Help me and here is my hijack log

**Mohi212** · #11 8th Sep 2008, 08:10

hey i havent done the above thing u told me but i wanted to tell you that ever since the latest combo fix restart happened, internet explorer isnt running . when i click on it , i get this msg in a window with the heading "desktop" .

"Windows cannot find '(null)' . Make sure you typed the name correctly, and then try again . To search for a file, click the Start button, and then click search

**evilfantasy** · #12 8th Sep 2008, 08:19

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

Open the folder and run Dial-a-fix.exe
2 windows will open. Close the one in the background labeled Restrictive Policies
Check the box in section 1, Empty temp folders.
Check the box in section 2, Fix Windows Installer.
Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
Check all boxes in Section 5, labeled Registration Center.
Click Go
OK any error messages if received, but write them down and post them here.
Restart the computer when done.

How is everything now?

**evilfantasy** · #13 8th Sep 2008, 08:23

Run the OTMoveIt2 instructions and let me know if Dial a fix worked.

**Mohi212** · #14 9th Sep 2008, 04:22

hey man here is the OTMoveIt2 log

Explorer killed successfully
D:\FOUND.145 moved successfully.
D:\FOUND.144 moved successfully.
D:\FOUND.143 moved successfully.
D:\FOUND.142 moved successfully.
D:\FOUND.141 moved successfully.
D:\FOUND.140 moved successfully.
D:\FOUND.139 moved successfully.
D:\FOUND.138 moved successfully.
D:\FOUND.137 moved successfully.
D:\FOUND.136 moved successfully.
D:\FOUND.135 moved successfully.
D:\FOUND.134 moved successfully.
D:\FOUND.133 moved successfully.
D:\FOUND.132 moved successfully.
D:\FOUND.131 moved successfully.
D:\FOUND.130 moved successfully.
D:\FOUND.129 moved successfully.
D:\FOUND.128 moved successfully.
D:\FOUND.127 moved successfully.
D:\FOUND.126 moved successfully.
D:\FOUND.125 moved successfully.
D:\FOUND.124 moved successfully.
D:\FOUND.123 moved successfully.
D:\FOUND.122 moved successfully.
D:\FOUND.121 moved successfully.
D:\FOUND.120 moved successfully.
D:\FOUND.119 moved successfully.
D:\spoolerlogs moved successfully.
D:\FOUND.118 moved successfully.
D:\FOUND.117 moved successfully.
D:\FOUND.116 moved successfully.
D:\FOUND.115 moved successfully.
D:\FOUND.114 moved successfully.
D:\FOUND.113 moved successfully.
D:\FOUND.112 moved successfully.
D:\FOUND.111 moved successfully.
D:\FOUND.110 moved successfully.
D:\FOUND.109 moved successfully.
D:\FOUND.108 moved successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09092008_170634

Things are a lot better than before now man

: ) . No more pop-ups are opening also the spyware detected balloon . The processes that used to run when the computer start are also not running ......And I HAVE noticed that my computer has gotten a little faster....Thanks a LOT man ....you rock .

btw the dial-a-fix didnt work . and the steps you told to follow it , they didnt apear like that .

here is the dial-a-fix log

Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 2
IE version: 6.0.2900.2180
MPC: 55274-649
CPU: Pentium III (~933MHz)
BIOS: 6/26/2001
Memory (approx): 125MB
Uptime: 0 hour(s)
Current directory: D:\DOCUME~1\Burhan\LOCALS~1\Temp\Temporary Directory 1 for Dial-a-fix-v0.60.0.24.zip\Dial-a-fix-v0.60.0.24
---

