6 Virus In My Pc!!! Help Me!!!!
- Thread starter shakree42
- Start date
ceewi1
VIP Member
Please post a HijackThis log:
Please download the HijackThis installer from http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.
Click Do a system scan and save a logfile
When the Notepad window opens choose Edit -> Select All to select the entire log, and copy and paste the log into a reply post.
Most of what it lists will be harmless or even essential, don't fix anything yet.
Please download the HijackThis installer from http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.
Click Do a system scan and save a logfile
When the Notepad window opens choose Edit -> Select All to select the entire log, and copy and paste the log into a reply post.
Most of what it lists will be harmless or even essential, don't fix anything yet.
hijackthis log...
this is the latest one...(after i done the combofix,rootlog,avg spyware,ccleaner...)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:49 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kiki42\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200375329222
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200375286030
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
--
End of file - 7135 bytes
this is the latest one...(after i done the combofix,rootlog,avg spyware,ccleaner...)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:49 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kiki42\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200375329222
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200375286030
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
--
End of file - 7135 bytes
Last edited:
combofix log...
ComboFix 08-02.01.4 - kiki42 2008-02-01 15:43:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.93 [GMT 8:00]
Running from: E:\do not delete!!\installer\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ljjiijj.dll
C:\WINDOWS\system32\efedb.dll
C:\WINDOWS\system32\hgged.dll
C:\WINDOWS\system32\ljjiijj.dll
C:\WINDOWS\system32\opnolkj.dll
C:\WINDOWS\system32\qopqq.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.
2008-02-01 13:51 . 2008-02-01 13:51 <DIR> d-------- C:\Program Files\CCleaner
2008-01-29 19:21 . 2008-01-30 20:25 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\Uniblue
2008-01-29 19:17 . 2008-01-30 20:24 <DIR> d-------- C:\Program Files\Uniblue
2008-01-27 14:01 . 2008-01-27 14:01 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\.BitTornado
2008-01-27 13:30 . 2008-01-27 15:21 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\Azureus
2008-01-27 13:30 . 2008-01-27 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-27 13:29 . 2008-01-27 23:52 <DIR> d-------- C:\Program Files\Azureus
2008-01-27 02:04 . 2008-02-01 13:48 <DIR> d-------- C:\Downloads
2008-01-27 02:00 . 2008-02-01 13:58 <DIR> d-------- C:\Program Files\FlashGet
2008-01-26 17:11 . 2008-01-26 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\55-p5-71-3o-1q-45
2008-01-26 13:13 . 2008-01-30 22:27 <DIR> d-------- C:\Program Files\GameHouse
2008-01-23 00:42 . 2008-01-23 00:42 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\CoSoSys
2008-01-22 22:40 . 2008-01-22 22:40 <DIR> d-------- C:\Program Files\InstallShield Installation Information
2008-01-22 22:40 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-01-22 22:40 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-22 22:40 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-22 22:40 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-22 22:34 . 2008-01-22 22:34 <DIR> d-------- C:\Program Files\Canon
2008-01-22 22:33 . 2008-01-22 22:33 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-01-22 18:06 . 2006-01-09 15:01 86,016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll
2008-01-22 13:54 . 2008-01-22 15:33 <DIR> d-------- C:\Program Files\Ares
2008-01-19 22:02 . 2008-01-19 22:28 <DIR> d-------- C:\Program Files\Colorful Movie Editor Trial
