Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

I think a got a virus - Desktopvirii

Register Members New Posts Donate Unanswered Posts Site Spy Search


Reply
< 1 2 3 >
 
Thread Tools
  #11  
Old 25-03-2008, 10:18 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is offline
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 08:43 PM
Posts: 4,605
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default I think a got a virus - Desktopvirii
Uninstall list please.
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #12  
Old 25-03-2008, 10:20 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is offline
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 08:43 PM
Posts: 4,605
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default I think a got a virus - Desktopvirii
It is now suggest that you install the Windows Recovery Console. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Go to Microsoft's website here --> http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Windows XP SP2



Download the file & save it as it is originally named, next to ComboFix.exe.



Now close all open windows and programs.
Drag the setup package onto ComboFix.exe and drop it.
Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
When complete, a log named CF_RC.txt will open.
Please post the contents of that log in your next reply.

Thanks to Bleeping Computer for the guide.


After this is installed we will move on.
__________________
.
.
Last edited by evilfantasy : 25-03-2008 at 10:21 PM.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #13  
Old 25-03-2008, 10:36 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is offline
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 08:43 PM
Posts: 4,605
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default I think a got a virus - Desktopvirii
Also, which AV did you uninstall? There are still two showing in the HJT log.
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #14  
Old 26-03-2008, 11:09 AM
No Avatar
XeneX  Canada
CJ Member
 
XeneX is offline
 
Join Date: Mar 2008
Last Online: 24-04-2008 11:54 PM
Posts: 11
iTrader: (0)
XeneX is on a distinguished road
Default I think a got a virus - Desktopvirii
I uninstalled SB S&D, but what do you mean, "unistall list?".
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #15  
Old 26-03-2008, 02:00 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is offline
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 08:43 PM
Posts: 4,605
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default I think a got a virus - Desktopvirii
Originally Posted by XeneX View Post
I uninstalled SB S&D, but what do you mean, "unistall list?".
SB S&D isn't antivirus. You need to uninstall either Avast or AVG antivirus.

Create An Uninstall List
  • Start HijackThis
  • Click on the Open the Misc Tools section
  • Click on the Open Uninstall Manager button.
  • Click on the Save list button and specify where you would like to save this file and click Save.
    • When you press Save button a notepad will open with the contents of that file.
  • Copy and paste that list in your reply.
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #16  
Old 26-03-2008, 07:05 PM
No Avatar
XeneX  Canada
CJ Member
 
XeneX is offline
 
Join Date: Mar 2008
Last Online: 24-04-2008 11:54 PM
Posts: 11
iTrader: (0)
XeneX is on a distinguished road
Default I think a got a virus - Desktopvirii
The Windows log thing

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
c:\wubildr.mbr="Ubuntu"
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons






The Uninstall List
3DMark06
Ace Explorer (remove only)
Acoustica Effects Pack
Acoustica Mixcraft 3.1
Action Replay Code Manager
Ad-Aware 2007
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.1
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apache HTTP Server 2.2.8
Apple Mobile Device Support
Apple Software Update
ArtMoney SE v7.27
ASIO4ALL
Audacity 1.2.6
avast! Antivirus
BigRigs over the road Racing
CamStudio
Camtasia Studio 5
CCleaner (remove only)
CDBurnerXP
Collab
Counter-Strike: Source
CursorXP
Dev-C++ 5 beta 9 release (4.9.9.2)
DivX Content Uploader
DivX Web Player
DVD Decrypter (Remove Only)
ExeScript
Express Burn
Far Cry
FileMenu Tools
FL Studio 7
Fraps
Free YouTube to Mp3 Converter version 2.5
Frets On Fire
Gabbasoft Cube Demo
Game Cam v1.4
Game Maker 7.0
GIMP 2.4.4
Google Earth
Google SketchUp 6
Google SketchUp 6
Google Web Accelerator
Guitar Hero III
Guitar Pro 5.2
Hamachi 1.0.2.5
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
IL Download Manager
iSofter DVD Ripper Platinum 3.0.2007.228
iTunes
J2SE Runtime Environment 5.0 Update 12
Java DB 10.3.1.4
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) SE Development Kit 6 Update 4
Joyful Music Game O2Jam
Knight Online
Logitech Gaming Software
LogMeIn
MacroMaker
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
MapleStory
Maxthon2 Browser (remove only)
MediaCoder 0.6.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft MSDN 2005 Express Edition - ENU
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual Basic 2005 Express Edition - ENU
Mozilla Firefox (1.0PR)
Mozilla Firefox (2.0.0.12)
Mozilla Firefox (3.0b3)
Mozilla Thunderbird (2.0.0.12)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Multimedia Fusion 2 Demo
MYIE2 Browser (remove only)
MySQL Server 5.0
Nero 8 Trial
neroxml
Netscape Navigator (9.0.0.6)
Notepad++
NVIDIA Drivers
ObjectDock
Oblivion
OpenOffice.org 2.3
Opera 9.25
Pack Vista Inspirat 2 1.0
PDF Settings
PHP 5.2.5
Pivot Stickfigure Animator
PlaneShift
PokerStars
PokerStars.net
Project64 1.6
Qtrax 0.2beta (20080125)
QuickTime
Razer
RealWorld Cursor Editor
RK Autocutter 2
Safari
Security Task Manager 1.7e
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Shadowbane - Throne of Oblivion
Sothink SWF Decompiler
Starcraft
Steam
StyleBuilder (remove only)
SUPERAntiSpyware Free Edition
The GrudgeMU Season 3
Tiger Gaming
Total Game Control v3.5.2
Uninstall 1.0.0.0
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946501-v2)
VCRedistSetup
Ventrilo Client
VeohTV BETA
VideoLAN VLC media player 0.8.6d
WavePad Uninstall
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8 Beta 1
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip 11.1
World of Warcraft
World of Warcraft Desktop
Wubi
WYSIWYG Web Builder 5.0
Xbox 360 Controller for Windows
YouTube Uploader
Zune Desktop Theme
Last edited by XeneX : 26-03-2008 at 07:06 PM.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #17  
Old 26-03-2008, 07:19 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is offline
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 08:43 PM
Posts: 4,605
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default I think a got a virus - Desktopvirii
Go to add/remove programs and uninstall
J2SE Runtime Environment 5.0 Update 12
Java(TM) 6 Update 4

If you don't use these they should be uninstalled also.
Java DB 10.3.1.4
Java(TM) SE Development Kit 6 Update 4

All you need for Java to work is Java(TM) 6 Update 5

----------

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
KillAll::

File::
C:\WINDOWS\system32\wwxzzslu.exe
C:\Documents and Settings\Owner\Desktopvirii
C:\WINDOWS\system32\qyxfwuwo.exe
C:\WINDOWS\cjofklcn.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"gsgnOglhP0"=-
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

----------

Next post please add
Combofix log
NEW Hijackthis log

Let me know how things are now.
__________________
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #18  
Old 26-03-2008, 09:04 PM
No Avatar
XeneX  Canada
CJ Member
 
XeneX is offline
 
Join Date: Mar 2008
Last Online: 24-04-2008 11:54 PM
Posts: 11
iTrader: (0)
XeneX is on a distinguished road
Default I think a got a virus - Desktopvirii
I couldn't find J2SE Runtime Environment 5.0 Update 12. So, I didn't do anything after that. What now?
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #19  
Old 26-03-2008, 09:05 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is offline
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 08:43 PM
Posts: 4,605
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default I think a got a virus - Desktopvirii
Run the combofix instructions and post that log.
__________________
.
.
Last edited by evilfantasy : 26-03-2008 at 09:05 PM.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #20  
Old 26-03-2008, 09:27 PM
No Avatar
XeneX  Canada
CJ Member
 
XeneX is offline
 
Join Date: Mar 2008
Last Online: 24-04-2008 11:54 PM
Posts: 11
iTrader: (0)
XeneX is on a distinguished road
Default I think a got a virus - Desktopvirii
ComboFix 08-03-25.4 - Owner 2008-03-26 18:10:58.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1600 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Owner\Desktopvirii
C:\WINDOWS\cjofklcn.exe
C:\WINDOWS\system32\qyxfwuwo.exe
C:\WINDOWS\system32\wwxzzslu.exe
.
TimedOut: progfile.dat
-- Script messages for sUBs --
Findstr -MIF:/ sursen
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -Eisf temp00
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cjofklcn.exe
C:\WINDOWS\system32\qyxfwuwo.exe
C:\WINDOWS\system32\wwxzzslu.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.