9/9/2008 5:11:01 PM -- Dial-a-fix : [v0.60.0.24] -- started
5:11:01 PM | Policy scan started
5:11:01 PM | Policy scan ended - no restrictive policies were found
--- Emptying temp folders ---
5:12:01 PM | Deleting D:\Documents and Settings\Burhan\Local Settings\temp...
5:12:02 PM | D:\Documents and Settings\Burhan\Local Settings\temp could not be completely emptied, please reboot and try again
5:12:02 PM | Deleting D:\WINDOWS\temp...
5:12:02 PM | D:\WINDOWS\temp has been re-created
5:12:02 PM | Deleting D:\DOCUME~1\Burhan\LOCALS~1\Temp...
5:12:03 PM | D:\DOCUME~1\Burhan\LOCALS~1\Temp could not be completely emptied, please reboot and try again
--- MSI ---
5:12:09 PM | Registered: D:\WINDOWS\system32\msi.dll
--- SSL/HTTPS/Cryptography ---
5:12:18 PM | Executed 'cmd.exe /c rmdir /q /s D:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
5:12:23 PM | Unregistered: D:\WINDOWS\system32\cryptdlg.dll
5:12:23 PM | Registered: D:\WINDOWS\system32\cryptdlg.dll
5:12:23 PM | Unregistered: D:\WINDOWS\system32\cryptui.dll
5:12:23 PM | Registered: D:\WINDOWS\system32\cryptui.dll
5:12:28 PM | Unregistered: D:\WINDOWS\system32\cryptext.dll
5:12:28 PM | Registered: D:\WINDOWS\system32\cryptext.dll
5:12:29 PM | Unregistered: D:\WINDOWS\system32\dssenh.dll
5:12:29 PM | Registered: D:\WINDOWS\system32\dssenh.dll
5:12:29 PM | Unregistered: D:\WINDOWS\system32\gpkcsp.dll
5:12:29 PM | Registered: D:\WINDOWS\system32\gpkcsp.dll
5:12:30 PM | Unregistered: D:\WINDOWS\system32\initpki.dll
5:13:00 PM | Registered: D:\WINDOWS\system32\initpki.dll
5:13:00 PM | Unregistered: D:\WINDOWS\system32\licdll.dll
5:13:00 PM | Registered: D:\WINDOWS\system32\licdll.dll
5:13:00 PM | Unregistered: D:\WINDOWS\system32\mssign32.dll
5:13:00 PM | Registered: D:\WINDOWS\system32\mssign32.dll
5:13:00 PM | Unregistered: D:\WINDOWS\system32\mssip32.dll
5:13:00 PM | Registered: D:\WINDOWS\system32\mssip32.dll
5:13:01 PM | Unregistered: D:\WINDOWS\system32\scardssp.dll
5:13:01 PM | Registered: D:\WINDOWS\system32\scardssp.dll
5:13:02 PM | Unregistered: D:\WINDOWS\system32\sccbase.dll
5:13:02 PM | Registered: D:\WINDOWS\system32\sccbase.dll
5:13:02 PM | Unregistered: D:\WINDOWS\system32\scecli.dll
5:13:04 PM | Registered: D:\WINDOWS\system32\scecli.dll
5:13:04 PM | Unregistered: D:\WINDOWS\system32\softpub.dll
5:13:04 PM | Registered: D:\WINDOWS\system32\softpub.dll
5:13:04 PM | Unregistered: D:\WINDOWS\system32\slbcsp.dll
5:13:04 PM | Registered: D:\WINDOWS\system32\slbcsp.dll
5:13:05 PM | Unregistered: D:\WINDOWS\system32\regwizc.dll
5:13:05 PM | Registered: D:\WINDOWS\system32\regwizc.dll
5:13:05 PM | Unregistered: D:\WINDOWS\system32\rsaenh.dll
5:13:05 PM | Registered: D:\WINDOWS\system32\rsaenh.dll
5:13:05 PM | Unregistered: D:\WINDOWS\system32\winhttp.dll
5:13:05 PM | Registered: D:\WINDOWS\system32\winhttp.dll
5:13:06 PM | Unregistered: D:\WINDOWS\system32\wintrust.dll
5:13:06 PM | Registered: D:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
5:13:07 PM | Registered: D:\WINDOWS\system32\acelpdec.ax
5:13:08 PM | Registered: D:\WINDOWS\system32\actxprxy.dll
5:13:08 PM | Registered: D:\WINDOWS\system32\asctrls.ocx
