:\SrutYer.bat
C:\DGa68RG.bat
C:\F5Dwg2.exe
C:\F5Dwg.exe
C:\xxIlI0nN.bat
C:\kgADj.bat
C:\GvLfCYz2.exe
C:\GvLfCYz.exe
C:\m37EQ9WR.bat
C:\XF9.bat
C:\Y9VTDZ2.exe
C:\Y9VTDZ.exe
C:\iKgl7Ani.bat
C:\hrI8J.bat
C:\U7t9p2.exe
C:\U7t9p.exe
C:\bNKA.bat
C:\KE2BlVSE.bat
C:\TQyxdliu2.exe
C:\TQyxdliu.exe
C:\ML8ER2o8.bat
C:\K6jW.bat
C:\X36EE2.exe
C:\X36EE.exe
C:\YML.bat
C:\x1jg3gH.bat
C:\tGAy2.exe
C:\aHla.bat
C:\tGAy.exe
C:\bZr.bat
C:\qdK0FVi2.exe
C:\qdK0FVi.exe
C:\efq.bat
C:\ivNgS5.bat
C:\FoEgBE2.exe

Folder:: 
C:\Program Files\Essentials Codec Pack

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "Media Codec Update Service "=-
    [​IMG]

    Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



    Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
    Follow the instructions for the browser you use.
    Read the instructions about the cookies. Delete what you do not need.

    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:
    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Java Cache
    The rest are optional - if you want to remove the lot, check "Select All ".
    Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
    If you use the Firefox or Opera browsers, you can use this program
    as a quick way to tidy those up as well.
    When you have finished, click on the Exit button in the Main menu.
    ========================




    NEXT**
    I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
    The below scan can take up to an hour or longer, please be patient.

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


    Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

    Other available links
    Kaspersky Online Scanner or from here
    http://www.kaspersky.com/virusscanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.

    • The program will install and then begin downloading the latest definition
      files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run. (At times it may appear to stall)
      * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
      * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
      * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Once the scan is complete, click on View scan report To obtain the report:
    Click on: Save Report As
    Next, in the Save as prompt, Save in area, select: Desktop
    In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
    Text file [*.txt]
    Then, click: Save
    Please post the Kaspersky Online Scanner Report in
    your reply.

    Animated tutorial
    http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

    (Note.. for Internet Explorer 7 users:
    If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%    .)
    Or use Firefox with IE-Tab plugin
    https://addons.mozilla.org/en-US/firefox/addon/1419


    In your next reply post:
    ComboFix.txt
    Kaspersky log
    New HJT log taken after the above scans have run


    You may need several replies to post the requested logs, otherwise they might get cut off.


    Please give me an update on how the computer is at the moment.
     
    Juliet,
    #14
  16. 2009/03/10
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    ComboFix 09-03-06.02 - mom 2009-03-09 21:57:28.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1030 [GMT -5:00]
    Running from: c:\documents and settings\mom\Desktop\Combo-Fix.exe
    Command switches used :: c:\documents and settings\mom\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
    * Created a new restore point