2008-03-26 16:00 . 2006-02-28 08:00 415,232 --a------ C:\WINDOWS\system32\CF5.exe
2008-03-26 15:42 . 2008-03-26 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-26 08:06 . 2008-03-26 08:06 114,688 --a------ C:\WINDOWS\system32\bqwbrclw.exe
2008-03-25 20:20 . 2008-03-25 20:20 <DIR> d-------- C:\Program Files\LopeSoft
2008-03-25 17:06 . 2008-03-25 17:06 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-25 15:39 . 2008-03-25 15:39 <DIR> d-------- C:\VundoFix Backups
2008-03-25 08:28 . 2008-03-25 15:53 212 --a------ C:\delete.bat
2008-03-24 18:26 . 2008-03-24 18:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-23 18:59 . 2008-03-23 18:59 <DIR> d-------- C:\fsaua.data
2008-03-23 18:54 . 2008-03-23 18:54 3,070 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-23 18:53 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-23 18:53 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-23 18:53 . 2008-03-22 15:49 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-23 18:53 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-23 18:53 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-23 18:53 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-23 18:53 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-23 17:56 . 2008-03-23 17:56 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
2008-03-23 17:56 . 2008-03-23 17:56 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 3
2008-03-23 17:56 . 2008-03-23 17:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Acoustica
2008-03-23 17:56 . 2008-03-23 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Acoustica
2008-03-23 17:56 . 2007-08-07 11:32 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
2008-03-23 17:38 . 2008-03-23 17:38 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\RealWorld
2008-03-23 17:37 . 2008-03-23 17:37 <DIR> d-------- C:\Program Files\RealWorld Cursor Editor
2008-03-22 20:10 . 2008-03-22 20:12 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Dev-Cpp
2008-03-22 20:09 . 2008-03-22 20:10 <DIR> d-------- C:\Dev-Cpp
2008-03-22 18:33 . 2008-03-22 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-22 18:27 . 2008-03-22 18:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-22 18:27 . 2008-03-22 18:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-03-22 18:27 . 2008-03-22 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-22 18:26 . 2008-03-22 18:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-22 18:26 . 2008-03-22 18:26 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-03-22 18:26 . 2008-03-22 18:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-03-22 16:01 . 2008-03-22 16:01 <DIR> d-------- C:\Program Files\PC-Cleaner
2008-03-22 15:15 . 2008-03-22 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-22 15:14 . 2008-03-22 15:15 <DIR> d-------- C:\Program Files\Security Task Manager
2008-03-22 14:53 . 2008-03-22 14:53 <DIR> d-------- C:\Documents and Settings\Owner\Desktopvirii
2008-03-22 14:48 . 2008-03-22 14:48 <DIR> d-------- C:\Program Files\ExeScript
2008-03-22 13:51 . 2008-03-22 13:51 <DIR> d-------- C:\WINDOWS\system32\test
2008-03-22 13:14 . 2008-03-22 13:17 34 --a------ C:\WINDOWS\system32\LOOKING.bat
2008-03-22 09:47 . 2008-03-22 09:52 90 --a------ C:\WINDOWS\system32\connect.bat
2008-03-21 20:44 . 2008-03-21 20:44 <DIR> d-------- C:\WINDOWS\system32\Pwned like a dinosaur
2008-03-21 20:31 . 2008-03-21 20:31 <DIR> d-------- C:\Documents and Settings\Users\Owner
2008-03-21 12:30 . 2008-03-21 12:30 <DIR> d-------- C:\WINDOWS\system32\hi
2008-03-21 07:12 . 1998-04-24 20:55 5 --a------ C:\WINDOWS\VS98ENT.MIF
2008-03-21 07:06 . 2008-03-21 07:06 <DIR> d-------- C:\~MSSETUP.T
2008-03-21 07:06 . 2008-03-21 07:11 143,300 --a------ C:\WINDOWS\vssetup.ttf
2008-03-21 07:06 . 2008-03-21 07:11 1,409 --a------ C:\WINDOWS\vssetup.for
2008-03-19 17:13 . 2008-03-19 17:13 <DIR> d-------- C:\Program Files\GrudgeMU
2008-03-19 08:13 . 2008-03-19 08:21 <DIR> d-------- C:\wget
2008-03-19 07:42 . 2008-03-22 18:24 <DIR> d-------- C:\Program Files\2Moons