5:13:09 PM | Registered: D:\WINDOWS\system32\daxctle.ocx
5:13:09 PM | Registered: D:\WINDOWS\system32\hhctrl.ocx
5:13:09 PM | Registered: D:\WINDOWS\system32\l3codecx.ax
5:13:09 PM | Registered: D:\WINDOWS\system32\licmgr10.dll
5:13:10 PM | Registered: D:\WINDOWS\system32\mpg4ds32.ax
5:13:32 PM | Registered: D:\WINDOWS\system32\msdxm.ocx
5:13:32 PM | Registered: D:\WINDOWS\system32\plugin.ocx
5:13:32 PM | Registered: D:\WINDOWS\system32\proctexe.ocx
5:13:32 PM | Registered: D:\WINDOWS\system32\tdc.ocx
5:13:33 PM | Registered: D:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
5:13:35 PM | DllInstalled: D:\WINDOWS\system32\inetcpl.cpl
5:13:36 PM | DllInstalled: D:\WINDOWS\system32\appwiz.cpl
5:13:36 PM | Registered: D:\WINDOWS\system32\appwiz.cpl
5:13:36 PM | DllInstalled: D:\WINDOWS\system32\nusrmgr.cpl
5:13:36 PM | Registered: D:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
5:13:36 PM | Registered: D:\WINDOWS\system32\quartz.dll
5:13:37 PM | Registered: D:\WINDOWS\system32\danim.dll
5:13:37 PM | Registered: D:\WINDOWS\system32\dmscript.dll
5:13:37 PM | Registered: D:\WINDOWS\system32\dmstyle.dll
5:13:37 PM | Registered: D:\WINDOWS\system32\dxmasf.dll
5:13:38 PM | Registered: D:\WINDOWS\system32\dxtmsft.dll
5:13:38 PM | Registered: D:\WINDOWS\system32\dxtrans.dll
5:13:38 PM | Registered: D:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
5:13:38 PM | Registered: D:\WINDOWS\system32\atl.dll
5:13:38 PM | Registered: D:\WINDOWS\system32\corpol.dll
5:13:38 PM | Registered: D:\WINDOWS\system32\jscript.dll
5:13:39 PM | Registered: D:\WINDOWS\system32\dispex.dll
5:13:39 PM | Registered: D:\WINDOWS\system32\scrrun.dll
5:13:39 PM | Registered: D:\WINDOWS\system32\scrobj.dll
5:13:39 PM | Registered: D:\WINDOWS\system32\vbscript.dll
5:13:40 PM | Registered: D:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
5:13:40 PM | Registered: D:\WINDOWS\system32\activeds.dll
5:13:40 PM | Registered: D:\WINDOWS\system32\audiodev.dll
5:13:41 PM | DllInstalled: D:\WINDOWS\system32\browseui.dll
5:13:41 PM | Registered: D:\WINDOWS\system32\browseui.dll
5:13:41 PM | Registered: D:\WINDOWS\system32\browsewm.dll
5:13:41 PM | Registered: D:\WINDOWS\system32\cabview.dll
5:13:41 PM | Registered: D:\WINDOWS\system32\cdfview.dll
5:13:41 PM | Registered: D:\WINDOWS\system32\clbcatex.dll
5:13:41 PM | Registered: D:\WINDOWS\system32\clbcatq.dll
5:13:41 PM | Registered: D:\WINDOWS\system32\comcat.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\cscui.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\credui.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\datime.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\devmgr.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\dfsshlex.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\dmdlgs.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\dmdskmgr.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\dmloader.dll
5:13:42 PM | Registered: D:\WINDOWS\system32\dmocx.dll
5:13:43 PM | Registered: D:\WINDOWS\system32\dmview.ocx
5:13:43 PM | DllInstalled: D:\WINDOWS\system32\dsuiext.dll
5:13:43 PM | Registered: D:\WINDOWS\system32\dsuiext.dll
5:13:43 PM | DllInstalled: D:\WINDOWS\system32\dsquery.dll