    FILE ::
    C:\aHla.bat
    C:\AihQt.bat
    C:\ArXtS7p.bat
    C:\b3h.exe
    C:\b3h2.exe
    C:\BC7hc.bat
    C:\Bey.exe
    C:\Bey2.exe
    C:\BMe6SNu.exe
    C:\bNKA.bat
    C:\bPqWcK9.bat
    C:\bZr.bat
    C:\CHC3l.bat
    C:\CnoT.bat
    C:\csFbDWt1.bat
    C:\czTDtf2n.exe
    C:\czTDtf2n2.exe
    C:\D88IuCmI.bat
    C:\DGa68RG.bat
    C:\drpBk3F1.bat
    C:\efq.bat
    C:\eYXL.bat
    C:\F5Dwg.exe
    C:\F5Dwg2.exe
    C:\Fezf1.bat
    C:\FoEgBE2.exe
    C:\FXI8WF.bat
    C:\fYIX.bat
    C:\G9ycd.bat
    C:\Gezj.bat
    C:\GfG1r4.exe
    C:\GfG1r42.exe
    C:\GvLfCYz.exe
    C:\GvLfCYz2.exe
    C:\gWGv.exe
    C:\gWGv2.exe
    C:\h6EF.bat
    C:\H8YjYj8.bat
    C:\HO5xIqB.bat
    C:\hrI8J.bat
    C:\HWJH0q.exe
    C:\HWJH0q2.exe
    C:\HwVTgs2.exe
    C:\HwVTgs22.exe
    C:\I3v1Dfug.bat
    C:\ifPDYZSh.exe
    C:\ifPDYZSh2.exe
    C:\ik9ko.bat
    C:\iKgl7Ani.bat
    C:\ivNgS5.bat
    C:\K6jW.bat
    C:\kd7gn.exe
    C:\kd7gn2.exe
    C:\KE2BlVSE.bat
    C:\kgADj.bat
    C:\kgD.bat
    C:\kzFZJw.exe
    C:\kzFZJw2.exe
    C:\l2Fmg3Z.bat
    C:\LOVda.bat
    C:\lsUnP42.exe
    C:\lsUnP422.exe
    C:\LTY.bat
    C:\LYT.bat
    C:\m37EQ9WR.bat
    C:\ML8ER2o8.bat
    C:\MTNwA.bat
    C:\mxGMBZC.exe
    C:\mxGMBZC2.exe
    C:\N7p6dU.bat
    C:\n8nkgATk.bat
    C:\nc0AjcvD.exe
    C:\nc0AjcvD2.exe
    C:\o9k4Jw.exe
    C:\o9k4Jw2.exe
    C:\oRT.bat
    C:\oxQjB5f.bat
    C:\pLcY.exe
    C:\pLcY2.exe
    C:\pNtl.bat
    C:\pyN0H2X8.bat
    C:\qdK0FVi.exe
    C:\qdK0FVi2.exe
    C:\QOQF.bat
    C:\rGZdKblQ.bat
    C:\RNIP3.bat
    C:\RQnD.exe
    C:\RQnD2.exe
    C:\S3aAq.exe
    C:\S3aAq2.exe
    C:\sowAyX1.exe
    C:\sowAyX12.exe
    C:\SrutYer.bat
    C:\TDifc.bat
    C:\tGAy.exe
    C:\tGAy2.exe
    C:\TQyxdliu.exe
    C:\TQyxdliu2.exe
    C:\TStp1.bat
    C:\U7t9p.exe
    C:\U7t9p2.exe
    C:\Vz2vXs.bat
    C:\Wh17d.bat
    C:\wKgm.exe
    C:\wKgm2.exe
    C:\wyk.exe
    C:\WzYCG.bat
    C:\x1jg3gH.bat
    C:\X36EE.exe
    C:\X36EE2.exe
    C:\XF9.bat
    C:\xxIlI0nN.bat
    C:\Y9VTDZ.exe
    C:\Y9VTDZ2.exe
    C:\YML.bat
    C:\yY3ks.bat
    C:\yz5czK.bat
    C:\yZeJF3tA.bat
    C:\zACa6Y.exe
    C:\zACa6Y2.exe
    C:\ZHG8.bat
    C:\ZPmzDtm2.bat
    C:\zZ1U.exe
    C:\zZ1U2.exe
    C:\ZzMz.bat
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\aHla.bat
    C:\AihQt.bat
    C:\ArXtS7p.bat
    C:\b3h.exe
    C:\b3h2.exe
    C:\BC7hc.bat
    C:\Bey.exe
    C:\Bey2.exe
    C:\BMe6SNu.exe
    C:\bNKA.bat
    C:\bPqWcK9.bat
    C:\bZr.bat
    C:\CHC3l.bat
    C:\CnoT.bat
    C:\csFbDWt1.bat
    C:\czTDtf2n.exe
    C:\czTDtf2n2.exe
    C:\D88IuCmI.bat
    C:\DGa68RG.bat
    C:\drpBk3F1.bat
    C:\efq.bat
    C:\eYXL.bat
    C:\F5Dwg.exe
    C:\F5Dwg2.exe
    C:\Fezf1.bat
    C:\FoEgBE2.exe
    C:\FXI8WF.bat
    C:\fYIX.bat
    C:\G9ycd.bat
    C:\Gezj.bat
    C:\GfG1r4.exe
    C:\GfG1r42.exe
    C:\GvLfCYz.exe
    C:\GvLfCYz2.exe
    C:\gWGv.exe
    C:\gWGv2.exe
    C:\h6EF.bat
    C:\H8YjYj8.bat
    C:\HO5xIqB.bat
    C:\hrI8J.bat
    C:\HWJH0q.exe
    C:\HWJH0q2.exe
    C:\HwVTgs2.exe
    C:\HwVTgs22.exe
    C:\I3v1Dfug.bat
    C:\ifPDYZSh.exe
    C:\ifPDYZSh2.exe
    C:\ik9ko.bat
    C:\iKgl7Ani.bat
    C:\ivNgS5.bat
    C:\K6jW.bat
    C:\kd7gn.exe
    C:\kd7gn2.exe
    C:\KE2BlVSE.bat
    C:\kgADj.bat
    C:\kgD.bat
    C:\kzFZJw.exe
    C:\kzFZJw2.exe
    C:\l2Fmg3Z.bat
    C:\LOVda.bat
    C:\lsUnP42.exe
    C:\lsUnP422.exe
    C:\LTY.bat
    C:\LYT.bat
    C:\m37EQ9WR.bat
    C:\ML8ER2o8.bat
    C:\MTNwA.bat
    C:\mxGMBZC.exe
    C:\mxGMBZC2.exe
    C:\N7p6dU.bat
    C:\n8nkgATk.bat
    C:\nc0AjcvD.exe
    C:\nc0AjcvD2.exe
    C:\o9k4Jw.exe
    C:\o9k4Jw2.exe
    C:\oRT.bat
    C:\oxQjB5f.bat
    C:\pLcY.exe
    C:\pLcY2.exe
    C:\pNtl.bat
    c:\program files\Essentials Codec Pack
    c:\program files\Essentials Codec Pack\ac3filter.ax
    c:\program files\Essentials Codec Pack\AviSplitter.ax
    c:\program files\Essentials Codec Pack\cddareader.ax
    c:\program files\Essentials Codec Pack\cdxareader.ax
    c:\program files\Essentials Codec Pack\CLVSD.AX
    c:\program files\Essentials Codec Pack\CoreAAC.ax
    c:\program files\Essentials Codec Pack\CoreFLACDecoder.ax
    c:\program files\Essentials Codec Pack\CoreVorbis.ax
    c:\program files\Essentials Codec Pack\ffdshow\audxlib.dll
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\andreas_78er.matrix.xcm
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\andreas_doppelte_99er.matrix.xcm
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\andreas_einfache_99er.matrix.xcm
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\Bulletproof's Heavy Compression Matrix.xcm
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\Bulletproof's High Quality Matrix.xcm
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\CG-Animation Matrix.xcm
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\hvs-best-picture.xcm
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\hvs-better-picture.xcm
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\hvs-good-picture.xcm
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\Low Bitrate Matrix.xcm
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\MPEG.xcm
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\pvcd.xcm
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\Soulhunters V3.xcm
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\Soulhunters V5.xcm
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\Standard.xcm
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\Ultimate Matrix.xcm
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\Ultra Low Bitrate Matrix.xcm
    c:\program files\Essentials Codec Pack\ffdshow\custom matrices\Very Low Bitrate Matrix.xcm
    c:\program files\Essentials Codec Pack\ffdshow\ff_kernelDeint.dll
    c:\program files\Essentials Codec Pack\ffdshow\ff_liba52.dll
    c:\program files\Essentials Codec Pack\ffdshow\ff_libdts.dll
    c:\program files\Essentials Codec Pack\ffdshow\ff_libfaad2.dll
    c:\program files\Essentials Codec Pack\ffdshow\ff_libmad.dll
    c:\program files\Essentials Codec Pack\ffdshow\ff_realaac.dll
    c:\program files\Essentials Codec Pack\ffdshow\ff_samplerate.dll
    c:\program files\Essentials Codec Pack\ffdshow\ff_theora.dll
    c:\program files\Essentials Codec Pack\ffdshow\ff_tremor.dll
    c:\program files\Essentials Codec Pack\ffdshow\ff_unrar.dll
    c:\program files\Essentials Codec Pack\ffdshow\ff_wmv9.dll
    c:\program files\Essentials Codec Pack\ffdshow\ff_x264.dll
    c:\program files\Essentials Codec Pack\ffdshow\ffdshow.ax
    c:\program files\Essentials Codec Pack\ffdshow\ffdshow.ax.manifest
    c:\program files\Essentials Codec Pack\ffdshow\languages\ffdshow.1026.bg
    c:\program files\Essentials Codec Pack\ffdshow\languages\ffdshow.1028.tc
    c:\program files\Essentials Codec Pack\ffdshow\languages\ffdshow.1029.cz
    c:\program files\Essentials Codec Pack\ffdshow\languages\ffdshow.1031.de
    c:\program files\Essentials Codec Pack\ffdshow\languages\ffdshow.1033.en
    c:\program files\Essentials Codec Pack\ffdshow\languages\ffdshow.1034.es
    c:\program files\Essentials Codec Pack\ffdshow\languages\ffdshow.1036.fr
    c:\program files\Essentials Codec Pack\ffdshow\languages\ffdshow.1038.hu
    c:\program files\Essentials Codec Pack\ffdshow\languages\ffdshow.1040.it
    c:\program files\Essentials Codec Pack\ffdshow\languages\ffdshow.1041.ja
    c:\program files\Essentials Codec Pack\ffdshow\languages\ffdshow.1041.jp
    c:\program files\Essentials Codec Pack\ffdshow\languages\ffdshow.1045.pl
    c:\program files\Essentials Codec Pack\ffdshow\languages\ffdshow.1046.br
    c:\program files\Essentials Codec Pack\ffdshow\languages\ffdshow.1049.ru
    c:\program files\Essentials Codec Pack\ffdshow\languages\ffdshow.1051.sk
    c:\program files\Essentials Codec Pack\ffdshow\languages\ffdshow.1053.se
    c:\program files\Essentials Codec Pack\ffdshow\languages\ffdshow.2052.sc
    c:\program files\Essentials Codec Pack\ffdshow\libavcodec.dll
    c:\program files\Essentials Codec Pack\ffdshow\libmpeg2_ff.dll
    c:\program files\Essentials Codec Pack\ffdshow\libmplayer.dll
    c:\program files\Essentials Codec Pack\ffdshow\TomsMoComp_ff.dll
    c:\program files\Essentials Codec Pack\FLVSplitter.ax
    c:\program files\Essentials Codec Pack\iccvid.dll
    c:\program files\Essentials Codec Pack\l3codecp.acm
    c:\program files\Essentials Codec Pack\l3codecx.ax
    c:\program files\Essentials Codec Pack\lame.ax
    c:\program files\Essentials Codec Pack\MatroskaSplitter.ax
    c:\program files\Essentials Codec Pack\MonkeySource.ax
    c:\program files\Essentials Codec Pack\MP4Splitter.ax
    c:\program files\Essentials Codec Pack\MpaSplitter.ax
    c:\program files\Essentials Codec Pack\Mpeg2DecFilter.ax
    c:\program files\Essentials Codec Pack\MpegSplitter.ax
    c:\program files\Essentials Codec Pack\mplayerc.exe
    c:\program files\Essentials Codec Pack\OggSplitter.ax
    c:\program files\Essentials Codec Pack\RealMediaSplitter.ax
    c:\program files\Essentials Codec Pack\RLMPCDec.ax
    c:\program files\Essentials Codec Pack\RLOFRDec.ax
    c:\program files\Essentials Codec Pack\shoutcastsource.ax
    c:\program files\Essentials Codec Pack\uninst.exe
    c:\program files\Essentials Codec Pack\update.exe
    c:\program files\Essentials Codec Pack\vorbis.acm
    c:\program files\Essentials Codec Pack\VSFilter.dll
    c:\program files\Essentials Codec Pack\WavPackDSDecoder.ax
    c:\program files\Essentials Codec Pack\WavPackDSSplitter.ax
    c:\program files\Essentials Codec Pack\Windows Essentials Media Codec Pack.url
    c:\program files\Essentials Codec Pack\xvid.ax
    c:\program files\Essentials Codec Pack\xvidcore.dll
    c:\program files\Essentials Codec Pack\xvidvfw.dll
    C:\pyN0H2X8.bat
    C:\qdK0FVi.exe
    C:\qdK0FVi2.exe
    C:\QOQF.bat
    C:\rGZdKblQ.bat
    C:\RNIP3.bat
    C:\RQnD.exe
    C:\RQnD2.exe
    C:\S3aAq.exe
    C:\S3aAq2.exe
    C:\sowAyX1.exe
    C:\sowAyX12.exe
    C:\SrutYer.bat
    C:\TDifc.bat
    C:\tGAy.exe
    C:\tGAy2.exe
    C:\TQyxdliu.exe
    C:\TQyxdliu2.exe
    C:\TStp1.bat
    C:\U7t9p.exe
    C:\U7t9p2.exe
    C:\Vz2vXs.bat
    C:\Wh17d.bat
    C:\wKgm.exe
    C:\wKgm2.exe
    C:\wyk.exe
    C:\WzYCG.bat
    C:\x1jg3gH.bat
    C:\X36EE.exe
    C:\X36EE2.exe
    C:\XF9.bat
    C:\xxIlI0nN.bat
    C:\Y9VTDZ.exe
    C:\Y9VTDZ2.exe
    C:\YML.bat
    C:\yY3ks.bat
    C:\yz5czK.bat
    C:\yZeJF3tA.bat
    C:\zACa6Y.exe
    C:\zACa6Y2.exe
    C:\ZHG8.bat
    C:\ZPmzDtm2.bat
    C:\zZ1U.exe
    C:\zZ1U2.exe
    C:\ZzMz.bat

    .
    ((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
    .
     
    jbh,
    #15
  17. 2009/03/10
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    combo-fix continued.