2008-01-17 22:16 . 2008-01-17 22:16 <DIR> d-------- C:\Documents and Settings\kiki42\.DownloadManager
2008-01-17 17:00 . 2008-01-19 22:02 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\DivX
2008-01-17 16:54 . 2008-01-17 16:57 <DIR> d-------- C:\Program Files\DivX
2008-01-17 16:06 . 2008-01-17 16:06 376 --a------ C:\WINDOWS\ODBC.INI
2008-01-17 16:01 . 2008-01-17 16:01 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-17 15:57 . 2008-01-17 16:01 <DIR> d-------- C:\WINDOWS\ShellNew
2008-01-17 15:22 . 2008-01-17 15:22 <DIR> d-------- C:\Program Files\NCT
2008-01-17 15:21 . 2008-01-17 15:36 <DIR> d-------- C:\Program Files\Text to Speech Maker
2008-01-17 15:21 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\Msvcr70.dll
2008-01-17 15:08 . 2008-01-17 15:08 <DIR> d-------- C:\Program Files\Vista Start Menu
2008-01-17 15:08 . 2008-02-01 13:20 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\Vista Start Menu
2008-01-17 14:54 . 2008-01-23 16:31 1,289 --a------ C:\WINDOWS\mozver.dat
2008-01-17 14:47 . 2008-01-17 14:47 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-17 06:45 . 2008-01-17 06:45 <DIR> d-------- C:\Program Files\Xvid
2008-01-17 06:45 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-17 06:45 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-17 06:45 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-16 22:05 . 2008-01-22 20:04 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-16 22:04 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-16 20:13 . 2008-01-16 20:13 <DIR> d-------- C:\WINDOWS\Sun
2008-01-16 15:05 . 2008-02-01 08:00 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\AVG7
2008-01-16 15:02 . 2008-01-16 15:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-16 15:02 . 2008-01-17 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-16 15:02 . 2008-01-16 15:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-16 15:02 . 2008-01-16 15:02 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-16 14:32 . 2008-01-16 14:32 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-16 14:27 . 2008-01-16 14:27 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-16 06:46 . 2004-08-04 20:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-16 06:45 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-16 06:43 . 2008-01-16 14:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-16 05:20 . 2007-07-01 11:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-16 05:20 . 2007-07-01 11:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-16 05:19 . 2007-10-11 07:47 6,067,200 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-16 05:19 . 2007-10-11 07:47 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-16 05:19 . 2007-10-11 07:47 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-16 05:19 . 2007-10-11 07:47 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-16 05:19 . 2007-10-11 07:47 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-16 05:19 . 2007-10-11 07:47 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-16 05:19 . 2007-10-10 16:16 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-16 00:08 . 2006-07-23 06:49 5,376 --a------ C:\WINDOWS\system32\antiwpa.dll
2008-01-16 00:07 . 2008-01-16 00:07 <DIR> d-------- C:\ETH0
2008-01-16 00:00 . 2008-01-16 00:00 <DIR> d--h----- C:\Program Files\Uninstall Information
2008-01-15 21:58 . 2008-01-15 21:58 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\Grisoft
2008-01-15 21:56 . 2008-01-15 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-15 21:56 . 2007-05-30 20:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-15 18:01 . 2008-01-26 15:04 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\LimeWire
2008-01-15 14:13 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-15 14:11 . 2008-01-16 13:56 <DIR> d-------- C:\Program Files\Java
2008-01-15 14:10 . 2008-02-01 13:06 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\Yahoo!