5:13:43 PM | Registered: D:\WINDOWS\system32\dsquery.dll
5:13:43 PM | Registered: D:\WINDOWS\system32\dskquoui.dll
5:13:43 PM | Registered: D:\WINDOWS\system32\els.dll
5:13:44 PM | Registered: D:\WINDOWS\system32\es.dll
5:13:44 PM | Registered: D:\WINDOWS\system32\fontext.dll
5:13:44 PM | Registered: D:\WINDOWS\system32\hlink.dll
5:13:44 PM | Registered: D:\WINDOWS\system32\hnetcfg.dll
5:13:44 PM | Registered: D:\WINDOWS\system32\iedkcs32.dll
5:13:44 PM | Registered: D:\WINDOWS\system32\iepeers.dll
5:13:45 PM | DllInstalled: D:\WINDOWS\system32\iesetup.dll
5:13:45 PM | Registered: D:\WINDOWS\system32\iesetup.dll
5:13:45 PM | Registered: D:\WINDOWS\system32\ils.dll
5:13:45 PM | Registered: D:\WINDOWS\system32\imgutil.dll
5:13:45 PM | Registered: D:\WINDOWS\system32\inetcfg.dll
5:13:45 PM | Registered: D:\WINDOWS\system32\inetcomm.dll
5:13:45 PM | DllInstalled: D:\WINDOWS\system32\inseng.dll
5:13:45 PM | Registered: D:\WINDOWS\system32\inseng.dll
5:13:46 PM | Registered: D:\WINDOWS\system32\laprxy.dll
5:13:46 PM | Registered: D:\WINDOWS\system32\lmrt.dll
5:13:46 PM | Registered: D:\WINDOWS\system32\mlang.dll
5:13:47 PM | Registered: D:\WINDOWS\system32\mmcndmgr.dll
5:13:48 PM | Registered: D:\WINDOWS\system32\mmcshext.dll
5:13:49 PM | DllInstalled: D:\WINDOWS\system32\mshtml.dll
5:13:50 PM | Registered: D:\WINDOWS\system32\mshtml.dll
5:13:50 PM | Registered: D:\WINDOWS\system32\mshtmled.dll
5:13:51 PM | Registered: D:\WINDOWS\system32\msieftp.dll
5:13:51 PM | Registered: D:\WINDOWS\system32\msoeacct.dll
5:13:51 PM | Registered: D:\WINDOWS\system32\msr2c.dll
5:13:52 PM | Registered: D:\WINDOWS\system32\msrating.dll
5:13:52 PM | DllInstalled: D:\WINDOWS\system32\mydocs.dll
5:13:52 PM | Registered: D:\WINDOWS\system32\mydocs.dll
5:13:52 PM | Registered: D:\WINDOWS\system32\mstime.dll
5:13:52 PM | Registered: D:\WINDOWS\system32\netcfgx.dll
5:13:52 PM | DllInstalled: D:\WINDOWS\system32\netplwiz.dll
5:13:52 PM | Registered: D:\WINDOWS\system32\netplwiz.dll
5:13:53 PM | Registered: D:\WINDOWS\system32\netman.dll
5:13:53 PM | Registered: D:\WINDOWS\system32\netshell.dll
5:13:53 PM | Registered: D:\WINDOWS\system32\ntmsevt.dll
5:13:53 PM | Registered: D:\WINDOWS\system32\ntmsmgr.dll
5:13:53 PM | DllInstalled: D:\WINDOWS\system32\ntmssvc.dll
5:13:54 PM | Registered: D:\WINDOWS\system32\ntmssvc.dll
5:13:54 PM | DllInstalled: D:\WINDOWS\system32\occache.dll
5:13:54 PM | Registered: D:\WINDOWS\system32\occache.dll
5:13:54 PM | Registered: D:\WINDOWS\system32\ole32.dll
5:13:54 PM | Registered: D:\WINDOWS\system32\oleaut32.dll
5:13:54 PM | Registered: D:\WINDOWS\system32\oleacc.dll
5:13:54 PM | Registered: D:\WINDOWS\system32\olepro32.dll
5:13:54 PM | DllInstalled: D:\WINDOWS\system32\photowiz.dll
5:13:54 PM | Registered: D:\WINDOWS\system32\photowiz.dll
5:13:55 PM | Registered: D:\WINDOWS\system32\pngfilt.dll
5:13:55 PM | Registered: D:\WINDOWS\system32\remotepg.dll
5:13:55 PM | Registered: D:\WINDOWS\system32\rpcrt4.dll
5:13:55 PM | Registered: D:\WINDOWS\system32\rshx32.dll
5:13:55 PM | Registered: D:\WINDOWS\system32\sendmail.dll
5:13:55 PM | Registered: D:\WINDOWS\system32\slayerxp.dll