    2009-03-08 12:47 . 2009-03-08 12:51 192,512 --a------ C:\FoEgBE.exe
    2009-03-08 12:47 . 2009-03-08 12:47 8,150 --a------ C:\IAs9R.bat
    2009-03-08 12:47 . 2009-03-08 12:47 212 --a------ C:\rZsbOwv.bat
    2009-03-08 12:32 . 2009-03-08 12:36 238,080 --a------ C:\ZUhL2.exe
    2009-03-08 12:30 . 2009-03-08 12:32 192,512 --a------ C:\ZUhL.exe
    2009-03-08 12:30 . 2009-03-08 12:30 8,150 --a------ C:\tozmi.bat
    2009-03-08 12:30 . 2009-03-08 12:30 202 --a------ C:\wQ0.bat
    2009-03-08 12:23 . 2009-03-08 12:25 238,080 --a------ C:\yQHZA2.exe
    2009-03-08 12:17 . 2009-03-08 12:23 192,512 --a------ C:\yQHZA.exe
    2009-03-08 12:15 . 2009-03-08 12:15 8,150 --a------ C:\TneYUug9.bat
    2009-03-08 12:15 . 2009-03-08 12:15 211 --a------ C:\CXmo.bat
    2009-03-08 12:05 . 2009-03-08 12:11 238,080 --a------ C:\t7gtQl2.exe
    2009-03-08 12:02 . 2009-03-08 12:05 192,512 --a------ C:\t7gtQl.exe
    2009-03-08 12:02 . 2009-03-08 12:02 8,150 --a------ C:\mC6IIRW.bat
    2009-03-08 12:02 . 2009-03-08 12:02 212 --a------ C:\L0OFy6i.bat
    2009-03-08 11:06 . 2009-03-08 11:10 238,080 --a------ C:\U0E2.exe
    2009-03-08 11:04 . 2009-03-08 11:06 192,512 --a------ C:\U0E.exe
    2009-03-08 11:03 . 2009-03-08 11:03 8,150 --a------ C:\nyw1.bat
    2009-03-08 11:03 . 2009-03-08 11:03 194 --a------ C:\CZBhofoz.bat
    2009-03-08 10:45 . 2009-03-08 10:45 8,150 --a------ C:\GrY.bat
    2009-03-08 10:45 . 2009-03-08 10:45 210 --a------ C:\ngUnh.bat
    2009-03-08 10:32 . 2009-03-08 10:33 238,080 --a------ C:\HWg2.exe
    2009-03-08 10:31 . 2009-03-08 10:32 192,512 --a------ C:\HWg.exe
    2009-03-08 10:31 . 2009-03-08 10:31 8,150 --a------ C:\vPfra.bat
    2009-03-08 10:31 . 2009-03-08 10:31 196 --a------ C:\mc4DP5Lg.bat
    2009-03-08 10:02 . 2009-03-08 10:07 238,080 --a------ C:\Mvgsrg2.exe
    2009-03-08 10:00 . 2009-03-08 10:02 37,648 --a------ C:\Mvgsrg.exe
    2009-03-08 10:00 . 2009-03-08 10:00 8,150 --a------ C:\Iqf.bat
    2009-03-08 10:00 . 2009-03-08 10:00 216 --a------ C:\wyn024.bat
    2009-03-08 09:49 . 2009-03-08 09:49 0 --a------ C:\y6npmlb2.exe
    2009-03-08 09:46 . 2009-03-08 09:49 192,512 --a------ C:\y6npmlb.exe
    2009-03-08 09:45 . 2009-03-08 09:45 8,150 --a------ C:\u10rKb.bat
    2009-03-08 09:45 . 2009-03-08 09:45 223 --a------ C:\EDl.bat
    2009-03-08 09:31 . 2009-03-08 09:32 238,080 --a------ C:\b99m9t2.exe
    2009-03-08 09:30 . 2009-03-08 09:31 192,512 --a------ C:\b99m9t.exe
    2009-03-08 09:30 . 2009-03-08 09:30 8,150 --a------ C:\v4K2wI.bat
    2009-03-08 09:30 . 2009-03-08 09:30 217 --a------ C:\sHc2wjWQ.bat
    2009-03-08 09:17 . 2009-03-08 09:20 238,080 --a------ C:\X5h00Xi2.exe
    2009-03-08 09:17 . 2009-03-08 09:18 238,080 --a------ C:\vFgxS2.exe
    2009-03-08 09:15 . 2009-03-08 09:17 192,512 --a------ C:\X5h00Xi.exe
    2009-03-08 09:15 . 2009-03-08 09:17 192,512 --a------ C:\vFgxS.exe
    2009-03-08 09:15 . 2009-03-08 09:15 8,150 --a------ C:\oE0vtP0Q.bat
    2009-03-08 09:15 . 2009-03-08 09:15 8,150 --a------ C:\ISylmE.bat
    2009-03-08 09:15 . 2009-03-08 09:15 223 --a------ C:\sst38o.bat
    2009-03-08 09:15 . 2009-03-08 09:15 209 --a------ C:\OzO.bat
    2009-03-08 06:15 . 2009-03-08 06:15 8,150 --a------ C:\WZl.bat
    2009-03-08 06:15 . 2009-03-08 06:15 216 --a------ C:\imdARCj.bat
    2009-03-08 06:01 . 2009-03-08 06:02 238,080 --a------ C:\kug2.exe
    2009-03-08 06:00 . 2009-03-08 06:01 192,512 --a------ C:\kug.exe
    2009-03-08 06:00 . 2009-03-08 06:00 8,150 --a------ C:\Twf.bat
    2009-03-08 06:00 . 2009-03-08 06:00 198 --a------ C:\EpaWy0.bat
    2009-03-08 05:47 . 2009-03-08 05:49 238,080 --a------ C:\db12.exe
    2009-03-08 05:45 . 2009-03-08 05:47 192,512 --a------ C:\db1.exe
    2009-03-08 05:45 . 2009-03-08 05:45 8,150 --a------ C:\sIoN.bat
    2009-03-08 05:45 . 2009-03-08 05:45 198 --a------ C:\mK0M.bat
    2009-03-08 05:16 . 2009-03-08 05:21 233,128 --a------ C:\uQh2.exe
    2009-03-08 05:15 . 2009-03-08 05:16 192,512 --a------ C:\uQh.exe
    2009-03-08 05:15 . 2009-03-08 05:15 8,150 --a------ C:\SEbXS5RL.bat
    2009-03-08 05:15 . 2009-03-08 05:15 198 --a------ C:\g4M.bat
    2009-03-08 05:02 . 2009-03-08 05:06 238,080 --a------ C:\w3esqOR2.exe
    2009-03-08 05:00 . 2009-03-08 05:02 102,880 --a------ C:\w3esqOR.exe
    2009-03-08 05:00 . 2009-03-08 05:00 8,150 --a------ C:\N8DeZ.bat
    2009-03-08 05:00 . 2009-03-08 05:00 222 --a------ C:\qGa.bat
    2009-03-08 04:47 . 2009-03-08 04:53 238,080 --a------ C:\kEvKnc2.exe
    2009-03-08 04:45 . 2009-03-08 04:47 192,512 --a------ C:\kEvKnc.exe
    2009-03-08 04:45 . 2009-03-08 04:45 8,150 --a------ C:\MKQp.bat
    2009-03-08 04:45 . 2009-03-08 04:45 217 --a------ C:\uGGsjv.bat
    2009-03-08 04:34 . 2009-03-08 04:37 70,952 --a------ C:\Fjp03Jq2.exe
    2009-03-08 04:31 . 2009-03-08 04:34 192,512 --a------ C:\Fjp03Jq.exe
    2009-03-08 04:31 . 2009-03-08 04:31 8,150 --a------ C:\i9DQ.bat
    2009-03-08 04:31 . 2009-03-08 04:31 219 --a------ C:\e39ssXa.bat
    2009-03-08 04:04 . 2009-03-08 04:08 237,544 --a------ C:\X7yA2.exe
    2009-03-08 04:00 . 2009-03-08 04:04 192,512 --a------ C:\X7yA.exe
    2009-03-08 04:00 . 2009-03-08 04:00 8,150 --a------ C:\nyr6.bat
    2009-03-08 04:00 . 2009-03-08 04:00 202 --a------ C:\TDprSi.bat
    2009-03-08 03:45 . 2009-03-08 03:45 8,150 --a------ C:\MW5uL0j.bat
    2009-03-08 03:45 . 2009-03-08 03:47 1,448 --a------ C:\pknP.exe
    2009-03-08 03:45 . 2009-03-08 03:45 205 --a------ C:\CDgB.bat
    2009-03-08 03:33 . 2009-03-08 03:36 238,080 --a------ C:\ZzJMq2.exe
    2009-03-08 03:31 . 2009-03-08 03:33 10,136 --a------ C:\ZzJMq.exe
    2009-03-08 03:30 . 2009-03-08 03:30 8,150 --a------ C:\DQW.bat
    2009-03-08 03:30 . 2009-03-08 03:30 207 --a------ C:\S1p48RV7.bat
    2009-03-08 03:00 . 2009-03-08 03:00 8,150 --a------ C:\Unt.bat
    2009-03-08 03:00 . 2009-03-08 03:00 222 --a------ C:\dL6T.bat
    2009-03-08 02:32 . 2009-03-08 02:32 0 --a------ C:\CVds.exe
    2009-03-08 02:31 . 2009-03-08 02:31 8,150 --a------ C:\tJyQqx.bat
    2009-03-08 02:31 . 2009-03-08 02:31 202 --a------ C:\QV7LN.bat
    2009-03-08 02:16 . 2009-03-08 02:16 8,150 --a------ C:\nw3.bat
    2009-03-08 02:16 . 2009-03-08 02:16 204 --a------ C:\xMw.bat
    2009-03-08 02:01 . 2009-03-08 02:01 8,150 --a------ C:\rQ2sU3u.bat
    2009-03-08 02:01 . 2009-03-08 02:01 214 --a------ C:\PqsaYPM.bat
    2009-03-08 01:19 . 2009-03-08 01:19 0 --a------ C:\rljzF2.exe
    2009-03-08 01:16 . 2009-03-08 01:19 55,024 --a------ C:\rljzF.exe
    2009-03-08 01:15 . 2009-03-08 01:15 8,150 --a------ C:\WAhv.bat
    2009-03-08 01:15 . 2009-03-08 01:15 210 --a------ C:\zBLyX.bat
    2009-03-08 01:00 . 2009-03-08 01:00 8,150 --a------ C:\PYt.bat
    2009-03-08 01:00 . 2009-03-08 01:00 214 --a------ C:\NQoYHh9.bat
    2009-03-08 00:45 . 2009-03-08 00:45 8,150 --a------ C:\LlGgg.bat
    2009-03-08 00:45 . 2009-03-08 00:45 212 --a------ C:\bFv.bat
    2009-03-08 00:15 . 2009-03-08 00:15 8,150 --a------ C:\FBH.bat
    2009-03-08 00:15 . 2009-03-08 00:15 218 --a------ C:\MKWI.bat
    2009-03-08 00:15 . 2009-03-08 00:15 0 --a------ C:\O21RnSN.exe
    2009-03-08 00:03 . 2009-03-08 00:05 1,448 --a------ C:\CPk2.exe
    2009-03-08 00:01 . 2009-03-08 00:03 52,128 --a------ C:\CPk.exe
    2009-03-08 00:00 . 2009-03-08 00:01 8,150 --a------ C:\V7Qs.bat
    2009-03-08 00:00 . 2009-03-08 00:00 198 --a------ C:\DrX77.bat
    2009-03-07 23:20 . 2009-03-07 23:23 76,744 --a------ C:\Bnyg2.exe
    2009-03-07 23:15 . 2009-03-07 23:20 192,512 --a------ C:\Bnyg.exe
    2009-03-07 23:15 . 2009-03-07 23:15 8,150 --a------ C:\GGEPI.bat
    2009-03-07 23:15 . 2009-03-07 23:15 200 --a------ C:\n3Fu.bat
    2009-03-07 23:02 . 2009-03-07 23:04 173,904 --a------ C:\l0cB2.exe
    2009-03-07 23:00 . 2009-03-07 23:02 192,512 --a------ C:\l0cB.exe
    2009-03-07 23:00 . 2009-03-07 23:00 8,150 --a------ C:\SRH69vEJ.bat
    2009-03-07 23:00 . 2009-03-07 23:00 201 --a------ C:\FJ9B7.bat
    2009-03-07 22:50 . 2009-03-07 22:54 134,664 --a------ C:\Msw2.exe
    2009-03-07 22:46 . 2009-03-07 22:50 192,512 --a------ C:\Msw.exe
    2009-03-07 22:46 . 2009-03-07 22:46 8,150 --a------ C:\SH1LhB.bat
    2009-03-07 22:46 . 2009-03-07 22:46 196 --a------ C:\Yzrl.bat
    2009-03-07 22:32 . 2009-03-07 22:33 238,080 --a------ C:\GVaT2.exe
    2009-03-07 22:30 . 2009-03-07 22:32 192,512 --a------ C:\GVaT.exe
    2009-03-07 22:30 . 2009-03-07 22:30 8,150 --a------ C:\wKE69AeN.bat
    2009-03-07 22:30 . 2009-03-07 22:30 203 --a------ C:\XlO.bat
    2009-03-07 22:16 . 2009-03-07 22:21 238,080 --a------ C:\LWwmc2.exe
    2009-03-07 22:15 . 2009-03-07 22:16 192,512 --a------ C:\LWwmc.exe
    2009-03-07 22:15 . 2009-03-07 22:15 8,150 --a------ C:\ztoxbFj.bat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-09 23:36 --------- d-----w c:\program files\Steam
    2009-03-09 02:31 --------- d-----w c:\program files\BitComet
    2009-03-01 02:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-02-27 14:37 --------- d-----w c:\documents and settings\mom\Application Data\LimeWire
    2009-02-22 01:28 --------- d-----w c:\program files\StepMania
    2009-02-08 06:25 --------- d-----w c:\program files\Shockwave.com
    2009-01-31 00:13 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-31 00:13 --------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3
    2009-01-30 23:42 --------- d-----w c:\program files\Microsoft Games
    2009-01-23 21:45 --------- d-----w c:\program files\Kap.SATr
    2009-01-23 03:30 --------- d-----w c:\documents and settings\mom\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
    2009-01-21 00:18 --------- d-----w c:\program files\Electronic Arts
    2009-01-17 02:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-11 22:52 --------- d-----w c:\program files\LSI SoftModem
    2009-01-11 19:47 --------- d-----w c:\program files\Microsoft Silverlight
    2008-12-10 01:42 31 ----a-w c:\documents and settings\mom\jagex_runescape_preferences.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam "= "c:\program files\steam\steam.exe" [2008-10-07 1410296]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "Yahoo! Pager "= "c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
    "NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-07 185896]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
    "AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-08-17 1232152]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
    "GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "nwiz "= "nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe]
    "CTHelper "= "CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
    "CTxfiHlp "= "CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]

    c:\documents and settings\mom\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-07-17 106496]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop "= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\LimeWire\\LimeWire.exe "=
    "c:\\Program Files\\Steam\\Steam.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\BitComet\\BitComet.exe "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD "=
    "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe "=
    "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "c:\\Program Files\\Microsoft Games\\Combat Flight Simulator\\COMBATFS.EXE "=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
    "c:\\Program Files\\PopCap Games\\Typer Shark Deluxe\\WinTS.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7715:TCP "= 7715:TCP:BitCometBeta 7715 TCP
    "7715:UDP "= 7715:UDP:BitCometBeta 7715 UDP

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-17 96520]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-17 231192]
    S3 mgau;mgau;c:\windows\system32\drivers\mgaum.sys [2009-01-08 320384]
    S3 PCnetHL;AMD PCnet-Home Adapter Driver;c:\windows\system32\DRIVERS\pcntn5hl.sys --> c:\windows\system32\DRIVERS\pcntn5hl.sys [?]
    S3 XPAD910;XPADFilter Service 910;c:\windows\system32\drivers\xpad910.sys [2008-09-10 29405]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1597b92-26eb-11d8-9b81-806d6172696f}]
    \Shell\AutoRun\command - E:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8fc89fb-fbc4-11dd-b5d7-00301b3a532e}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

    2009-03-10 c:\windows\Tasks\User_Feed_Synchronization-{1EB108CF-ECF5-4F4F-9BC0-8533B710F6A7}.job
    - c:\windows\system32\msfeedssync.exe [2008-08-22 04:05]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: {417BAF00-08F8-42BA-92E4-045A1691F2EE} = 209.244.0.3 209.244.0.4
    FF - ProfilePath - c:\documents and settings\mom\Application Data\Mozilla\Firefox\Profiles\c9cxfovx.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - component: c:\documents and settings\mom\Application Data\Mozilla\Firefox\Profiles\c9cxfovx.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\defaults\pref\wildblue.js - pref( "network.proxy.type ", 2);
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-09 21:59:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1123561945-343818398-725345543-1003\Software\SecuROM\License information*]
    "datasecu "=hex:01,0d,ff,c3,ff,c1,98,3c,1f,c0,bf,0a,51,aa,b5,fc,17,03,aa,ad,bb,
    83,93,9b,b1,bb,e0,8c,54,12,1b,20,f8,68,d9,21,cd,ec,78,13,2b,de,11,10,43,c8,\
    "rkeysecu "=hex:c5,61,7a,13,89,99,85,1c,32,8f,0c,85,3d,dd,17,c8
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(716)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2009-03-09 22:01:28
    ComboFix-quarantined-files.txt 2009-03-10 03:00:59
    ComboFix2.txt 2009-03-09 23:41:23
    ComboFix3.txt 2009-03-09 19:27:07

    Pre-Run: 64,914,055,168 bytes free
    Post-Run: 64,864,464,896 bytes free

    617 --- E O F --- 2008-11-13 09:05:15 35031-4319
     
    jbh,
    #16
  18. 2009/03/10
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    KASPERSKY ONLINE SCANNER 7 REPORT
    Tuesday, March 10, 2009
    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Tuesday, March 10, 2009 23:21:15
    Records in database: 1886879
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Files scanned: 121051
    Threat name: 8
    Infected objects: 100
    Suspicious objects: 0
    Duration of the scan: 03:08:37