2008-01-15 14:10 . 2008-01-15 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-15 14:08 . 2008-01-15 14:08 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-15 14:06 . 2008-01-17 14:32 <DIR> d-------- C:\Program Files\LimeWire
2008-01-15 14:03 . 2008-01-15 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-15 13:55 . 2008-01-15 14:02 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-15 13:46 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-15 13:36 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-15 13:28 . 2008-01-26 00:47 1,632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-15 07:19 . 2001-08-17 22:56 315,520 --a------ C:\WINDOWS\system32\trid3d.dll
2008-01-15 07:19 . 2004-08-04 06:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-01-15 07:19 . 2004-08-04 07:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-01-15 07:19 . 2001-08-17 21:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-01-15 07:18 . 2001-08-17 20:51 222,336 --a------ C:\WINDOWS\system32\drivers\trid3dm.sys
2008-01-15 07:18 . 2006-07-12 23:50 146,048 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-01-15 07:18 . 2004-08-04 08:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-01-15 07:18 . 2004-08-04 06:32 84,480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2008-01-15 07:18 . 2004-08-04 07:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-01-15 07:18 . 2004-08-04 07:07 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2008-01-15 07:18 . 2004-08-04 08:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-01-15 07:17 . 2004-08-04 08:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-01-15 07:17 . 2004-08-04 06:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-01-15 07:13 . 2008-01-15 23:24 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-01-15 07:13 . 2004-08-04 20:00 2,012,670 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2008-01-15 07:09 . 2008-02-01 15:56 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-01-15 07:09 . 2008-01-15 07:14 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2008-01-15 07:09 . 2008-01-16 00:00 <DIR> d-------- C:\Documents and Settings
2008-01-15 07:05 . 2008-01-15 23:43 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-01-15 07:05 . 2008-01-15 23:18 211 ---hs---- C:\boot.ini
2008-01-08 09:16 . 2008-01-08 09:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 06:01 --------- d-----w C:\Documents and Settings\kiki42\Application Data\.BitTornado
2008-01-15 15:32 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-15 15:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-01-04 21:58 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-07 09:50 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-07-26 13:37 1694208]
"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-12-12 19:53 1704624]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-28 22:22 6731312]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-16 15:02 579072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 16:10 2007088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-16 15:02 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-16 22:06:24 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 2006-07-23 06:49 5376 C:\WINDOWS\system32\antiwpa.dll
R3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-08-17 20:51]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 11:19:54 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-29 11:19:35 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 16:13:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
.
**************************************************************************
.
Completion time: 2008-02-01 16:19:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-01 08:18:59
.
2008-01-19 03:02:30 --- E O F ---
ComboFix 08-02.01.4 - kiki42 2008-02-01 15:43:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.93 [GMT 8:00]
Running from: E:\do not delete!!\installer\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ljjiijj.dll
C:\WINDOWS\system32\efedb.dll
C:\WINDOWS\system32\hgged.dll
C:\WINDOWS\system32\ljjiijj.dll
C:\WINDOWS\system32\opnolkj.dll
C:\WINDOWS\system32\qopqq.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.
2008-02-01 13:51 . 2008-02-01 13:51 <DIR> d-------- C:\Program Files\CCleaner
2008-01-29 19:21 . 2008-01-30 20:25 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\Uniblue
2008-01-29 19:17 . 2008-01-30 20:24 <DIR> d-------- C:\Program Files\Uniblue
2008-01-27 14:01 . 2008-01-27 14:01 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\.BitTornado
2008-01-27 13:30 . 2008-01-27 15:21 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\Azureus
2008-01-27 13:30 . 2008-01-27 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-27 13:29 . 2008-01-27 23:52 <DIR> d-------- C:\Program Files\Azureus
2008-01-27 02:04 . 2008-02-01 13:48 <DIR> d-------- C:\Downloads
2008-01-27 02:00 . 2008-02-01 13:58 <DIR> d-------- C:\Program Files\FlashGet