5:13:57 PM | DllInstalled: D:\WINDOWS\system32\shdocvw.dll
5:13:58 PM | Registered: D:\WINDOWS\system32\shdocvw.dll
5:13:58 PM | Registered: D:\WINDOWS\system32\shell32.dll
5:14:14 PM | DllInstalled: D:\WINDOWS\system32\shell32.dll
5:14:14 PM | Registered: D:\WINDOWS\system32\shmedia.dll
5:14:15 PM | DllInstalled: D:\WINDOWS\system32\shimgvw.dll
5:14:15 PM | Registered: D:\WINDOWS\system32\shimgvw.dll
5:14:15 PM | DllInstalled: D:\WINDOWS\system32\shsvcs.dll
5:14:15 PM | Registered: D:\WINDOWS\system32\shsvcs.dll
5:14:15 PM | Registered: D:\WINDOWS\system32\srclient.dll
5:14:16 PM | Unregistered: D:\WINDOWS\system32\stobject.dll
5:14:16 PM | Registered: D:\WINDOWS\system32\stobject.dll
5:14:16 PM | DllInstalled: D:\WINDOWS\system32\themeui.dll
5:14:16 PM | Registered: D:\WINDOWS\system32\themeui.dll
5:14:16 PM | Registered: D:\WINDOWS\system32\twext.dll
5:14:17 PM | DllInstalled: D:\WINDOWS\system32\urlmon.dll
5:14:17 PM | Registered: D:\WINDOWS\system32\urlmon.dll
5:14:17 PM | Registered: D:\WINDOWS\system32\userenv.dll
5:14:17 PM | DllInstalled: D:\WINDOWS\system32\webcheck.dll
5:14:17 PM | Registered: D:\WINDOWS\system32\webcheck.dll
5:14:18 PM | Registered: D:\WINDOWS\system32\webvw.dll
5:14:18 PM | Registered: D:\WINDOWS\system32\winhttp.dll
5:14:18 PM | DllInstalled: D:\WINDOWS\system32\wininet.dll
5:14:18 PM | Registered: D:\WINDOWS\system32\zipfldr.dll
5:14:18 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdadc.dll
5:14:18 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaenum.dll
5:14:18 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaer.dll
5:14:19 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaipp.dll
5:14:19 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaora.dll
5:14:19 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaosp.dll
5:14:20 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaps.dll
5:14:20 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdasc.dll
5:14:20 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdasql.dll
5:14:20 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdatt.dll
5:14:20 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaurl.dll
5:14:21 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdmeng.dll
5:14:21 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdmine.dll
5:14:22 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msjtor35.dll
5:14:22 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msmdcb80.dll
5:14:22 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msmdgd80.dll
5:14:23 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msolap80.dll
5:14:23 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msolui80.dll
5:14:23 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msxactps.dll
5:14:23 PM | Registered: D:\Program Files\Common Files\system\Ole DB\oledb32.dll
5:14:23 PM | Registered: D:\Program Files\Common Files\system\Ole DB\oledb32r.dll
5:14:24 PM | Registered: D:\Program Files\Common Files\system\Ole DB\sqloledb.dll
5:14:24 PM | Registered: D:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll

**evilfantasy** · #15 9th Sep 2008, 09:26

Open Dial-a-fix and click the hammer icon. Select Flush DNS and click Go
When complete, select Repair Permissions and click Go
When complete, select Repair/reinstall IE and click Go

**Mohi212** · #16 19th Sep 2008, 08:59

Hey man.....extremely sorry for the later reply .....the thing is he asks for the xp cd and i have kinda lost it .

**evilfantasy** · #17 19th Sep 2008, 09:51

Run this online scan. Requires Internet Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply

**Mohi212** · #18 26th Sep 2008, 08:09

here is the log from the esod online scan .
btw, just telling i have my xp which i use installed on d drive , not c drive .

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3473 (20080926)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=a78d3f75d45a13479ae8da046d645966
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-09-26 01:15:09
# local_time=2008-09-26 06:15:09 (+0500, West Asia Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=189638
# found=74
# scan_time=2498
C:\mvxm.cmd Win32/PSW.OnLineGames.MUU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\spoolsv.exe Win32/Virut.B virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\winsys32.dll a variant of Win32/TrojanProxy.Agent.NCB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\rpcc.dll Win32/TrojanProxy.Dlena trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\CyberLink\PowerDVD\HTML\readme.eml Win32/Chir.B worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\6.0\ACDInTouch\EN\StaticPages\readm e.eml Win32/Chir.B worm (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{CEE02A45-706B-4586-A2D2-4C932763C52E}\RP34\A0154623.cmd Win32/PSW.OnLineGames.MUU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{CEE02A45-706B-4586-A2D2-4C932763C52E}\RP34\A0154624.exe Win32/Virut.B virus (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{CEE02A45-706B-4586-A2D2-4C932763C52E}\RP34\A0154625.dll a variant of Win32/TrojanProxy.Agent.NCB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{CEE02A45-706B-4586-A2D2-4C932763C52E}\RP34\A0154626.dll Win32/TrojanProxy.Dlena trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\FOUND.014\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
C:\FOUND.012\FILE0000.CHK a variant of Win32/Nulprot trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.019\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.032\FILE0002.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.034\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.036\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.037\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.038\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.049\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.045\FILE0000.CHK a variant of Win32/Pacex.Gen virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.058\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.065\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.072\FILE0001.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.061\FILE0045.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.062\FILE0010.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.086\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.089\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.076\FILE0000.CHK a variant of Win32/Injector.AR trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\WINDOWS\system32\autorun.in i.vir INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\WINDOWS\system32\avpo0.dll. vir probably a variant of Win32/Obfuscated trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\WINDOWS\system32\spool.exe. vir probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\WINDOWS\system32\LSASSMGR.E XE.vir probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\WINDOWS\system32\LSSMON.EXE .vir probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\WINDOWS\system32\msupd32.ex e.vir probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\WINDOWS\system32\srtsrv32.e xe.vir probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\WINDOWS\system32\upd01.exe. vir probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\Documents and Settings\Burhan\S87ekhV.exe.vir Win32/TrojanDownloader.Delf.OGD trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\QooBox\Quarantine\D\Program Files\Internet Explorer\iexplor.exe.vir probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.079\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.091\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.095\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.098\FILE0001.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.099\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\WINDOWS\divx32.dll probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\WINDOWS\system32\dllcaches.exe probably a variant of Win32/IRCBot trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\Program Files\Mozilla Firefox\firefoxe.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\FOUND.105\FILE0000.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.145\ FILE0000.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.145\ FILE0009.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.145\ FILE0010.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.145\ FILE0015.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.144\ FILE0000.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.144\ FILE0001.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.144\ FILE0002.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.143\ FILE0000.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.143\ FILE0006.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.143\ FILE0007.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.143\ FILE0008.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.142\ FILE0361.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.142\ FILE0408.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.142\ FILE0409.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.141\ FILE0011.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.141\ FILE0015.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.141\ FILE0016.CHK probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.134\ FILE0000.CHK Win32/PSW.Agent.NDP trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\_OTMoveIt\MovedFiles\09092008_170634\FOUND.134\ FILE0001.CHK Win32/Pacex virus (unable to clean - deleted) 00000000000000000000000000000000
E:\mvxm.cmd Win32/PSW.OnLineGames.MUU trojan (unable to clean - deleted) 00000000000000000000000000000000
E:\FOUND.001\FILE0000.CHK Win32/PSW.Agent.NDP trojan (unable to clean - deleted) 00000000000000000000000000000000
E:\FOUND.002\FILE0000.CHK Win32/PSW.Agent.NDP trojan (unable to clean - deleted) 00000000000000000000000000000000
E:\System Volume Information\_restore{CEE02A45-706B-4586-A2D2-4C932763C52E}\RP34\A0154630.cmd Win32/PSW.OnLineGames.MUU trojan (unable to clean - deleted) 00000000000000000000000000000000
E:\ALL THE SOFTWARES\AVICodecPackPlus21.exe a variant of Win32/Adware.Webdir application (deleted) 00000000000000000000000000000000
E:\ALL THE SOFTWARES\AVICodecPackPlus21.exe »NSIS »VirtualDNS.dll a variant of Win32/Adware.Webdir application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
F:\mvxm.cmd Win32/PSW.OnLineGames.MUU trojan (unable to clean - deleted) 00000000000000000000000000000000
F:\System Volume Information\_restore{CEE02A45-706B-4586-A2D2-4C932763C52E}\RP34\A0154632.cmd Win32/PSW.OnLineGames.MUU trojan (unable to clean - deleted) 00000000000000000000000000000000

**evilfantasy** · #19 26th Sep 2008, 09:14

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

Double click on RSIT.exe to run.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open.
log.txt <will be maximized and info.txt <will be minimized
Please post the contents of both logs in the next reply.

**Mohi212** · #20 26th Sep 2008, 10:06

hey man, this is the log file first .

Logfile of random's system information tool 1.02 (written by random/random)
Run by Burhan at 2008-09-26 23:02:15
Microsoft Windows XP Professional Service Pack 2
System drive D: has 3 GB (33%) free of 10 GB
Total RAM: 126 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:32 PM, on 9/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Opera\opera.exe
D:\Documents and Settings\Burhan\Desktop\RSIT.exe
E:\ALL THE SOFTWARES\Burhan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - D:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4633 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\At1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}]
DAPHelper Class - D:\Program Files\DAP\DAPBHO.dll [2007-11-27 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - D:\Program Files\Internet Download Manager\IDMIECC.dll [2007-09-28 95664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - d:\program files\google\googletoolbar2.dll [2007-11-10 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - d:\program files\google\googletoolbar2.dll [2007-11-10 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"PCSuiteTrayApplication"=D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]
"googletalk"=D:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"Aim6"=D:\WINDOWS\system32\