    File name / Threat name / Threats count
    C:\amxEWtf.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\amxEWtf2.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\AsEl5sdB.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\AsEl5sdB2.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\AuiaUv.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\bRRbB.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\bRRbB2.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\bTnwkD.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\c37aAFf6.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\c37aAFf62.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\COR.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\dd7t7nh.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\dhRD04Xo2.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\dNzMhXc2.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\Documents and Settings\mom\My Documents\LimeWire\Incomplete\T-3515164-flight of bumblebee tijuana - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
    C:\Documents and Settings\mom\My Documents\LimeWire\Saved\green sleeves vocals.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
    C:\Downloads\#1 DVD Ripper 6.2.3\no1dvdrip.exe Infected: Trojan-Dropper.Win32.Agent.afvk 1
    C:\DT4Np.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\dyWuy.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\Ev1ncRV2.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\F4Yj.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\fUIaht.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\fUIaht2.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\gEfYYld.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\GIm.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\H0YNJrj7.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\HDhY26.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\HHSs.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\HHu.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\hnE.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\hNzwU2.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\IJ5IJRL.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\irit2.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\itm2.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\itm222.exe Infected: Packed.Win32.Tdss.f 1
    C:\IvbP.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\iWNNlC.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\J4X8DF2.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\jA8QHQ62.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\JWmKK.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\k5Ljk2.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\k5Ljk22.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\K8l.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\LRy6.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\Ls9.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\LWm.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\Ml35.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\mRW.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\MtZs6m.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\MWURtmSU.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\Nytzi.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\o5TnH.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\OD8i.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\OD8i2.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\PCmF8c63.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\PCmF8c632.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\Ptg.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\rCj9.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\rrm5xDS1.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\SGGhyZO1.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\SIK.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\sjD2Azv.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\svc\svc.exe Infected: Backdoor.Win32.Agent.aedc 1
    C:\T0lE.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\T0lE2.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\u6S5T.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\ufnS6ZX.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\UHd.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\uqI5U.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\uqI5U2.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\uQmTBXA3.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\uQmTBXA32.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\v7eMeLr.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\VIx5OGdY.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\VpWr.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\vpx13Pc.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\vpx13Pc22.exe Infected: Packed.Win32.Tdss.f 1
    C:\wdyP8S8.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\wdyP8S82.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\WGakEaDb.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\WGakEaDb2.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\wqVqnh.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\xlfWb.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\xlfWb2.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\xOlD0.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\xTKHoP.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\xTKHoP2.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\xwEQ.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\y6n.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\y6n2.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\YAPWUGT.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\yb52.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\Yhi7qNw.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\YLUh4if.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\YLUh4if22.exe Infected: Packed.Win32.Tdss.f 1
    C:\Z0n.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\Z0n2.exe Infected: Trojan-Banker.Win32.Banbra.hby 1
    C:\Z1o.21.exe Infected: Trojan-Downloader.Win32.FraudLoad.dsd 1
    C:\ZFlFn.exe Infected: Trojan-Clicker.Win32.Delf.cbd 1
    C:\ZFlFn2.exe Infected: Trojan-Banker.Win32.Banbra.hby 1

    The selected area was scanned.
     
    jbh,
    #17
  19. 2009/03/10
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    Last one!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:57:58 PM, on 3/10/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18241)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\msfeedssync.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe "
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1208896645531
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{417BAF00-08F8-42BA-92E4-045A1691F2EE}: NameServer = 209.244.0.3 209.244.0.4
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 8843 bytes
     
    jbh,
    #18
  20. 2009/03/11
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Welcome back

    As you can see you have an infection that is continuing to respawn malicious files.
    I can't help but feel you downloaded something to your computer, I don't know what, that I have not been able to identify as of yet.

    We'll continue.

    Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.


    Locate the ComboFix icon on your desktop
    Right click and select delete

    I would like for you to get an updated copy.

    Download Combofix from any of the links below.

    Save it to your desktop.

    Link 1
    Link 2
    Link 3

    We'll use this in a few minutes.


    NEXT**
    Download Flash_Disinfector.exe by sUBs from >here<
    or from
    http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe


    and save it to your desktop.
    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.



    Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
    This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

    Click on this link Here to see a list of programs that should be disabled.
    The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
    Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.
    Code:
    File:: 
C:\amxEWtf.exe 
C:\amxEWtf2.exe 
C:\AsEl5sdB.exe 
C:\AsEl5sdB2.exe 
C:\AuiaUv.exe 
C:\bRRbB.exe 
C:\bRRbB2.exe 
C:\bTnwkD.exe 
C:\c37aAFf6.exe 
C:\c37aAFf62.exe 
C:\COR.exe 
C:\dd7t7nh.exe 
C:\dhRD04Xo2.exe 
C:\dNzMhXc2.exe 
C:\Documents and Settings\mom\My Documents\LimeWire\Incomplete\T-3515164-flight of bumblebee tijuana - greatest hits.wma
C:\Documents and Settings\mom\My Documents\LimeWire\Saved\green sleeves vocals.mp3 
C:\Downloads\#1 DVD Ripper 6.2.3\no1dvdrip.exe 
C:\DT4Np.21.exe 
C:\dyWuy.21.exe 
C:\Ev1ncRV2.21.exe 
C:\F4Yj.21.exe 
C:\fUIaht.exe 
C:\fUIaht2.exe 
C:\gEfYYld.exe 
C:\GIm.21.exe 
C:\H0YNJrj7.exe 
C:\HDhY26.exe 
C:\HHSs.exe 
C:\HHu.21.exe 
C:\hnE.21.exe 
C:\hNzwU2.exe 
C:\IJ5IJRL.21.exe 
C:\irit2.exe 
C:\itm2.21.exe 
C:\itm222.exe 
C:\IvbP.21.exe 
C:\iWNNlC.21.exe 
C:\J4X8DF2.exe I
C:\jA8QHQ62.exe 
C:\JWmKK.exe 
C:\k5Ljk2.exe 
C:\k5Ljk22.exe 
C:\K8l.exe 
C:\LRy6.exe 
C:\Ls9.exe 
C:\LWm.exe 
C:\Ml35.exe 
C:\mRW.exe 
C:\MtZs6m.21.exe 
C:\MWURtmSU.21.exe 
C:\Nytzi.exe 
C:\o5TnH.21.exe 
C:\OD8i.exe 
C:\OD8i2.exe 
C:\PCmF8c63.exe 
C:\PCmF8c632.exe
C:\Ptg.21.exe 
C:\rCj9.21.exe 
C:\rrm5xDS1.21.exe 
C:\SGGhyZO1.21.exe 
C:\SIK.21.exe 
C:\sjD2Azv.21.exe 
C:\svc\svc.exe 
C:\T0lE.exe 
C:\T0lE2.exe 
C:\u6S5T.21.exe 
C:\ufnS6ZX.21.exe 
C:\UHd.exe 
C:\uqI5U.exe 
C:\uqI5U2.exe 
C:\uQmTBXA3.exe Infected: 
C:\uQmTBXA32.exe 
C:\v7eMeLr.21.exe 
C:\VIx5OGdY.21.exe 
C:\VpWr.21.exe 
C:\vpx13Pc.21.exe 
C:\vpx13Pc22.exe 
C:\wdyP8S8.exe 
C:\wdyP8S82.exe 
C:\WGakEaDb.exe 
C:\WGakEaDb2.exe 
C:\wqVqnh.21.exe 
C:\xlfWb.exe 
C:\xlfWb2.exe 
C:\xOlD0.21.exe 
C:\xTKHoP.exe 
C:\xTKHoP2.exe 
C:\xwEQ.exe 
C:\y6n.exe 
C:\y6n2.exe 
C:\YAPWUGT.21.exe 
C:\yb52.exe 
C:\Yhi7qNw.21.exe 
C:\YLUh4if.21.exe 
C:\YLUh4if22.exe 
C:\Z0n.exe 
C:\Z0n2.exe 
C:\Z1o.21.exe 
C:\ZFlFn.exe 
C:\ZFlFn2.exe 
E:\autorun.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1597b92-26eb-11d8-9b81-806d6172696f}]
    [​IMG]

    Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    You may need several replies to post the requested logs, otherwise they might get cut off.



    NEXT**
    download GMER Rootkit Scanner from here.
    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • Sections
        [*]IAT/EAT
        [*]Drives/Partition other than Systemdrive (typically C:\)
        [*]Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in ark.txt
    Save it where you can easily find it, such as your desktop then post the contents here.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take action on any <---- ROOKIT entries


    In your next reply post:
    ComboFix.txt
    ark.txt
    You may need several replies to post the requested logs, otherwise they might get cut off.
     
    Juliet,
    #19
  21. 2009/03/11
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    Hi Juliet,
    I had a suspicion the infections came from my husband downloading 2 songs from Limewire. I'm pretty sure you just confirmed it.