2008-01-26 17:11 . 2008-01-26 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\55-p5-71-3o-1q-45
2008-01-26 13:13 . 2008-01-30 22:27 <DIR> d-------- C:\Program Files\GameHouse
2008-01-23 00:42 . 2008-01-23 00:42 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\CoSoSys
2008-01-22 22:40 . 2008-01-22 22:40 <DIR> d-------- C:\Program Files\InstallShield Installation Information
2008-01-22 22:40 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-01-22 22:40 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-22 22:40 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-22 22:40 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-22 22:34 . 2008-01-22 22:34 <DIR> d-------- C:\Program Files\Canon
2008-01-22 22:33 . 2008-01-22 22:33 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-01-22 18:06 . 2006-01-09 15:01 86,016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll
2008-01-22 13:54 . 2008-01-22 15:33 <DIR> d-------- C:\Program Files\Ares
2008-01-19 22:02 . 2008-01-19 22:28 <DIR> d-------- C:\Program Files\Colorful Movie Editor Trial
2008-01-17 22:16 . 2008-01-17 22:16 <DIR> d-------- C:\Documents and Settings\kiki42\.DownloadManager
2008-01-17 17:00 . 2008-01-19 22:02 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\DivX
2008-01-17 16:54 . 2008-01-17 16:57 <DIR> d-------- C:\Program Files\DivX
2008-01-17 16:06 . 2008-01-17 16:06 376 --a------ C:\WINDOWS\ODBC.INI
2008-01-17 16:01 . 2008-01-17 16:01 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-17 15:57 . 2008-01-17 16:01 <DIR> d-------- C:\WINDOWS\ShellNew
2008-01-17 15:22 . 2008-01-17 15:22 <DIR> d-------- C:\Program Files\NCT
2008-01-17 15:21 . 2008-01-17 15:36 <DIR> d-------- C:\Program Files\Text to Speech Maker
2008-01-17 15:21 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\Msvcr70.dll
2008-01-17 15:08 . 2008-01-17 15:08 <DIR> d-------- C:\Program Files\Vista Start Menu
2008-01-17 15:08 . 2008-02-01 13:20 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\Vista Start Menu
2008-01-17 14:54 . 2008-01-23 16:31 1,289 --a------ C:\WINDOWS\mozver.dat
2008-01-17 14:47 . 2008-01-17 14:47 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-17 06:45 . 2008-01-17 06:45 <DIR> d-------- C:\Program Files\Xvid
2008-01-17 06:45 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-17 06:45 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-17 06:45 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-16 22:05 . 2008-01-22 20:04 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-16 22:04 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-16 20:13 . 2008-01-16 20:13 <DIR> d-------- C:\WINDOWS\Sun
2008-01-16 15:05 . 2008-02-01 08:00 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\AVG7
2008-01-16 15:02 . 2008-01-16 15:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-16 15:02 . 2008-01-17 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-16 15:02 . 2008-01-16 15:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-16 15:02 . 2008-01-16 15:02 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-16 14:32 . 2008-01-16 14:32 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-16 14:27 . 2008-01-16 14:27 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-16 06:46 . 2004-08-04 20:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-16 06:45 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-16 06:43 . 2008-01-16 14:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-16 05:20 . 2007-07-01 11:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-16 05:20 . 2007-07-01 11:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-16 05:19 . 2007-10-11 07:47 6,067,200 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-16 05:19 . 2007-10-11 07:47 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-16 05:19 . 2007-10-11 07:47 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-16 05:19 . 2007-10-11 07:47 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-16 05:19 . 2007-10-11 07:47 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-16 05:19 . 2007-10-11 07:47 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-16 05:19 . 2007-10-10 16:16 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-16 00:08 . 2006-07-23 06:49 5,376 --a------ C:\WINDOWS\system32\antiwpa.dll
2008-01-16 00:07 . 2008-01-16 00:07 <DIR> d-------- C:\ETH0
2008-01-16 00:00 . 2008-01-16 00:00 <DIR> d--h----- C:\Program Files\Uninstall Information
2008-01-15 21:58 . 2008-01-15 21:58 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\Grisoft
2008-01-15 21:56 . 2008-01-15 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-15 21:56 . 2007-05-30 20:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-15 18:01 . 2008-01-26 15:04 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\LimeWire
2008-01-15 14:13 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-15 14:11 . 2008-01-16 13:56 <DIR> d-------- C:\Program Files\Java
2008-01-15 14:10 . 2008-02-01 13:06 <DIR> d-------- C:\Documents and Settings\kiki42\Application Data\Yahoo!