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa]
"authentication packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SBCSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\SBCSSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Ares\Ares.exe"="D:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"D:\Program Files\AIM\aim.exe"="D:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"D:\Program Files\Messenger\MSMSGS.EXE"="D:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\Program Files\NetMeeting\conf.exe"="D:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"D:\Program Files\Opera\Opera.exe"="D:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\Google\Google Talk\googletalk.exe"="D:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="D:\Pro gram Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enable d:Yahoo! Messenger"
"D:\Program Files\Yahoo!\Messenger\YServer.exe"="D:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo ! FT Server"
"D:\Program Files\Common Files\AOL\Loader\aolload.exe"="D:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"D:\Program Files\AIM6\aim6.exe"="D:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\MSN Messenger\msncall.exe"="D:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-09-26 23:02:15 ----D---- D:\rsit
2008-09-26 17:04:34 ----D---- D:\Program Files\EsetOnlineScanner
2008-09-26 04:23:04 ----D---- D:\Program Files\Viewpoint
2008-09-26 04:21:34 ----D---- D:\Program Files\AIM6
2008-09-26 03:42:44 ----D---- D:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-09-26 03:42:37 ----A---- D:\WINDOWS\atid.ini
2008-09-25 20:06:00 ----SHD---- D:\FOUND.123
2008-09-25 05:05:38 ----D---- D:\Documents and Settings\Burhan\Application Data\acccore
2008-09-25 05:03:13 ----D---- D:\Documents and Settings\All Users\Application Data\AOL OCP
2008-09-25 05:03:13 ----D---- D:\Documents and Settings\All Users\Application Data\AOL
2008-09-25 05:02:51 ----D---- D:\Program Files\Common Files\AOL
2008-09-25 04:13:10 ----SHD---- D:\FOUND.122
2008-09-24 06:58:39 ----D---- D:\spoolerlogs
2008-09-24 02:16:55 ----D---- D:\Program Files\USBAntiVirus
2008-09-24 00:15:40 ----SHD---- D:\FOUND.121
2008-09-21 04:45:19 ----D---- D:\Program Files\CCleaner
2008-09-21 03:36:32 ----SHD---- D:\FOUND.120
2008-09-21 03:14:20 ----SHD---- D:\FOUND.119
2008-09-20 13:33:10 ----D---- D:\WINDOWS\system32\Adobe
2008-09-20 08:54:16 ----SHD---- D:\FOUND.118
2008-09-19 22:59:13 ----A---- D:\WINDOWS\system32\spupdsvc.exe
2008-09-19 22:59:12 ----HD---- D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapp ing$
2008-09-19 22:57:25 ----HD---- D:\WINDOWS\$NtUninstallKB915865$
2008-09-19 22:57:23 ----HD---- D:\WINDOWS\$hf_mig$
2008-09-19 22:57:04 ----N---- D:\WINDOWS\system32\xmllite.dll
2008-09-19 21:12:15 ----A---- D:\WINDOWS\Active Setup Log.txt
2008-09-19 21:12:15 ----A---- D:\WINDOWS\Active Setup Log.BAK
2008-09-16 13:07:40 ----SHD---- D:\FOUND.117
2008-09-15 02:39:34 ----SHD---- D:\FOUND.116
2008-09-15 02:27:50 ----SHD---- D:\FOUND.115
2008-09-14 21:31:02 ----SHD---- D:\FOUND.114
2008-09-12 13:27:22 ----SHD---- D:\FOUND.113
2008-09-12 03:40:40 ----SHD---- D:\FOUND.112
2008-09-12 02:05:50 ----SHD---- D:\FOUND.111
2008-09-11 21:40:52 ----SHD---- D:\FOUND.110
2008-09-11 20:16:25 ----D---- D:\WINDOWS\system32\NtmsData
2008-09-11 16:03:38 ----SHD---- D:\FOUND.109
2008-09-10 02:15:06 ----SHD---- D:\FOUND.108
2008-09-09 17:12:39 ----D---- D:\WINDOWS\system32\CatRoot2
2008-09-09 17:12:02 ----D---- D:\WINDOWS\temp
2008-09-09 17:06:34 ----D---- D:\_OTMoveIt
2008-09-09 14:56:52 ----SHD---- D:\FOUND.150
2008-09-09 02:01:24 ----SHD---- D:\FOUND.149
2008-09-09 00:26:38 ----SHD---- D:\FOUND.148
2008-09-08 19:12:36 ----A---- D:\ComboFix.txt
2008-09-08 13:14:04 ----SHD---- D:\FOUND.147
2008-09-07 14:42:08 ----SHD---- D:\FOUND.146
2008-09-07 13:49:46 ----A---- D:\WINDOWS\system32\mssc32.dll
2008-09-07 13:39:57 ----D---- D:\WINDOWS\erdnt
2008-09-07 13:39:19 ----D---- D:\QooBox
2008-09-07 13:39:16 ----A---- D:\WINDOWS\zip.exe
2008-09-07 13:39:16 ----A---- D:\WINDOWS\VFind.exe
2008-09-07 13:39:16 ----A---- D:\WINDOWS\swxcacls.exe
2008-09-07 13:39:16 ----A---- D:\WINDOWS\swsc.exe
2008-09-07 13:39:16 ----A---- D:\WINDOWS\swreg.exe
2008-09-07 13:39:16 ----A---- D:\WINDOWS\sed.exe
2008-09-07 13:39:16 ----A---- D:\WINDOWS\Nircmd.exe
2008-09-07 13:39:16 ----A---- D:\WINDOWS\grep.exe
2008-09-07 13:39:16 ----A---- D:\WINDOWS\fdsv.exe
2008-09-04 07:11:57 ----D---- D:\Documents and Settings\Burhan\Application Data\Yahoo!