    Requested logs:

    ComboFix 09-03-10.03 - mom 2009-03-11 13:29:54.5 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1066 [GMT -5:00]
    Running from: c:\documents and settings\mom\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\mom\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
    * Created a new restore point

    FILE ::
    C:\amxEWtf.exe
    C:\amxEWtf2.exe
    C:\AsEl5sdB.exe
    C:\AsEl5sdB2.exe
    C:\AuiaUv.exe
    C:\bRRbB.exe
    C:\bRRbB2.exe
    C:\bTnwkD.exe
    C:\c37aAFf6.exe
    C:\c37aAFf62.exe
    C:\COR.exe
    C:\dd7t7nh.exe
    C:\dhRD04Xo2.exe
    C:\dNzMhXc2.exe
    c:\documents and settings\mom\My Documents\LimeWire\Incomplete\T-3515164-flight of bumblebee tijuana - greatest hits.wma
    c:\documents and settings\mom\My Documents\LimeWire\Saved\green sleeves vocals.mp3
    c:\downloads\#1 DVD Ripper 6.2.3\no1dvdrip.exe
    C:\DT4Np.21.exe
    C:\dyWuy.21.exe
    C:\Ev1ncRV2.21.exe
    C:\F4Yj.21.exe
    C:\fUIaht.exe
    C:\fUIaht2.exe
    C:\gEfYYld.exe
    C:\GIm.21.exe
    C:\H0YNJrj7.exe
    C:\HDhY26.exe
    C:\HHSs.exe
    C:\HHu.21.exe
    C:\hnE.21.exe
    C:\hNzwU2.exe
    C:\IJ5IJRL.21.exe
    C:\irit2.exe
    C:\itm2.21.exe
    C:\itm222.exe
    C:\IvbP.21.exe
    C:\iWNNlC.21.exe
    C:\J4X8DF2.exe I
    C:\jA8QHQ62.exe
    C:\JWmKK.exe
    C:\k5Ljk2.exe
    C:\k5Ljk22.exe
    C:\K8l.exe
    C:\LRy6.exe
    C:\Ls9.exe
    C:\LWm.exe
    C:\Ml35.exe
    C:\mRW.exe
    C:\MtZs6m.21.exe
    C:\MWURtmSU.21.exe
    C:\Nytzi.exe
    C:\o5TnH.21.exe
    C:\OD8i.exe
    C:\OD8i2.exe
    C:\PCmF8c63.exe
    C:\PCmF8c632.exe
    C:\Ptg.21.exe
    C:\rCj9.21.exe
    C:\rrm5xDS1.21.exe
    C:\SGGhyZO1.21.exe
    C:\SIK.21.exe
    C:\sjD2Azv.21.exe
    c:\svc\svc.exe
    C:\T0lE.exe
    C:\T0lE2.exe
    C:\u6S5T.21.exe
    C:\ufnS6ZX.21.exe
    C:\UHd.exe
    C:\uqI5U.exe
    C:\uqI5U2.exe
    C:\uQmTBXA3.exe Infected:
    C:\uQmTBXA32.exe
    C:\v7eMeLr.21.exe
    C:\VIx5OGdY.21.exe
    C:\VpWr.21.exe
    C:\vpx13Pc.21.exe
    C:\vpx13Pc22.exe
    C:\wdyP8S8.exe
    C:\wdyP8S82.exe
    C:\WGakEaDb.exe
    C:\WGakEaDb2.exe
    C:\wqVqnh.21.exe
    C:\xlfWb.exe
    C:\xlfWb2.exe
    C:\xOlD0.21.exe
    C:\xTKHoP.exe
    C:\xTKHoP2.exe
    C:\xwEQ.exe
    C:\y6n.exe
    C:\y6n2.exe
    C:\YAPWUGT.21.exe
    C:\yb52.exe
    C:\Yhi7qNw.21.exe
    C:\YLUh4if.21.exe
    C:\YLUh4if22.exe
    C:\Z0n.exe
    C:\Z0n2.exe
    C:\Z1o.21.exe
    C:\ZFlFn.exe
    C:\ZFlFn2.exe
    E:\autorun.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\amxEWtf.exe
    C:\amxEWtf2.exe
    C:\AsEl5sdB.exe
    C:\AsEl5sdB2.exe
    C:\AuiaUv.exe
    C:\bRRbB.exe
    C:\bRRbB2.exe
    C:\bTnwkD.exe
    C:\c37aAFf6.exe
    C:\c37aAFf62.exe
    C:\COR.exe
    C:\dd7t7nh.exe
    C:\dhRD04Xo2.exe
    C:\dNzMhXc2.exe
    c:\documents and settings\mom\My Documents\LimeWire\Incomplete\T-3515164-flight of bumblebee tijuana - greatest hits.wma
    c:\documents and settings\mom\My Documents\LimeWire\Saved\green sleeves vocals.mp3
    c:\downloads\#1 DVD Ripper 6.2.3\no1dvdrip.exe
    C:\DT4Np.21.exe
    C:\dyWuy.21.exe
    C:\Ev1ncRV2.21.exe
    C:\F4Yj.21.exe
    C:\fUIaht.exe
    C:\fUIaht2.exe
    C:\gEfYYld.exe
    C:\GIm.21.exe
    C:\H0YNJrj7.exe
    C:\HDhY26.exe
    C:\HHSs.exe
    C:\HHu.21.exe
    C:\hnE.21.exe
    C:\hNzwU2.exe
    C:\IJ5IJRL.21.exe
    C:\irit2.exe
    C:\itm2.21.exe
    C:\itm222.exe
    C:\IvbP.21.exe
    C:\iWNNlC.21.exe
    C:\jA8QHQ62.exe
    C:\JWmKK.exe
    C:\k5Ljk2.exe
    C:\k5Ljk22.exe
    C:\K8l.exe
    C:\LRy6.exe
    C:\Ls9.exe
    C:\LWm.exe
    C:\Ml35.exe
    C:\mRW.exe
    C:\MtZs6m.21.exe
    C:\MWURtmSU.21.exe
    C:\Nytzi.exe
    C:\o5TnH.21.exe
    C:\OD8i.exe
    C:\OD8i2.exe
    C:\PCmF8c63.exe
    C:\PCmF8c632.exe
    C:\Ptg.21.exe
    C:\rCj9.21.exe
    C:\rrm5xDS1.21.exe
    C:\SGGhyZO1.21.exe
    C:\SIK.21.exe
    C:\sjD2Azv.21.exe
    c:\svc\svc.exe
    C:\T0lE.exe
    C:\T0lE2.exe
    C:\u6S5T.21.exe
    C:\ufnS6ZX.21.exe
    C:\UHd.exe
    C:\uqI5U.exe
    C:\uqI5U2.exe
    C:\uQmTBXA32.exe
    C:\v7eMeLr.21.exe
    C:\VIx5OGdY.21.exe
    C:\VpWr.21.exe
    C:\vpx13Pc.21.exe
    C:\vpx13Pc22.exe
    C:\wdyP8S8.exe
    C:\wdyP8S82.exe
    C:\WGakEaDb.exe
    C:\WGakEaDb2.exe
    C:\wqVqnh.21.exe
    C:\xlfWb.exe
    C:\xlfWb2.exe
    C:\xOlD0.21.exe
    C:\xTKHoP.exe
    C:\xTKHoP2.exe
    C:\xwEQ.exe
    C:\y6n.exe
    C:\y6n2.exe
    C:\YAPWUGT.21.exe
    C:\yb52.exe
    C:\Yhi7qNw.21.exe
    C:\YLUh4if.21.exe
    C:\YLUh4if22.exe
    C:\Z0n.exe
    C:\Z0n2.exe
    C:\Z1o.21.exe
    C:\ZFlFn.exe
    C:\ZFlFn2.exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-02-11 to 2009-03-11 )))))))))))))))))))))))))))))))
    .