2008-01-15 14:10 . 2008-01-15 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-15 14:08 . 2008-01-15 14:08 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-15 14:06 . 2008-01-17 14:32 <DIR> d-------- C:\Program Files\LimeWire
2008-01-15 14:03 . 2008-01-15 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-15 13:55 . 2008-01-15 14:02 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-15 13:46 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-15 13:36 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-15 13:28 . 2008-01-26 00:47 1,632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-15 07:19 . 2001-08-17 22:56 315,520 --a------ C:\WINDOWS\system32\trid3d.dll
2008-01-15 07:19 . 2004-08-04 06:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-01-15 07:19 . 2004-08-04 07:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-01-15 07:19 . 2001-08-17 21:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-01-15 07:18 . 2001-08-17 20:51 222,336 --a------ C:\WINDOWS\system32\drivers\trid3dm.sys
2008-01-15 07:18 . 2006-07-12 23:50 146,048 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-01-15 07:18 . 2004-08-04 08:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-01-15 07:18 . 2004-08-04 06:32 84,480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2008-01-15 07:18 . 2004-08-04 07:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-01-15 07:18 . 2004-08-04 07:07 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2008-01-15 07:18 . 2004-08-04 08:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-01-15 07:17 . 2004-08-04 08:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-01-15 07:17 . 2004-08-04 06:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-01-15 07:13 . 2008-01-15 23:24 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-01-15 07:13 . 2004-08-04 20:00 2,012,670 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2008-01-15 07:09 . 2008-02-01 15:56 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-01-15 07:09 . 2008-01-15 07:14 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2008-01-15 07:09 . 2008-01-16 00:00 <DIR> d-------- C:\Documents and Settings
2008-01-15 07:05 . 2008-01-15 23:43 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-01-15 07:05 . 2008-01-15 23:18 211 ---hs---- C:\boot.ini
2008-01-08 09:16 . 2008-01-08 09:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 06:01 --------- d-----w C:\Documents and Settings\kiki42\Application Data\.BitTornado
2008-01-15 15:32 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-15 15:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-01-04 21:58 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-07 09:50 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-07-26 13:37 1694208]
"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-12-12 19:53 1704624]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-28 22:22 6731312]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-16 15:02 579072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 16:10 2007088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-16 15:02 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-16 22:06:24 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 2006-07-23 06:49 5376 C:\WINDOWS\system32\antiwpa.dll
R3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-08-17 20:51]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 11:19:54 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-29 11:19:35 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 16:13:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
.
**************************************************************************
.
Completion time: 2008-02-01 16:19:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-01 08:18:59
.
2008-01-19 03:02:30 --- E O F ---
rootlog...
********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
Fri 02/01/2008 15:30:35.75
NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 15:30:38
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
IPC error: 2 The system cannot find the file specified.
scanning hidden registry entries ...
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
hidden processes: 0
hidden services: 0
hidden files: 0
********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
Fri 02/01/2008 15:30:35.75
NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 15:30:38
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
IPC error: 2 The system cannot find the file specified.
scanning hidden registry entries ...
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
hidden processes: 0
hidden services: 0
hidden files: 0
ceewi1
VIP Member
ComboFix has removed a number of infected files, it's likely that these were responsible for your antivirus alerts. I'd like to see the results of one more scan:
Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add Or Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add Or Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
- Once the files are downloaded click on Next
- Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
- Extended
- Scan Options:
- Scan Archives
- Scan Mail Bases
- Scan using the following Anti-Virus database:
- Click OK and, under select a target to scan, select My Computer
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
sry...
it looks like its all okay now..
i've asked my friend to check if my pc okay now...
he said that i did a great job...
my friend is actually a great pc brain...
he's a bit fanatic with this pc thing...
huhuhu
thx ceewi1 !!!
i appreciate ur reply and kindness
thank you very2 much!!
it looks like its all okay now..
i've asked my friend to check if my pc okay now...
he said that i did a great job...
my friend is actually a great pc brain...
he's a bit fanatic with this pc thing...
huhuhu
thx ceewi1 !!!
i appreciate ur reply and kindness
thank you very2 much!!