2008-03-18 20:21 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-03-18 20:21 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-03-18 20:21 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll
2008-03-18 20:20 . 2008-03-26 08:05 <DIR> d-------- C:\Program Files\LogMeIn
2008-03-18 20:20 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-03-18 20:20 . 2008-03-18 20:20 1,024 --a------ C:\.rnd
2008-03-18 15:40 . 2008-03-18 15:42 <DIR> d-------- C:\Program Files\MediaCoder
2008-03-17 19:11 . 2008-03-17 19:12 <DIR> d-------- C:\Program Files\PlaneShift Steel Blue
2008-03-16 17:14 . 2008-03-16 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-03-16 07:39 . 2008-03-16 07:42 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-03-16 07:39 . 2008-03-16 07:40 <DIR> d-------- C:\Program Files\Shadowbane - Throne of Oblivion
2008-03-16 07:38 . 2008-03-16 07:38 <DIR> d--h----- C:\Documents and Settings\Owner\InstallAnywhere
2008-03-14 18:40 . 2008-03-26 18:08 <DIR> d-------- C:\Program Files\Knight Online
2008-03-12 12:50 . 2008-03-12 12:50 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-03-11 17:29 . 2008-03-22 06:58 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-10 18:15 . 2008-03-10 18:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nero
2008-03-10 18:13 . 2008-03-10 18:13 <DIR> d-------- C:\Program Files\Nero
2008-03-10 18:13 . 2008-03-10 18:14 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-10 18:13 . 2008-03-10 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-09 09:53 . 2008-03-09 09:53 110,714 --a------ C:\WINDOWS\UninstallFirefox.exe
2008-03-09 09:43 . 2008-03-09 09:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\MxBoost
2008-03-09 09:39 . 2008-03-09 09:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Netscape
2008-03-09 09:38 . 2008-03-09 09:42 <DIR> d-------- C:\Program Files\MYIE2
2008-03-09 09:35 . 2008-03-09 09:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ace Explorer
2008-03-09 09:34 . 2008-03-09 09:34 <DIR> d-------- C:\Program Files\Netscape
2008-03-09 09:34 . 2008-03-09 09:35 <DIR> d-------- C:\Program Files\Ace Explorer
2008-03-09 09:32 . 2008-03-09 09:43 <DIR> d-------- C:\Program Files\Maxthon2
2008-03-09 09:18 . 2008-03-09 09:18 <DIR> d-------- C:\Program Files\Safari
2008-03-09 09:09 . 2008-03-26 08:06 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 3
2008-03-08 15:03 . 2008-03-08 15:03 <DIR> d-------- C:\Program Files\DNA
2008-03-08 15:03 . 2008-03-08 15:03 <DIR> d-------- C:\Program Files\BitTorrent
2008-03-08 15:03 . 2008-03-26 18:07 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DNA
2008-03-08 15:03 . 2008-03-16 08:35 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-03-08 14:47 . 2008-03-08 14:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\LEGO Company
2008-03-08 14:45 . 2008-03-08 14:45 <DIR> d-------- C:\Program Files\LEGO Company
2008-03-08 10:29 . 2008-03-08 10:30 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-03-07 21:19 . 2008-03-07 21:19 <DIR> d-------- C:\Program Files\SourceTec
2008-03-07 21:19 . 2008-03-07 21:19 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-03-05 10:56 . 2008-03-07 21:20 <DIR> d-------- C:\DVDVideoSoft
2008-03-05 10:55 . 2008-03-05 10:55 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-03-05 10:55 . 2008-03-05 10:55 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-03-05 10:55 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-03-05 10:22 . 2008-03-05 10:22 <DIR> d-------- C:\Program Files\Veoh Networks
2008-03-04 17:15 . 2008-03-04 17:15 <DIR> d-------- C:\Program Files\Microsoft Works
2008-03-04 17:12 . 2008-03-04 17:15 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-04 17:12 . 2008-03-04 17:12 <DIR> dr-h----- C:\MSOCache
2008-03-03 21:01 . 2008-03-03 21:01 142,848 --------- C:\WINDOWS\system32\IESetting.dll
2008-03-03 19:13 . 2008-03-03 19:13 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-03-03 19:13 . 2008-03-03 19:13 <DIR> d-------- C:\Program Files\TechSmith