    2009-03-08 12:47 . 2009-03-08 12:51 192,512 --a------ C:\FoEgBE.exe
    2009-03-08 12:47 . 2009-03-08 12:47 8,150 --a------ C:\IAs9R.bat
    2009-03-08 12:47 . 2009-03-08 12:47 212 --a------ C:\rZsbOwv.bat
    2009-03-08 12:32 . 2009-03-08 12:36 238,080 --a------ C:\ZUhL2.exe
    2009-03-08 12:30 . 2009-03-08 12:32 192,512 --a------ C:\ZUhL.exe
    2009-03-08 12:30 . 2009-03-08 12:30 8,150 --a------ C:\tozmi.bat
    2009-03-08 12:30 . 2009-03-08 12:30 202 --a------ C:\wQ0.bat
    2009-03-08 12:23 . 2009-03-08 12:25 238,080 --a------ C:\yQHZA2.exe
    2009-03-08 12:17 . 2009-03-08 12:23 192,512 --a------ C:\yQHZA.exe
    2009-03-08 12:15 . 2009-03-08 12:15 8,150 --a------ C:\TneYUug9.bat
    2009-03-08 12:15 . 2009-03-08 12:15 211 --a------ C:\CXmo.bat
    2009-03-08 12:05 . 2009-03-08 12:11 238,080 --a------ C:\t7gtQl2.exe
    2009-03-08 12:02 . 2009-03-08 12:05 192,512 --a------ C:\t7gtQl.exe
    2009-03-08 12:02 . 2009-03-08 12:02 8,150 --a------ C:\mC6IIRW.bat
    2009-03-08 12:02 . 2009-03-08 12:02 212 --a------ C:\L0OFy6i.bat
    2009-03-08 11:06 . 2009-03-08 11:10 238,080 --a------ C:\U0E2.exe
    2009-03-08 11:04 . 2009-03-08 11:06 192,512 --a------ C:\U0E.exe
    2009-03-08 11:03 . 2009-03-08 11:03 8,150 --a------ C:\nyw1.bat
    2009-03-08 11:03 . 2009-03-08 11:03 194 --a------ C:\CZBhofoz.bat
    2009-03-08 10:45 . 2009-03-08 10:45 8,150 --a------ C:\GrY.bat
    2009-03-08 10:45 . 2009-03-08 10:45 210 --a------ C:\ngUnh.bat
    2009-03-08 10:32 . 2009-03-08 10:33 238,080 --a------ C:\HWg2.exe
    2009-03-08 10:31 . 2009-03-08 10:32 192,512 --a------ C:\HWg.exe
    2009-03-08 10:31 . 2009-03-08 10:31 8,150 --a------ C:\vPfra.bat
    2009-03-08 10:31 . 2009-03-08 10:31 196 --a------ C:\mc4DP5Lg.bat
    2009-03-08 10:02 . 2009-03-08 10:07 238,080 --a------ C:\Mvgsrg2.exe
    2009-03-08 10:00 . 2009-03-08 10:02 37,648 --a------ C:\Mvgsrg.exe
    2009-03-08 10:00 . 2009-03-08 10:00 8,150 --a------ C:\Iqf.bat
    2009-03-08 10:00 . 2009-03-08 10:00 216 --a------ C:\wyn024.bat
    2009-03-08 09:49 . 2009-03-08 09:49 0 --a------ C:\y6npmlb2.exe
    2009-03-08 09:46 . 2009-03-08 09:49 192,512 --a------ C:\y6npmlb.exe
    2009-03-08 09:45 . 2009-03-08 09:45 8,150 --a------ C:\u10rKb.bat
    2009-03-08 09:45 . 2009-03-08 09:45 223 --a------ C:\EDl.bat
    2009-03-08 09:31 . 2009-03-08 09:32 238,080 --a------ C:\b99m9t2.exe
    2009-03-08 09:30 . 2009-03-08 09:31 192,512 --a------ C:\b99m9t.exe
    2009-03-08 09:30 . 2009-03-08 09:30 8,150 --a------ C:\v4K2wI.bat
    2009-03-08 09:30 . 2009-03-08 09:30 217 --a------ C:\sHc2wjWQ.bat
    2009-03-08 09:17 . 2009-03-08 09:20 238,080 --a------ C:\X5h00Xi2.exe
    2009-03-08 09:17 . 2009-03-08 09:18 238,080 --a------ C:\vFgxS2.exe
    2009-03-08 09:15 . 2009-03-08 09:17 192,512 --a------ C:\X5h00Xi.exe
    2009-03-08 09:15 . 2009-03-08 09:17 192,512 --a------ C:\vFgxS.exe
    2009-03-08 09:15 . 2009-03-08 09:15 8,150 --a------ C:\oE0vtP0Q.bat
    2009-03-08 09:15 . 2009-03-08 09:15 8,150 --a------ C:\ISylmE.bat
    2009-03-08 09:15 . 2009-03-08 09:15 223 --a------ C:\sst38o.bat
    2009-03-08 09:15 . 2009-03-08 09:15 209 --a------ C:\OzO.bat
    2009-03-08 06:15 . 2009-03-08 06:15 8,150 --a------ C:\WZl.bat
    2009-03-08 06:15 . 2009-03-08 06:15 216 --a------ C:\imdARCj.bat
    2009-03-08 06:01 . 2009-03-08 06:02 238,080 --a------ C:\kug2.exe
    2009-03-08 06:00 . 2009-03-08 06:01 192,512 --a------ C:\kug.exe
    2009-03-08 06:00 . 2009-03-08 06:00 8,150 --a------ C:\Twf.bat
    2009-03-08 06:00 . 2009-03-08 06:00 198 --a------ C:\EpaWy0.bat
    2009-03-08 05:47 . 2009-03-08 05:49 238,080 --a------ C:\db12.exe
    2009-03-08 05:45 . 2009-03-08 05:47 192,512 --a------ C:\db1.exe
    2009-03-08 05:45 . 2009-03-08 05:45 8,150 --a------ C:\sIoN.bat
    2009-03-08 05:45 . 2009-03-08 05:45 198 --a------ C:\mK0M.bat
    2009-03-08 05:16 . 2009-03-08 05:21 233,128 --a------ C:\uQh2.exe
    2009-03-08 05:15 . 2009-03-08 05:16 192,512 --a------ C:\uQh.exe
    2009-03-08 05:15 . 2009-03-08 05:15 8,150 --a------ C:\SEbXS5RL.bat
    2009-03-08 05:15 . 2009-03-08 05:15 198 --a------ C:\g4M.bat
    2009-03-08 05:02 . 2009-03-08 05:06 238,080 --a------ C:\w3esqOR2.exe
    2009-03-08 05:00 . 2009-03-08 05:02 102,880 --a------ C:\w3esqOR.exe
    2009-03-08 05:00 . 2009-03-08 05:00 8,150 --a------ C:\N8DeZ.bat
    2009-03-08 05:00 . 2009-03-08 05:00 222 --a------ C:\qGa.bat
    2009-03-08 04:47 . 2009-03-08 04:53 238,080 --a------ C:\kEvKnc2.exe
    2009-03-08 04:45 . 2009-03-08 04:47 192,512 --a------ C:\kEvKnc.exe
    2009-03-08 04:45 . 2009-03-08 04:45 8,150 --a------ C:\MKQp.bat
    2009-03-08 04:45 . 2009-03-08 04:45 217 --a------ C:\uGGsjv.bat
    2009-03-08 04:34 . 2009-03-08 04:37 70,952 --a------ C:\Fjp03Jq2.exe
    2009-03-08 04:31 . 2009-03-08 04:34 192,512 --a------ C:\Fjp03Jq.exe
    2009-03-08 04:31 . 2009-03-08 04:31 8,150 --a------ C:\i9DQ.bat
    2009-03-08 04:31 . 2009-03-08 04:31 219 --a------ C:\e39ssXa.bat
    2009-03-08 04:04 . 2009-03-08 04:08 237,544 --a------ C:\X7yA2.exe
    2009-03-08 04:00 . 2009-03-08 04:04 192,512 --a------ C:\X7yA.exe
    2009-03-08 04:00 . 2009-03-08 04:00 8,150 --a------ C:\nyr6.bat
    2009-03-08 04:00 . 2009-03-08 04:00 202 --a------ C:\TDprSi.bat
    2009-03-08 03:45 . 2009-03-08 03:45 8,150 --a------ C:\MW5uL0j.bat
    2009-03-08 03:45 . 2009-03-08 03:47 1,448 --a------ C:\pknP.exe
    2009-03-08 03:45 . 2009-03-08 03:45 205 --a------ C:\CDgB.bat
    2009-03-08 03:33 . 2009-03-08 03:36 238,080 --a------ C:\ZzJMq2.exe
    2009-03-08 03:31 . 2009-03-08 03:33 10,136 --a------ C:\ZzJMq.exe
    2009-03-08 03:30 . 2009-03-08 03:30 8,150 --a------ C:\DQW.bat
    2009-03-08 03:30 . 2009-03-08 03:30 207 --a------ C:\S1p48RV7.bat
    2009-03-08 03:00 . 2009-03-08 03:00 8,150 --a------ C:\Unt.bat
    2009-03-08 03:00 . 2009-03-08 03:00 222 --a------ C:\dL6T.bat
    2009-03-08 02:32 . 2009-03-08 02:32 0 --a------ C:\CVds.exe
    2009-03-08 02:31 . 2009-03-08 02:31 8,150 --a------ C:\tJyQqx.bat
    2009-03-08 02:31 . 2009-03-08 02:31 202 --a------ C:\QV7LN.bat
    2009-03-08 02:16 . 2009-03-08 02:16 8,150 --a------ C:\nw3.bat
    2009-03-08 02:16 . 2009-03-08 02:16 204 --a------ C:\xMw.bat
    2009-03-08 02:01 . 2009-03-08 02:01 8,150 --a------ C:\rQ2sU3u.bat
    2009-03-08 02:01 . 2009-03-08 02:01 214 --a------ C:\PqsaYPM.bat
    2009-03-08 01:19 . 2009-03-08 01:19 0 --a------ C:\rljzF2.exe
    2009-03-08 01:16 . 2009-03-08 01:19 55,024 --a------ C:\rljzF.exe
    2009-03-08 01:15 . 2009-03-08 01:15 8,150 --a------ C:\WAhv.bat
    2009-03-08 01:15 . 2009-03-08 01:15 210 --a------ C:\zBLyX.bat
    2009-03-08 01:00 . 2009-03-08 01:00 8,150 --a------ C:\PYt.bat
    2009-03-08 01:00 . 2009-03-08 01:00 214 --a------ C:\NQoYHh9.bat
    2009-03-08 00:45 . 2009-03-08 00:45 8,150 --a------ C:\LlGgg.bat
    2009-03-08 00:45 . 2009-03-08 00:45 212 --a------ C:\bFv.bat
    2009-03-08 00:15 . 2009-03-08 00:15 8,150 --a------ C:\FBH.bat
    2009-03-08 00:15 . 2009-03-08 00:15 218 --a------ C:\MKWI.bat
    2009-03-08 00:15 . 2009-03-08 00:15 0 --a------ C:\O21RnSN.exe
    2009-03-08 00:03 . 2009-03-08 00:05 1,448 --a------ C:\CPk2.exe
    2009-03-08 00:01 . 2009-03-08 00:03 52,128 --a------ C:\CPk.exe
    2009-03-08 00:00 . 2009-03-08 00:01 8,150 --a------ C:\V7Qs.bat
    2009-03-08 00:00 . 2009-03-08 00:00 198 --a------ C:\DrX77.bat
    2009-03-07 23:20 . 2009-03-07 23:23 76,744 --a------ C:\Bnyg2.exe
    2009-03-07 23:15 . 2009-03-07 23:20 192,512 --a------ C:\Bnyg.exe
    2009-03-07 23:15 . 2009-03-07 23:15 8,150 --a------ C:\GGEPI.bat
    2009-03-07 23:15 . 2009-03-07 23:15 200 --a------ C:\n3Fu.bat
    2009-03-07 23:02 . 2009-03-07 23:04 173,904 --a------ C:\l0cB2.exe
    2009-03-07 23:00 . 2009-03-07 23:02 192,512 --a------ C:\l0cB.exe
    2009-03-07 23:00 . 2009-03-07 23:00 8,150 --a------ C:\SRH69vEJ.bat
    2009-03-07 23:00 . 2009-03-07 23:00 201 --a------ C:\FJ9B7.bat
    2009-03-07 22:50 . 2009-03-07 22:54 134,664 --a------ C:\Msw2.exe
    2009-03-07 22:46 . 2009-03-07 22:50 192,512 --a------ C:\Msw.exe
    2009-03-07 22:46 . 2009-03-07 22:46 8,150 --a------ C:\SH1LhB.bat
    2009-03-07 22:46 . 2009-03-07 22:46 196 --a------ C:\Yzrl.bat
    2009-03-07 22:32 . 2009-03-07 22:33 238,080 --a------ C:\GVaT2.exe
    2009-03-07 22:30 . 2009-03-07 22:32 192,512 --a------ C:\GVaT.exe
    2009-03-07 22:30 . 2009-03-07 22:30 8,150 --a------ C:\wKE69AeN.bat
    2009-03-07 22:30 . 2009-03-07 22:30 203 --a------ C:\XlO.bat
    2009-03-07 22:16 . 2009-03-07 22:21 238,080 --a------ C:\LWwmc2.exe
    2009-03-07 22:15 . 2009-03-07 22:16 192,512 --a------ C:\LWwmc.exe
    2009-03-07 22:15 . 2009-03-07 22:15 8,150 --a------ C:\ztoxbFj.bat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-11 17:58 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2009-03-11 17:56 --------- d-----w c:\program files\Steam
    2009-03-09 02:31 --------- d-----w c:\program files\BitComet
    2009-03-01 02:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-02-27 14:37 --------- d-----w c:\documents and settings\mom\Application Data\LimeWire
    2009-02-22 01:28 --------- d-----w c:\program files\StepMania
    2009-02-08 06:25 --------- d-----w c:\program files\Shockwave.com
    2009-01-31 00:13 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-31 00:13 --------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3
    2009-01-30 23:42 --------- d-----w c:\program files\Microsoft Games
    2009-01-23 21:45 --------- d-----w c:\program files\Kap.SATr
    2009-01-23 03:30 --------- d-----w c:\documents and settings\mom\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
    2009-01-21 00:18 --------- d-----w c:\program files\Electronic Arts
    2009-01-17 02:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-11 22:52 --------- d-----w c:\program files\LSI SoftModem
    2009-01-11 19:47 --------- d-----w c:\program files\Microsoft Silverlight
    2008-12-10 01:42 31 ----a-w c:\documents and settings\mom\jagex_runescape_preferences.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam "= "c:\program files\steam\steam.exe" [2008-10-07 1410296]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
    "NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-07 185896]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
    "AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-08-17 1232152]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
    "GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "nwiz "= "nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe]
    "CTHelper "= "CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
    "CTxfiHlp "= "CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]