======List of files/folders modified in the last 1 months======

2008-09-26 21:12:14 ----A---- D:\WINDOWS\SchedLgU.Txt
2008-09-19 22:58:18 ----A---- D:\WINDOWS\imsins.BAK
2008-09-14 02:46:06 ----A---- D:\WINDOWS\ModemLog_Smart Link 56K Voice Modem.txt
2008-09-09 22:01:22 ----A---- D:\WINDOWS\OEWABLog.txt
2008-09-09 17:14:18 ----RD---- D:\WINDOWS\Web
2008-09-09 17:14:18 ----RD---- D:\Program Files
2008-09-09 16:16:32 ----A---- D:\WINDOWS\ntbtlog.txt
2008-09-08 19:08:38 ----A---- D:\WINDOWS\system.ini
2008-09-07 10:46:08 ----A---- D:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 P3;Intel PentiumIII Processor Driver; D:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-03 42496]
R2 dmsmbios;dmsmbios; \??\D:\WINDOWS\system32\dmsmbios.sys []
R3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); D:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; D:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 i81x;i81x; D:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
R3 MODEMCSA;Unimodem Streaming Filter Device; D:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Mtlmnt5;Mtlmnt5; D:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686]
R3 Slntamr;Smart Link 56K Modem Driver; D:\WINDOWS\system32\DRIVERS\slntamr.sys [2004-08-03 404990]
R3 SlWdmSup;SlWdmSup; D:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-08-03 13240]
R3 usbhub;USB2 Enabled Hub; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 XIRLINK;IBM PC Camera; D:\WINDOWS\system32\DRIVERS\C-itnt.sys [1999-10-19 435655]
S1 b88b9e8e;b88b9e8e; D:\WINDOWS\System32\drivers\b88b9e8e.sys [2008-08-05 109150]
S3 AvFlt;Antivirus Filter Driver; D:\WINDOWS\system32\drivers\av5flt.sys []
S3 catchme;catchme; \??\D:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 iAimFP0;iAimFP0; D:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; D:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; D:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; D:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; D:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; D:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; D:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; D:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; D:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; D:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; D:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; D:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; D:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; D:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 Mtlstrm;Mtlstrm; D:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; D:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; D:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; D:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; D:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 NtMtlFax;NtMtlFax; D:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]
S3 SBRE;SBRE; \??\D:\WINDOWS\system32\drivers\SBREdrv.sys []
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SlNtHal;SlNtHal; D:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-08-03 95424]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; D:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 SLService;SmartLinkService; D:\WINDOWS\system32\slserv.exe [2004-08-04 73796]
R2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 SBCSSvc;Sunbelt CounterSpy Antispyware; D:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe []
S2 Viewpoint Manager Service;Viewpoint Manager Service; D:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-05 24652]
S3 AresChatServer;Ares Chatroom server; D:\Program Files\Ares\chatServer.exe [2007-03-20 263168]
S3 gusvc;Google Updater Service; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-10 138168]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; D:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; D:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Need Help with Hijack Log	mpenney	Virus, Spyware & Security	2	26th Sep 2009 18:56
Hijack this log	carpious	Virus, Spyware & Security	17	28th Jun 2008 02:21
Hijack log	d0od	Virus, Spyware & Security	1	27th May 2008 09:30
Hijack log	madcows7	Virus, Spyware & Security	11	29th Feb 2008 20:34
Hijack this log	packofqtips	Virus, Spyware & Security	1	26th Dec 2007 17:57