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-26 22:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-26 22:01 --------- d-----w C:\Program Files\Java
2008-03-26 12:06 --------- d-----w C:\Program Files\Steam
2008-03-26 12:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\Hamachi
2008-03-24 22:14 --------- d-----w C:\Program Files\Bonjour
2008-03-23 21:56 --------- d-----w C:\Program Files\VstPlugins
2008-03-22 22:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 19:06 --------- d-----w C:\Program Files\WinFlip
2008-03-22 00:26 --------- d-----w C:\Program Files\World of Warcraft
2008-03-21 14:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-03-16 20:59 --------- d-----w C:\Program Files\ArtMoney
2008-03-16 11:41 --------- d-----w C:\Program Files\Ubisoft
2008-03-15 00:20 --------- d-----w C:\Program Files\Qtrax_20080125
2008-03-10 22:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\gtk-2.0
2008-03-09 13:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-03-08 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-06 21:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-03-05 16:24 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-04 01:01 830,464 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-04 01:01 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-03-04 01:01 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-03-04 00:53 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2008-03-04 00:52 41,984 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-03-04 00:52 17,920 ----a-w C:\WINDOWS\system32\corpol.dll
2008-03-04 00:51 69,120 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-03-04 00:51 69,120 ----a-w C:\WINDOWS\system32\admparse.dll
2008-03-04 00:50 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-03-04 00:50 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-03-04 00:50 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-02-27 12:58 --------- d-----w C:\Program Files\Tiger Gaming
2008-02-26 01:24 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-02-26 01:23 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-26 01:00 --------- d-----w C:\Program Files\PokerStars
2008-02-25 20:40 --------- d-----w C:\Program Files\iTunes
2008-02-25 20:40 --------- d-----w C:\Program Files\iPod
2008-02-25 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-25 20:39 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-24 15:59 64,866 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-02-24 15:59 6,114 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-24 15:27 --------- d-----w C:\Program Files\Common Files\Stardock
2008-02-24 00:20 --------- d-----w C:\Program Files\TGTSoft
2008-02-23 22:18 --------- d-----w C:\Program Files\Image-Line
2008-02-23 22:18 --------- d-----w C:\Program Files\ASIO4ALL v2
2008-02-23 20:58 --------- d-----w C:\Program Files\Styler
2008-02-23 20:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\ViStart
2008-02-23 20:48 --------- d-----w C:\Program Files\TrueTransparency
2008-02-23 20:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Styler
2008-02-21 18:16 --------- d-----w C:\Program Files\ARM Software
2008-02-21 18:00 --------- d-----w C:\Program Files\RK Autocutter
2008-02-21 14:52 --------- d-----w C:\Program Files\MoparScape
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-20 20:32 --------- d-----w C:\Program Files\Pivot Stickfigure Animator
2008-02-19 14:37 --------- d-----w C:\Program Files\PHP
2008-02-19 14:22 --------- d-----w C:\Program Files\Apache Software Foundation
2008-02-17 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\YoYoGames
2008-02-16 13:25 --------- d-----w C:\Program Files\InteractivePhysics2005
2008-02-16 01:25 --------- d-----w C:\Program Files\QuickTime
2008-02-16 01:25 --------- d-----w C:\Program Files\Apple Software Update
2008-02-16 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-15 21:19 --------- d-----w C:\Program Files\MySQL
2008-02-14 23:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\Clickteam
2008-02-14 22:56 --------- d-----w C:\Program Files\Multimedia Fusion 2
2008-02-14 12:50 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-02-13 23:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ventrilo
2008-02-13 22:36 --------- d-----w C:\Program Files\Digital Transforms
2008-02-13 21:00 --------- d-----w C:\Program Files\Logitech
2008-02-13 21:00 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-13 13:17 --------- d-----w C:\Program Files\Google Hacks
2008-02-12 23:39 --------- d-----w C:\Program Files\Opera
2008-02-12 21:50 --------- d-----w C:\Program Files\Lavasoft
2008-02-12 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-12 21:48 --------- d-----w C:\Program Files\PokerStars.NET
2008-02-12 21:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\Notepad++
2008-02-12 20:53 --------- d-----w C:\Program Files\Notepad++
2008-02-11 17:48 --------- d-----w C:\Program Files\uTorrent
2008-02-10 14:28 --------- d-----w C:\Program Files\Big Rigs Racing
2008-02-09 22:36 --------- d-----w C:\Program Files\CamStudio
2008-02-09 19:48 --------- d-----w C:\Program Files\Razer
2008-02-09 19:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-09 14:19 --------- d-----w C:\Program Files\Warcraft III
2008-02-09 14:17 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-02-09 01:33 --------- d-----w C:\Program Files\Starcraft
2008-02-08 23:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\fretsonfire
2008-02-08 23:20 --------- d-----w C:\Program Files\Frets on Fire
2008-02-08 22:02 --------- d-----w C:\Program Files\Macromedia
2008-02-08 22:02 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-02-06 13:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\Qtrax1
2008-02-06 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-02-06 00:09 --------- d-----w C:\Program Files\Player Worlds Support files
2008-02-05 23:20 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-02-05 21:39 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-05 21:38 --------- d-----w C:\Program Files\Datel
2008-02-05 01:36 --------- d-----w C:\Program Files\GIMP-2.0
2008-02-05 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-04 01:30 --------- d-----w C:\Program Files\iSofter
2008-02-04 00:46 --------- d-----w C:\Program Files\DVD Decrypter
2008-02-04 00:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\vlc
2008-02-03 23:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\dvdcss
2008-02-03 23:43 --------- d-----w C:\Program Files\VideoLAN
.