    c:\documents and settings\mom\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-07-17 106496]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop "= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\LimeWire\\LimeWire.exe "=
    "c:\\Program Files\\Steam\\Steam.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\BitComet\\BitComet.exe "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD "=
    "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe "=
    "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "c:\\Program Files\\Microsoft Games\\Combat Flight Simulator\\COMBATFS.EXE "=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
    "c:\\Program Files\\PopCap Games\\Typer Shark Deluxe\\WinTS.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7715:TCP "= 7715:TCP:BitCometBeta 7715 TCP
    "7715:UDP "= 7715:UDP:BitCometBeta 7715 UDP

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-17 96520]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-17 231192]
    S3 mgau;mgau;c:\windows\system32\drivers\mgaum.sys [2009-01-08 320384]
    S3 PCnetHL;AMD PCnet-Home Adapter Driver;c:\windows\system32\DRIVERS\pcntn5hl.sys --> c:\windows\system32\DRIVERS\pcntn5hl.sys [?]
    S3 XPAD910;XPADFilter Service 910;c:\windows\system32\drivers\xpad910.sys [2008-09-10 29405]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8fc89fb-fbc4-11dd-b5d7-00301b3a532e}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

    2009-03-11 c:\windows\Tasks\User_Feed_Synchronization-{1EB108CF-ECF5-4F4F-9BC0-8533B710F6A7}.job
    - c:\windows\system32\msfeedssync.exe [2008-08-22 04:05]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: {417BAF00-08F8-42BA-92E4-045A1691F2EE} = 209.244.0.3 209.244.0.4
    FF - ProfilePath - c:\documents and settings\mom\Application Data\Mozilla\Firefox\Profiles\c9cxfovx.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - component: c:\documents and settings\mom\Application Data\Mozilla\Firefox\Profiles\c9cxfovx.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\defaults\pref\wildblue.js - pref( "network.proxy.type ", 2);
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-11 13:33:01
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1123561945-343818398-725345543-1003\Software\SecuROM\License information*]
    "datasecu "=hex:01,0d,ff,c3,ff,c1,98,3c,1f,c0,bf,0a,51,aa,b5,fc,17,03,aa,ad,bb,
    83,93,9b,b1,bb,e0,8c,54,12,1b,20,f8,68,d9,21,cd,ec,78,13,2b,de,11,10,43,c8,\
    "rkeysecu "=hex:c5,61,7a,13,89,99,85,1c,32,8f,0c,85,3d,dd,17,c8
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(712)
    c:\windows\system32\avgrsstx.dll
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(828)
    c:\windows\system32\avgrsstx.dll
    .
    Completion time: 2009-03-11 13:34:51
    ComboFix-quarantined-files.txt 2009-03-11 18:34:24
    ComboFix2.txt 2009-03-10 03:01:31
    ComboFix3.txt 2009-03-09 23:41:23
    ComboFix4.txt 2009-03-09 19:27:07

    Pre-Run: 64,791,900,160 bytes free
    Post-Run: 64,821,489,664 bytes free

    479 --- E O F --- 2008-11-13 09:05:15


    GMER 1.0.15.14878 - http://www.gmer.net
    Rootkit scan 2009-03-11 13:54:01
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.15 ----

    SSDT spxz.sys ZwCreateKey [0xF74D70E0]
    SSDT spxz.sys ZwEnumerateKey [0xF74F5CA2]
    SSDT spxz.sys ZwEnumerateValueKey [0xF74F6030]
    SSDT spxz.sys ZwOpenKey [0xF74D70C0]
    SSDT spxz.sys ZwQueryKey [0xF74F6108]
    SSDT spxz.sys ZwQueryValueKey [0xF74F5F88]
    SSDT spxz.sys ZwSetValueKey [0xF74F619A]

    INT 0x63 ? 8A26CF00
    INT 0x73 ? 8A26CF00
    INT 0x83 ? 8A3D9BF8

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8A3D51F8
    Device \Driver\usbohci \Device\USBPDO-0 8A2FF1F8
    Device \Driver\usbohci \Device\USBPDO-1 8A2FF1F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A3D71F8
    Device \Driver\dmio \Device\DmControl\DmConfig 8A3D71F8
    Device \Driver\dmio \Device\DmControl\DmPnP 8A3D71F8
    Device \Driver\dmio \Device\DmControl\DmInfo 8A3D71F8
    Device \Driver\usbehci \Device\USBPDO-2 8A2BC1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8A36B1F8
    Device \Driver\Cdrom \Device\CdRom0 8A2BB500
    Device \Driver\Cdrom \Device\CdRom1 8A2BB500
    Device \Driver\NetBT \Device\NetBt_Wins_Export 88FBD1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{417BAF00-08F8-42BA-92E4-045A1691F2EE} 88FBD1F8
    Device \Driver\NetBT \Device\NetbiosSmb 88FBD1F8
    Device \Driver\usbohci \Device\USBFDO-0 8A2FF1F8
    Device \Driver\usbohci \Device\USBFDO-1 8A2FF1F8
    Device \Driver\usbehci \Device\USBFDO-2 8A2BC1F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88FB7500
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 88FB7500
    Device \Driver\Ftdisk \Device\FtControl 8A36B1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{18DDB5D5-E048-440E-9711-D2643248059F} 88FBD1F8
    Device \Driver\nvidesm \Device\Scsi\nvidesm1Port0Path0Target0Lun0 8A3D61F8
    Device \Driver\nvidesm \Device\Scsi\nvidesm1 8A3D61F8
    Device \Driver\nvidesm \Device\Scsi\nvidesm1Port0Path1Target1Lun0 8A3D61F8
    Device \Driver\nvidesm \Device\Scsi\nvidesm1Port0Path1Target0Lun0 8A3D61F8
    Device \FileSystem\Cdfs \Cdfs 88F75500

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\ControlSet002\Control\Keyboard Layouts\00000 3b@Layout Text Swedish with Sami
    Reg HKLM\SYSTEM\ControlSet002\Control\Keyboard Layouts\00000 3b@Layout Display Name @%SystemRoot%\system32\xpsp2res.dll,-5109
    Reg HKLM\SYSTEM\ControlSet002\Control\Keyboard Layouts\00000 3b@Layout File KBDFI1.DLL

    ---- EOF - GMER 1.0.15 ----
     
    jbh,
    #20
Page 1 of 3
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...