------- Sigcheck -------

2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-02-28 08:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-25_18.56.04.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-16 12:37:31 1,568,016 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-03-26 22:16:44 1,567,992 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-03-26 22:16:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_294.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"Steam"="c:\program files\steam\steam.exe" [2007-12-25 12:42 1266936]
"Vystal"="C:\Documents and Settings\Owner\Desktop\VystalVivid\Vystal 2.exe" [ ]
"LClock"="C:\Program Files\LClock\LClock.exe" [ ]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [ ]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [ ]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [ ]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-22 22:42 3537968]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-13 09:11 287040]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"Google Update"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" [2008-03-20 08:00 51184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 07:07 843776]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 04:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 04:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-06-29 04:43 81920]
"avast!"="C:\ANTIVI~1\Avast\ashDisp.exe" [2007-12-04 09:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 19:21 147456]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]
"bqwbrclw"="C:\WINDOWS\system32\bqwbrclw.exe" [2008-03-26 08:06 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-01-19 15:09:52 624416]
MacroMaker.lnk - C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{49E9E81A-9CA8-4A76-8AD6-BE7E3B2E1E2A}\_18be6784.exe [2008-02-21 14:16:13 1078]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-05 14:03:47 3450608]
YouTube Uploader.lnk - C:\Documents and Settings\Owner\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-01-18 01:38:50 41041]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 23:24:38 1134592]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-02-08 11:10:00 394856]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-01-14 08:04 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\steamapps\\liqwids\\counter-strike source\\hl2.exe"=
"C:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Apache2.2;Apache2.2;"C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice []
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sy s [2007-08-03 15:09]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 23:43]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\Owner\LOCALS~1\Temp\OnlineS canner\Anti-Virus\fsgk.sys []
S3 XDva114;XDva114;C:\WINDOWS\system32\XDva114.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e7425704-a524-11dc-a762-001d60369498}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 12:36:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 18:17:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M ySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Antivirus_ETC\Avast\aswUpdSv.exe
C:\Antivirus_ETC\Avast\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Antivirus_ETC\Avast\ashMaiSv.exe
C:\Antivirus_ETC\Avast\ashWebSv.exe
.
************************************************** ************************
.
Completion time: 2008-03-26 18:21:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-26 22:21:20
ComboFix2.txt 2008-03-25 22:56:10
.
2008-03-12 07:01:24 --- E O F ---








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:17 PM, on 3/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Antivirus_ETC\Avast\aswUpdSv.exe
C:\Antivirus_ETC\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Antivirus_ETC\Avast\ashMaiSv.exe
C:\Antivirus_ETC\Avast\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\ANTIVI~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [bqwbrclw] C:\WINDOWS\system32\bqwbrclw.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Vystal] C:\Documents and Settings\Owner\Desktop\VystalVivid\Vystal 2.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MacroMaker.lnk = ?
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDo