1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

hack this log) computer running really slow

Discussion in 'Windows - Virus and spyware problems' started by 07anto07, Feb 22, 2008.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Hey 07anto07,

    Sorry for the delay, real life has been really busy for me.

    Run Combofix

    Let's dig a little deeper and see what's hiding in your computer.

    Disable your AVG anti-virus as it will prevent ComboFix from working.

    Disable AVG

    * Double click in the AVG icon in Systray
    * Double click on Resident Shield, UNcheck Turn on AVG Free Resident Shield. Then click Apply.
    * Close AVG.

    You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


    If you have used Combofix before, please delete the version you have and redownload it again, because Combofix is being updated everyday.

    Disconnect from the Internet while running ComboFix.

    Temporarily disable any anti-virus and anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
    Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.


    1. Download this file - combofix.exe to your Desktop.

    Note:
    It is important that it is saved directly to your desktop

    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you, C:\ComboFix.txt. Post the ComboFix log and a fresh Hijackthis log in your next reply.

    Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
    Do NOT run ComboFix more than once.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall
    Do not run Combofix more than once.

    In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".

    The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.

    --------------------------------------------------------------------

    In your next reply:

    Fresh HijackThis log
    C:/ComboFix.txt
     
    Ltangel, Mar 7, 2008
    #21
  2. 07anto07

    07anto07 Active member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    66
    ComboFix 08-03-07.1 - Compaq_Owner 2008-03-07 16:26:30.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.546 [GMT 0:00]
    Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Compaq_Owner\Application Data\inst.exe
    C:\install.exe
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
    .

    2008-03-05 18:03 . 2008-03-05 18:03 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\DivX
    2008-03-05 18:00 . 2008-01-04 21:58 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-03-05 18:00 . 2008-01-04 21:58 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2008-03-05 18:00 . 2008-01-04 21:58 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2008-03-05 18:00 . 2008-01-04 21:58 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-03-05 18:00 . 2008-01-04 21:58 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-03-04 18:09 . 2005-10-20 04:59 81,920 --a------ C:\WINDOWS\system32\ImageDrive.cpl
    2008-03-04 18:06 . 2008-03-04 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
    2008-02-29 11:48 . 2008-02-29 11:48 <DIR> d-------- C:\WINDOWS\system32\windows media
    2008-02-29 11:48 . 2008-02-29 11:48 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
    2008-02-29 11:47 . 2008-03-02 16:32 74 --ah----- C:\WINDOWS\upcommv8.mtx
    2008-02-28 12:58 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
    2008-02-28 12:44 . 2008-03-03 18:22 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2008-02-28 12:44 . 2008-03-03 15:56 30,590 --a------ C:\WINDOWS\system32\pavas.ico
    2008-02-28 12:44 . 2008-03-03 15:56 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-02-28 12:44 . 2008-03-03 15:56 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2008-02-28 12:33 . 2006-03-29 15:33 <DIR> d-------- C:\Documents and Settings\Administrator.HOTSTUFF\WINDOWS
    2008-02-28 12:33 . 2006-03-29 15:21 <DIR> d-------- C:\Documents and Settings\Administrator.HOTSTUFF\Application Data\ATI
    2008-02-28 12:24 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-02-27 14:49 . 2008-03-03 21:36 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Ulead Systems
    2008-02-27 14:00 . 2008-02-27 14:00 <DIR> d----c--- C:\SmartSound Software
    2008-02-27 14:00 . 2008-02-27 14:00 <DIR> d-------- C:\Program Files\SmartSound Software
    2008-02-27 14:00 . 2008-02-29 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    2008-02-27 13:59 . 2008-02-27 13:59 <DIR> d-------- C:\Program Files\Windows Media Components
    2008-02-27 13:59 . 2008-03-02 16:33 <DIR> d-------- C:\Program Files\Ulead Systems
    2008-02-27 13:59 . 2008-03-02 16:33 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
    2008-02-27 13:59 . 2008-02-27 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-02-22 17:59 . 2008-02-22 17:59 <DIR> d-------- C:\Program Files\Trend Micro
    2008-02-22 13:46 . 2008-02-22 13:46 <DIR> d-------- C:\Program Files\danny_kay1710
    2008-02-19 17:38 . 2008-02-19 17:38 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\DVDFab
    2008-02-10 18:17 . 2008-02-10 18:17 0 --ah----- C:\WINDOWS\SwSys2.bmp
    2008-02-10 18:17 . 2008-02-10 18:17 0 --ah----- C:\WINDOWS\SwSys1.bmp
    2008-02-10 17:42 . 2008-02-18 12:03 <DIR> d-------- C:\Program Files\PCDJ DEX
    2008-02-10 16:45 . 2003-05-14 20:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
    2008-02-10 16:45 . 2000-05-21 23:00 166,600 --a------ C:\WINDOWS\system32\MSMASK32.OCX
    2008-02-10 16:45 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
    2008-02-10 16:45 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
    2008-02-10 16:45 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
    2008-02-10 16:45 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
    2008-02-09 16:30 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
    2008-02-09 16:30 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
    2008-02-09 16:30 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-02-09 16:30 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-02-09 16:30 . 2008-02-09 16:31 11,089 --a------ C:\WINDOWS\system32\LexFiles.ulf
    2008-02-09 16:29 . 2008-02-09 16:29 <DIR> d----c--- C:\Lexmark

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-07 16:02 --------- d-----w C:\Program Files\Lx_cats
    2008-03-07 15:22 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AVG7
    2008-03-05 19:17 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
    2008-03-05 19:01 --------- d-----w C:\Program Files\PeerGuardian2
    2008-03-05 18:00 --------- d-----w C:\Program Files\DivX
    2008-03-04 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-03-04 17:43 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Vso
    2008-03-04 16:34 --------- d-----w C:\Program Files\Common Files\LightScribe
    2008-03-03 18:03 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-03-03 18:03 --------- d-----w C:\Program Files\Windows Live Favorites
    2008-03-03 18:02 --------- d-----w C:\Program Files\Video Convert Master
    2008-03-03 17:48 --------- d-----w C:\Program Files\Lexmark 4300 Series
    2008-03-03 17:44 --------- d-----w C:\Program Files\iTunes
    2008-03-03 17:39 --------- d-----w C:\Program Files\Google
    2008-03-03 17:30 --------- d-----w C:\Program Files\Bonjour
    2008-03-02 16:43 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
    2008-03-02 16:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-28 12:24 --------- d-----w C:\Program Files\Java
    2008-02-25 12:03 --------- d-----w C:\Program Files\DNA
    2008-02-25 11:53 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\DNA
    2008-02-19 17:03 --------- d-----w C:\Program Files\DVDFab Platinum 4
    2008-02-18 19:12 --------- d-----w C:\Program Files\LimeWire
    2008-02-13 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-02-11 10:31 --------- d-----w C:\Program Files\DVD Shrink
    2008-02-09 17:40 --------- d-----w C:\Program Files\avijoin
    2008-02-06 17:29 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg
    2008-02-05 18:56 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\VSO_HWE
    2008-02-05 16:48 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-02-05 16:48 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
    2008-02-05 16:43 --------- d-----w C:\Program Files\Common Files\Motorola Shared
    2008-02-04 18:37 --------- d-----w C:\Program Files\VirtualDJ
    2008-02-02 14:01 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-02-02 14:01 --------- d-----w C:\Program Files\Windows Live
    2008-02-02 13:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-02 13:29 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
    2008-01-30 18:51 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\dvdcss
    2008-01-28 13:37 --------- d-----w C:\Program Files\uTorrent
    2008-01-28 13:28 --------- d-----w C:\Program Files\BitTorrent
    2008-01-28 13:26 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\BitTorrent
    2008-01-28 11:32 --------- d-----w C:\Program Files\AllToAVI
    2008-01-28 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
    2008-01-28 09:12 --------- d-----w C:\Program Files\Nero
    2008-01-27 18:26 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
    2008-01-27 18:26 47,360 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.sys
    2008-01-27 15:52 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\SuperNZB
    2008-01-27 15:07 --------- d-----w C:\Program Files\USB 2.0 PC Camera
    2008-01-25 15:14 --------- d-----w C:\Program Files\Microsoft Works
    2008-01-25 15:13 --------- d-----w C:\Program Files\MSBuild
    2008-01-25 15:11 --------- d-----w C:\Program Files\Microsoft.NET
    2008-01-25 14:02 --------- d-----w C:\Program Files\DAMN NFO Viewer
    2008-01-25 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2008-01-25 11:46 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
    2008-01-25 11:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-01-25 11:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-01-24 20:37 --------- d-----w C:\Program Files\QuickTime
    2008-01-24 20:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-24 20:23 --------- d-----w C:\Program Files\Nsasoft
    2008-01-24 20:07 1,967 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_EV993AA-ABU SR1839UK GB620_YC_0Pres_QCZX613_E62GBheREA2_48_ILITHIUM_SASUSTek Computer INC._V1.04_B3.15_T060302_WXH2_L409_M1023_J300_7Intel_8Pentium D_93_#070326_N808627DC_Z_G10027146.MRK
    2008-01-24 18:47 94,208 ----a-w C:\WINDOWS\DUMP5a45.tmp
    2008-01-24 18:45 94,208 ----a-w C:\WINDOWS\DUMP5e1d.tmp
    2008-01-23 19:17 --------- d-----w C:\Program Files\Router Screenshot Grabber
    2008-01-18 10:36 --------- d-----w C:\Program Files\UltraISO
    2008-01-18 10:35 --------- d-----w C:\Program Files\Common Files\EZB Systems
    2008-01-16 13:52 --------- d-----w C:\Program Files\SuperNZB
    2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2008-01-10 11:34 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Ableton
    2008-01-10 10:50 --------- d-----w C:\Program Files\iPod
    2008-01-10 10:47 --------- d-----w C:\Program Files\Apple Software Update
    2008-01-09 09:48 --------- d-----w C:\Program Files\Data Doctor Recovery Memory Card (Demo)
    2008-01-09 09:35 --------- d-----w C:\Program Files\Sony
    2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
    2007-12-11 16:55 3,159,432 -c--a-w C:\WindowsXP-KB906472-v4-x86-ENU.exe
    2007-12-08 05:21 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-03-27 08:47 81,920 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\ezpinst.exe
    2007-03-27 08:27 0 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
    2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-04 16:50 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
    "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ftutil2"="ftutil2.dll" [2004-06-07 21:05 106496 C:\WINDOWS\system32\ftutil2.dll]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 23:41 45056]
    "RTHDCPL"="RTHDCPL.EXE" [2006-01-12 00:23 15961088 C:\WINDOWS\RTHDCPL.EXE]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46 147456]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 00:29 249856]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11 49152]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-29 15:26 180269]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-26 16:31 579072]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
    "snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-12-04 11:58 675840]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 11:00 110592 C:\WINDOWS\system32\bthprops.cpl]
    "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 13:46 73728]
    "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 17:45 192512]
    "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 12:17 94208]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
    "UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52 36864]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-25 12:03 219136]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-03-29 14:56:10 27136]

    C:\Documents and Settings\Administrator.HOTSTUFF\Start Menu\Programs\Startup\
    Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-03-29 14:56:10 27136]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-27 13:02:05 113664]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-04-01 18:07:02 1179648]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56 65588]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

    R2 StkASSrv;Syntek STK1160 Service;C:\WINDOWS\System32\StkASv2K.exe [2006-05-23 23:49]
    R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-01-20 11:37]
    S3 StkAMini;Syntek STK1160;C:\WINDOWS\system32\Drivers\StkAMini.sys [2006-11-15 17:32]
    S3 StkScan;Syntek STK1160 Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys [2006-06-27 18:27]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-07 16:17:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-07 16:30:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXCECATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-03-07 16:30:39
    ComboFix-quarantined-files.txt 2008-03-07 16:30:38
    ComboFix2.txt 2007-07-13 17:14:15
    .
    2008-02-13 14:44:37 --- E O F ---
     
    07anto07, Mar 7, 2008
    #22
  3. 07anto07

    07anto07 Active member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    66
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:34:38, on 07/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\StkASv2K.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\vsnp2std.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 11537 bytes
     
    07anto07, Mar 7, 2008
    #23
  4. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Hey 07anto07,

    1. Please open Notepad. (Use ONLY Notepad and no other text editor)

    [*] Click Start , then Run
    [*]Type notepad.exe in the Run Box.

    2. Now copy/paste the entire content of the quotebox below into the Notepad window:


    Note: The above script is specifically for this user, using it on another computer can may cause permanent damage to your system!

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]

    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

    [*]Combofix.txt
    [*]A new HijackThis log.

    Go!

    ~Ltangel~
     
    Last edited: Mar 8, 2008
    Ltangel, Mar 8, 2008
    #24
  5. 07anto07

    07anto07 Active member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    66
    ComboFix 08-03-07.1 - Compaq_Owner 2008-03-08 16:06:52.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.509 [GMT 0:00]
    Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt
    * Created a new restore point

    FILE ::
    C:\Documents and Settings\Compaq_Owner\Application Data\ezpinst.exe
    C:\WINDOWS\DUMP5a45.tmp
    C:\WINDOWS\DUMP5e1d.tmp
    C:\WINDOWS\Fonts\RandFont.dll
    C:\WINDOWS\SwSys1.bmp
    C:\WINDOWS\SwSys2.bmp
    C:\WINDOWS\system32\actskn43.ocx
    C:\WINDOWS\upcommv8.mtx
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Compaq_Owner\Application Data\ezpinst.exe
    C:\WINDOWS\DUMP5a45.tmp
    C:\WINDOWS\DUMP5e1d.tmp
    C:\WINDOWS\Fonts\RandFont.dll
    C:\WINDOWS\SwSys1.bmp
    C:\WINDOWS\SwSys2.bmp
    C:\WINDOWS\system32\actskn43.ocx
    C:\WINDOWS\upcommv8.mtx

    .
    ((((((((((((((((((((((((( Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
    .

    2008-03-05 18:03 . 2008-03-05 18:03 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\DivX
    2008-03-05 18:00 . 2008-01-04 21:58 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-03-05 18:00 . 2008-01-04 21:58 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2008-03-05 18:00 . 2008-01-04 21:58 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2008-03-05 18:00 . 2008-01-04 21:58 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-03-05 18:00 . 2008-01-04 21:58 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-03-04 18:09 . 2005-10-20 04:59 81,920 --a------ C:\WINDOWS\system32\ImageDrive.cpl
    2008-03-04 18:06 . 2008-03-04 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
    2008-02-29 11:48 . 2008-02-29 11:48 <DIR> d-------- C:\WINDOWS\system32\windows media
    2008-02-29 11:48 . 2008-02-29 11:48 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
    2008-02-28 12:58 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
    2008-02-28 12:44 . 2008-03-03 18:22 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2008-02-28 12:44 . 2008-03-03 15:56 30,590 --a------ C:\WINDOWS\system32\pavas.ico
    2008-02-28 12:44 . 2008-03-03 15:56 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-02-28 12:44 . 2008-03-03 15:56 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2008-02-28 12:33 . 2006-03-29 15:33 <DIR> d-------- C:\Documents and Settings\Administrator.HOTSTUFF\WINDOWS
    2008-02-28 12:33 . 2006-03-29 15:21 <DIR> d-------- C:\Documents and Settings\Administrator.HOTSTUFF\Application Data\ATI
    2008-02-28 12:24 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-02-27 14:49 . 2008-03-03 21:36 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Ulead Systems
    2008-02-27 14:00 . 2008-02-27 14:00 <DIR> d----c--- C:\SmartSound Software
    2008-02-27 14:00 . 2008-02-27 14:00 <DIR> d-------- C:\Program Files\SmartSound Software
    2008-02-27 14:00 . 2008-02-29 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    2008-02-27 13:59 . 2008-02-27 13:59 <DIR> d-------- C:\Program Files\Windows Media Components
    2008-02-27 13:59 . 2008-03-02 16:33 <DIR> d-------- C:\Program Files\Ulead Systems
    2008-02-27 13:59 . 2008-03-02 16:33 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
    2008-02-27 13:59 . 2008-02-27 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-02-22 17:59 . 2008-02-22 17:59 <DIR> d-------- C:\Program Files\Trend Micro
    2008-02-22 13:46 . 2008-02-22 13:46 <DIR> d-------- C:\Program Files\danny_kay1710
    2008-02-19 17:38 . 2008-02-19 17:38 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\DVDFab
    2008-02-10 17:42 . 2008-02-18 12:03 <DIR> d-------- C:\Program Files\PCDJ DEX
    2008-02-10 16:45 . 2000-05-21 23:00 166,600 --a------ C:\WINDOWS\system32\MSMASK32.OCX
    2008-02-10 16:45 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
    2008-02-10 16:45 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
    2008-02-10 16:45 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
    2008-02-10 16:45 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
    2008-02-09 16:30 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
    2008-02-09 16:30 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
    2008-02-09 16:30 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-02-09 16:30 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-02-09 16:30 . 2008-02-09 16:31 11,089 --a------ C:\WINDOWS\system32\LexFiles.ulf
    2008-02-09 16:29 . 2008-02-09 16:29 <DIR> d----c--- C:\Lexmark

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-08 16:10 --------- d-----w C:\Program Files\PeerGuardian2
    2008-03-08 16:06 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
    2008-03-08 14:39 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AVG7
    2008-03-08 14:38 --------- d-----w C:\Program Files\Lx_cats
    2008-03-05 18:00 --------- d-----w C:\Program Files\DivX
    2008-03-04 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-03-04 17:43 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Vso
    2008-03-04 16:34 --------- d-----w C:\Program Files\Common Files\LightScribe
    2008-03-03 18:03 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-03-03 18:03 --------- d-----w C:\Program Files\Windows Live Favorites
    2008-03-03 18:02 --------- d-----w C:\Program Files\Video Convert Master
    2008-03-03 17:48 --------- d-----w C:\Program Files\Lexmark 4300 Series
    2008-03-03 17:44 --------- d-----w C:\Program Files\iTunes
    2008-03-03 17:39 --------- d-----w C:\Program Files\Google
    2008-03-03 17:30 --------- d-----w C:\Program Files\Bonjour
    2008-03-02 16:43 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
    2008-03-02 16:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-28 12:24 --------- d-----w C:\Program Files\Java
    2008-02-25 12:03 --------- d-----w C:\Program Files\DNA
    2008-02-25 11:53 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\DNA
    2008-02-19 17:03 --------- d-----w C:\Program Files\DVDFab Platinum 4
    2008-02-18 19:12 --------- d-----w C:\Program Files\LimeWire
    2008-02-13 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-02-11 10:31 --------- d-----w C:\Program Files\DVD Shrink
    2008-02-09 17:40 --------- d-----w C:\Program Files\avijoin
    2008-02-06 17:29 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg
    2008-02-05 18:56 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\VSO_HWE
    2008-02-05 16:48 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-02-05 16:48 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
    2008-02-05 16:43 --------- d-----w C:\Program Files\Common Files\Motorola Shared
    2008-02-04 18:37 --------- d-----w C:\Program Files\VirtualDJ
    2008-02-02 14:01 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-02-02 14:01 --------- d-----w C:\Program Files\Windows Live
    2008-02-02 13:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-02 13:29 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
    2008-01-30 18:51 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\dvdcss
    2008-01-28 13:37 --------- d-----w C:\Program Files\uTorrent
    2008-01-28 13:28 --------- d-----w C:\Program Files\BitTorrent
    2008-01-28 13:26 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\BitTorrent
    2008-01-28 11:32 --------- d-----w C:\Program Files\AllToAVI
    2008-01-28 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
    2008-01-28 09:12 --------- d-----w C:\Program Files\Nero
    2008-01-27 18:26 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
    2008-01-27 18:26 47,360 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.sys
    2008-01-27 15:52 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\SuperNZB
    2008-01-27 15:07 --------- d-----w C:\Program Files\USB 2.0 PC Camera
    2008-01-25 15:14 --------- d-----w C:\Program Files\Microsoft Works
    2008-01-25 15:13 --------- d-----w C:\Program Files\MSBuild
    2008-01-25 15:11 --------- d-----w C:\Program Files\Microsoft.NET
    2008-01-25 14:02 --------- d-----w C:\Program Files\DAMN NFO Viewer
    2008-01-25 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2008-01-25 11:46 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
    2008-01-25 11:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-01-25 11:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-01-24 20:37 --------- d-----w C:\Program Files\QuickTime
    2008-01-24 20:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-24 20:23 --------- d-----w C:\Program Files\Nsasoft
    2008-01-24 20:07 1,967 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_EV993AA-ABU SR1839UK GB620_YC_0Pres_QCZX613_E62GBheREA2_48_ILITHIUM_SASUSTek Computer INC._V1.04_B3.15_T060302_WXH2_L409_M1023_J300_7Intel_8Pentium D_93_#070326_N808627DC_Z_G10027146.MRK
    2008-01-23 19:17 --------- d-----w C:\Program Files\Router Screenshot Grabber
    2008-01-18 10:36 --------- d-----w C:\Program Files\UltraISO
    2008-01-18 10:35 --------- d-----w C:\Program Files\Common Files\EZB Systems
    2008-01-16 13:52 --------- d-----w C:\Program Files\SuperNZB
    2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2008-01-10 11:34 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Ableton
    2008-01-10 10:50 --------- d-----w C:\Program Files\iPod
    2008-01-10 10:47 --------- d-----w C:\Program Files\Apple Software Update
    2008-01-09 09:48 --------- d-----w C:\Program Files\Data Doctor Recovery Memory Card (Demo)
    2008-01-09 09:35 --------- d-----w C:\Program Files\Sony
    2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
    2007-12-11 16:55 3,159,432 -c--a-w C:\WindowsXP-KB906472-v4-x86-ENU.exe
    2007-12-08 05:21 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-03-27 08:27 0 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
    2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-04 16:50 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
    "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ftutil2"="ftutil2.dll" [2004-06-07 21:05 106496 C:\WINDOWS\system32\ftutil2.dll]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 23:41 45056]
    "RTHDCPL"="RTHDCPL.EXE" [2006-01-12 00:23 15961088 C:\WINDOWS\RTHDCPL.EXE]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46 147456]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 00:29 249856]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11 49152]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-29 15:26 180269]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-26 16:31 579072]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
    "snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-12-04 11:58 675840]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 11:00 110592 C:\WINDOWS\system32\bthprops.cpl]
    "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 13:46 73728]
    "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 17:45 192512]
    "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 12:17 94208]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
    "UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52 36864]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-25 12:03 219136]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-03-29 14:56:10 27136]

    C:\Documents and Settings\Administrator.HOTSTUFF\Start Menu\Programs\Startup\
    Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-03-29 14:56:10 27136]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-27 13:02:05 113664]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-04-01 18:07:02 1179648]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56 65588]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

    R2 StkASSrv;Syntek STK1160 Service;C:\WINDOWS\System32\StkASv2K.exe [2006-05-23 23:49]
    R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-01-20 11:37]
    S3 StkAMini;Syntek STK1160;C:\WINDOWS\system32\Drivers\StkAMini.sys [2006-11-15 17:32]
    S3 StkScan;Syntek STK1160 Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys [2006-06-27 18:27]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    *Newly Created Service* - PGFILTER

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-08 15:17:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-08 16:11:20
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXCECATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-03-08 16:11:48
    ComboFix-quarantined-files.txt 2008-03-08 16:11:47
    ComboFix2.txt 2008-03-07 16:30:40
    ComboFix3.txt 2007-07-13 17:14:15
    .
    2008-02-13 14:44:37 --- E O F ---








    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:17:14, on 08/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\StkASv2K.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\vsnp2std.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 11702 bytes
     
    Last edited: Mar 8, 2008
    07anto07, Mar 8, 2008
    #25
  6. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Hey 07anto07,

    Oops, I missed out a few folders. :S

    1. Please reopen Notepad. (Use ONLY Notepad and no other text editor)

    [*] Click Start , then Run
    [*]Type notepad.exe in the Run Box.

    2. Now copy/paste the entire content of the quotebox below into the Notepad window:


    Note: The above script is specifically for this user, using it on another computer can may cause permanent damage to your system!

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]

    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

    [*]Combofix.txt
    [*]A new HijackThis log

    ---------------------------------------------------------------------

    Let's run another scan and see what we can find.

    Scan with SUPERAntispyware

    1. Download and install SUPERAntiSpyware and double-click the icon on your desktop to run it.
    2. It will ask if you want to update the program definitions, click Yes.
    3. Under Configuration and Preferences, click the Preferences button.
    4. Click the Scanning Control tab.
    5. Under Scanner Options make sure the following are checked:
    1. Close browsers before scanning
    2. Scan for tracking cookies
    3. Terminate memory threats before quarantining.
    4. Please leave the others unchecked.
    5. Click the Close button to leave the control center screen.
    6. On the main screen, under Scan for Harmful Software click Scan your computer.
    7. On the left check C:\Fixed Drive.
    8. On the right, under Complete Scan, choose Perform Complete Scan.
    9. Click Next to start the scan. Please be patient while it scans your computer.
    10. After the scan is complete a summary box will appear. Click OK.
    11. Make sure everything in the white box has a check next to it, then click Next.
    12. It will quarantine what it found and if it asks if you want to reboot, click Yes.
    13. To retrieve the removal information for me please do the following:
    1. After reboot, double-click the SUPERAntispyware icon on your desktop.
    2. Click Preferences. Click the Statistics/Logs tab.
    3. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    4. It will open in your default text editor (such as Notepad/Wordpad).
    5. Please highlight everything in the notepad, then right-click and choose copy.
    14. Click close and close again to exit the program.
    15. Save the log information on your desktop. If needed (still infected) paste this info along with your HijackThis log.


    Next reply:

    Combofix.txt
    Fresh HijackThis log
    SUPERAntispyware scan log

    Go!

    ~Ltangel~
    Code:
    

    
					
     
    
				
    
			
    
			
			
		
    
		
		
		
		
		
		
		
				
		
    
			
			
    
				
				
					Ltangel,
					Mar 10, 2008
				
				
				
				
				
				
				
				
				
				
				
				
			
    
			
			
    
				#26
				
				
				
				
			
    
		
    
	
		
		
    
	
    

	
	
	
	

    7. 
			
		
			
				



  7. 

	


    	

    
	
		
    
			
			07anto07
			
			
		
    
	


	
		
    
			07anto07
			Active member
			
			
		
    
	
		
	
		
    
			
			
				
					
    
						
    Joined:
    
						
    May 21, 2007
    
					
    
				
				
				
					
    
						
    Messages:
    
						
    3,511
    
					
    
				
				
				
					
    
						
    Likes Received:
    
						
    0
    
					
    
				
				
				
					
    
						
    Trophy Points:
    
						
    66
    
					
    
				
			
				
				
				
				
				
			
				
							
						
			
			
		
    
	
		


	

    

    

	
    
		
		
		
		
		
		
    		
			
    
				
    
					
					ComboFix 08-03-07.1 - Compaq_Owner 2008-03-10 12:24:23.3 - NTFSx86
    
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.542 [GMT 0:00]
    
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
    
Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt
    
 * Created a new restore point
    
.
    

    
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    
.
    

    
C:\Documents and Settings\Administrator.HOTSTUFF\WINDOWS
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\410splashpro.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\412splashfree.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\412splashpro.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\createtimes.cache
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\data.ser
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\fileurns.bak
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\fileurns.cache
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\filters.props
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\gnutella.net
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\installation.props
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\library.dat
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\limewire.props
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\pub1.key
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\public.key
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\questions.props
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\responses.cache
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\secureMessage.key
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\simpp.xml
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\spam.dat
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\tables.props
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme.lwtp
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\01_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\02_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\03_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\04_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\05_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\chat.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\dir_closed.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\dir_open.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\forward_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\forward_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\kill.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\kill_on.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\lime.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\logo.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\notsearching.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\pause_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\pause_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\play_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\play_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\question.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\rewind_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\searching.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\splash.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\splashpro.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\stop_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\stop_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\theme.txt
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\black_theme\warning.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme.lwtp
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\01_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\02_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\03_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\04_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\05_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\chat.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\dir_open.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\forward_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\kill.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\logo.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\notsearching.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\pause_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\play_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\play_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\question.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\search.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\searching.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\splash.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\splashpro.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\stop_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\theme.txt
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\classic_theme\warning.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme.lwtp
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\01_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\02_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\03_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\04_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\05_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\chat.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\kill.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\lime.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\logo.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\play_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\question.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\searching.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\splash.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\splashpro.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\theme.txt
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewire_theme\warning.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme.lwtp
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\01_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\02_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\03_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\04_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\05_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\chat.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\dir_closed.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\dir_open.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\forward_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\forward_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\kill.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\kill_on.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\lime.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\logo.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\notsearching.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\pause_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\pause_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\play_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\play_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\question.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\rewind_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\rewind_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\searching.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\splash.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\splashpro.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\stop_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\stop_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\theme.txt
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\limewirePro_theme\warning.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme.lwtp
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\01_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\02_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\03_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\04_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\05_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\chat.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\forward_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\forward_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\kill.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\kill_on.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\logo.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\name.txt
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\notsearching.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\pause_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\pause_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\play_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\play_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\question.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\rewind_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\searching.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\splash.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\splashpro.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\stop_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\stop_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\theme.txt
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\other_theme\warning.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme.lwtp
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\01_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\02_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\03_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\04_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\05_star.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\chat.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\forward_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\kill.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\kill_on.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\logo.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\notsearching.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\pause_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\play_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\play_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\question.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\searching.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\splash.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\splashpro.png
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\stop_up.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\theme.txt
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\themes\windows_theme\warning.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\ttree.cache
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\update.xml
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\version.key
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\version.xml
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\xml\data\application.sxml
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\xml\data\audio.sxml
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\xml\data\delete_me
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\xml\data\document.sxml
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\xml\data\image.sxml
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\xml\data\video.sxml
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\xml\misc\application.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\xml\misc\audio.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\xml\misc\document.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\xml\misc\image.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\xml\misc\video.gif
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\xml\schemas\application.xsd
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\xml\schemas\audio.xsd
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\xml\schemas\document.xsd
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\xml\schemas\image.xsd
    
C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire\xml\schemas\video.xsd
    
C:\WINDOWS\system32\windows media
    
C:\WINDOWS\system32\windows media\server\wmsservertypelib.dll
    

    
.
    
(((((((((((((((((((((((((   Files Created from 2008-02-10 to 2008-03-10  )))))))))))))))))))))))))))))))
    
.
    

    
2008-03-09 16:55 . 2008-02-22 02:33	69,632	--a------	C:\WINDOWS\system32\javacpl.cpl
    
2008-03-05 18:03 . 2008-03-05 18:03	<DIR>	d--------	C:\Documents and Settings\Compaq_Owner\Application Data\DivX
    
2008-03-05 18:00 . 2008-01-04 21:58	129,784	---------	C:\WINDOWS\system32\pxafs.dll
    
2008-03-05 18:00 . 2008-01-04 21:58	120,056	---------	C:\WINDOWS\system32\pxcpyi64.exe
    
2008-03-05 18:00 . 2008-01-04 21:58	118,520	---------	C:\WINDOWS\system32\pxinsi64.exe
    
2008-03-05 18:00 . 2008-01-04 21:58	9,464	---------	C:\WINDOWS\system32\drivers\cdralw2k.sys
    
2008-03-05 18:00 . 2008-01-04 21:58	9,336	---------	C:\WINDOWS\system32\drivers\cdr4_xp.sys
    
2008-03-04 18:09 . 2005-10-20 04:59	81,920	--a------	C:\WINDOWS\system32\ImageDrive.cpl
    
2008-03-04 18:06 . 2008-03-04 18:06	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\LightScribe
    
2008-02-29 11:48 . 2008-02-29 11:48	<DIR>	d--h-----	C:\WINDOWS\msdownld.tmp
    
2008-02-28 12:58 . 2007-06-05 10:56	44,928	--a------	C:\WINDOWS\system32\drivers\SDTHOOK.SYS
    
2008-02-28 12:44 . 2008-03-03 18:22	<DIR>	d--------	C:\WINDOWS\system32\ActiveScan
    
2008-02-28 12:44 . 2008-03-03 15:56	30,590	--a------	C:\WINDOWS\system32\pavas.ico
    
2008-02-28 12:44 . 2008-03-03 15:56	2,550	--a------	C:\WINDOWS\system32\Uninstall.ico
    
2008-02-28 12:44 . 2008-03-03 15:56	1,406	--a------	C:\WINDOWS\system32\Help.ico
    
2008-02-28 12:33 . 2006-03-29 15:21	<DIR>	d--------	C:\Documents and Settings\Administrator.HOTSTUFF\Application Data\ATI
    
2008-02-27 14:49 . 2008-03-03 21:36	<DIR>	d--------	C:\Documents and Settings\Compaq_Owner\Application Data\Ulead Systems
    
2008-02-27 14:00 . 2008-02-27 14:00	<DIR>	d----c---	C:\SmartSound Software
    
2008-02-27 14:00 . 2008-02-27 14:00	<DIR>	d--------	C:\Program Files\SmartSound Software
    
2008-02-27 14:00 . 2008-02-29 11:48	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    
2008-02-27 13:59 . 2008-02-27 13:59	<DIR>	d--------	C:\Program Files\Windows Media Components
    
2008-02-27 13:59 . 2008-03-02 16:33	<DIR>	d--------	C:\Program Files\Ulead Systems
    
2008-02-27 13:59 . 2008-03-02 16:33	<DIR>	d--------	C:\Program Files\Common Files\Ulead Systems
    
2008-02-27 13:59 . 2008-02-27 14:49	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Ulead Systems
    
2008-02-22 17:59 . 2008-02-22 17:59	<DIR>	d--------	C:\Program Files\Trend Micro
    
2008-02-22 13:46 . 2008-02-22 13:46	<DIR>	d--------	C:\Program Files\danny_kay1710
    
2008-02-19 17:38 . 2008-02-19 17:38	<DIR>	d--------	C:\Documents and Settings\Compaq_Owner\Application Data\DVDFab
    
2008-02-10 17:42 . 2008-02-18 12:03	<DIR>	d--------	C:\Program Files\PCDJ DEX
    
2008-02-10 16:45 . 2000-05-21 23:00	166,600	--a------	C:\WINDOWS\system32\MSMASK32.OCX
    
2008-02-10 16:45 . 1999-09-10 12:06	45,056	--a------	C:\WINDOWS\system32\WNASPI32.DLL
    
2008-02-10 16:45 . 1999-09-10 12:06	25,244	--a------	C:\WINDOWS\system32\drivers\ASPI32.SYS
    
2008-02-10 16:45 . 1999-09-10 12:06	5,600	--a------	C:\WINDOWS\system\WINASPI.DLL
    
2008-02-10 16:45 . 1999-09-10 12:06	4,672	--a------	C:\WINDOWS\system\WOWPOST.EXE
    

    
.
    
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    
.
    
2008-03-10 12:19	---------	d-----w	C:\Program Files\PeerGuardian2
    
2008-03-10 12:19	---------	d-----w	C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
    
2008-03-10 11:05	---------	d-----w	C:\Documents and Settings\Compaq_Owner\Application Data\AVG7
    
2008-03-10 11:04	---------	d-----w	C:\Program Files\Lx_cats
    
2008-03-09 16:55	---------	d-----w	C:\Program Files\Java
    
2008-03-09 16:44	---------	d-----w	C:\Program Files\LimeWire
    
2008-03-05 18:00	---------	d-----w	C:\Program Files\DivX
    
2008-03-04 18:45	---------	d-----w	C:\Documents and Settings\All Users\Application Data\DVD Shrink
    
2008-03-04 17:43	---------	d-----w	C:\Documents and Settings\Compaq_Owner\Application Data\Vso
    
2008-03-04 16:34	---------	d-----w	C:\Program Files\Common Files\LightScribe
    
2008-03-03 18:03	---------	d-----w	C:\Program Files\Windows Live Toolbar
    
2008-03-03 18:03	---------	d-----w	C:\Program Files\Windows Live Favorites
    
2008-03-03 18:02	---------	d-----w	C:\Program Files\Video Convert Master
    
2008-03-03 17:48	---------	d-----w	C:\Program Files\Lexmark 4300 Series
    
2008-03-03 17:44	---------	d-----w	C:\Program Files\iTunes
    
2008-03-03 17:39	---------	d-----w	C:\Program Files\Google
    
2008-03-03 17:30	---------	d-----w	C:\Program Files\Bonjour
    
2008-03-02 16:33	---------	d--h--w	C:\Program Files\InstallShield Installation Information
    
2008-02-25 12:03	---------	d-----w	C:\Program Files\DNA
    
2008-02-25 11:53	---------	d-----w	C:\Documents and Settings\Compaq_Owner\Application Data\DNA
    
2008-02-19 17:03	---------	d-----w	C:\Program Files\DVDFab Platinum 4
    
2008-02-13 14:43	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
    
2008-02-11 10:31	---------	d-----w	C:\Program Files\DVD Shrink
    
2008-02-09 17:40	---------	d-----w	C:\Program Files\avijoin
    
2008-02-06 17:29	---------	d-----w	C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg
    
2008-02-05 18:56	---------	d-----w	C:\Documents and Settings\Compaq_Owner\Application Data\VSO_HWE
    
2008-02-05 16:48	0	---ha-w	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    
2008-02-05 16:48	0	---ha-w	C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
    
2008-02-05 16:43	---------	d-----w	C:\Program Files\Common Files\Motorola Shared
    
2008-02-04 18:37	---------	d-----w	C:\Program Files\VirtualDJ
    
2008-02-02 14:01	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller
    
2008-02-02 14:01	---------	d-----w	C:\Program Files\Windows Live
    
2008-02-02 13:59	---------	d-----w	C:\Documents and Settings\All Users\Application Data\WLInstaller
    
2008-02-02 13:29	---------	d-----w	C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
    
2008-01-30 18:51	---------	d-----w	C:\Documents and Settings\Compaq_Owner\Application Data\dvdcss
    
2008-01-28 13:37	---------	d-----w	C:\Program Files\uTorrent
    
2008-01-28 13:28	---------	d-----w	C:\Program Files\BitTorrent
    
2008-01-28 13:26	---------	d-----w	C:\Documents and Settings\Compaq_Owner\Application Data\BitTorrent
    
2008-01-28 11:32	---------	d-----w	C:\Program Files\AllToAVI
    
2008-01-28 10:57	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Bluetooth
    
2008-01-28 09:12	---------	d-----w	C:\Program Files\Nero
    
2008-01-27 18:26	47,360	----a-w	C:\WINDOWS\system32\drivers\pcouffin.sys
    
2008-01-27 18:26	47,360	----a-w	C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.sys
    
2008-01-27 15:52	---------	d-----w	C:\Documents and Settings\Compaq_Owner\Application Data\SuperNZB
    
2008-01-27 15:07	---------	d-----w	C:\Program Files\USB 2.0 PC Camera
    
2008-01-25 15:14	---------	d-----w	C:\Program Files\Microsoft Works
    
2008-01-25 15:13	---------	d-----w	C:\Program Files\MSBuild
    
2008-01-25 15:11	---------	d-----w	C:\Program Files\Microsoft.NET
    
2008-01-25 14:02	---------	d-----w	C:\Program Files\DAMN NFO Viewer
    
2008-01-25 12:03	---------	d-----w	C:\Documents and Settings\All Users\Application Data\avg7
    
2008-01-25 11:46	---------	d-----w	C:\Program Files\PC-Doctor 5 for Windows
    
2008-01-25 11:44	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
    
2008-01-25 11:44	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
    
2008-01-24 20:37	---------	d-----w	C:\Program Files\QuickTime
    
2008-01-24 20:27	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
    
2008-01-24 20:23	---------	d-----w	C:\Program Files\Nsasoft
    
2008-01-24 20:07	1,967	--sha-r	C:\WINDOWS\system32\drivers\103C_HP_CPC_EV993AA-ABU SR1839UK GB620_YC_0Pres_QCZX613_E62GBheREA2_48_ILITHIUM_SASUSTek Computer INC._V1.04_B3.15_T060302_WXH2_L409_M1023_J300_7Intel_8Pentium D_93_#070326_N808627DC_Z_G10027146.MRK
    
2008-01-23 19:17	---------	d-----w	C:\Program Files\Router Screenshot Grabber
    
2008-01-18 10:36	---------	d-----w	C:\Program Files\UltraISO
    
2008-01-18 10:35	---------	d-----w	C:\Program Files\Common Files\EZB Systems
    
2008-01-16 13:52	---------	d-----w	C:\Program Files\SuperNZB
    
2008-01-11 05:53	44,544	----a-w	C:\WINDOWS\system32\dllcache\pngfilt.dll
    
2008-01-10 11:34	---------	d-----w	C:\Documents and Settings\Compaq_Owner\Application Data\Ableton
    
2008-01-10 10:50	---------	d-----w	C:\Program Files\iPod
    
2008-01-10 10:47	---------	d-----w	C:\Program Files\Apple Software Update
    
2008-01-04 21:59	524,288	----a-w	C:\WINDOWS\system32\DivXsm.exe
    
2008-01-04 21:58	3,596,288	----a-w	C:\WINDOWS\system32\qt-dx331.dll
    
2008-01-04 21:58	200,704	----a-w	C:\WINDOWS\system32\ssldivx.dll
    
2008-01-04 21:58	1,044,480	----a-w	C:\WINDOWS\system32\libdivx.dll
    
2008-01-04 21:57	823,296	----a-w	C:\WINDOWS\system32\divx_xx0c.dll
    
2008-01-04 21:57	823,296	----a-w	C:\WINDOWS\system32\divx_xx07.dll
    
2008-01-04 21:57	81,920	----a-w	C:\WINDOWS\system32\dpl100.dll
    
2008-01-04 21:57	802,816	----a-w	C:\WINDOWS\system32\divx_xx11.dll
    
2008-01-04 21:57	682,496	----a-w	C:\WINDOWS\system32\DivX.dll
    
2008-01-04 21:57	593,920	----a-w	C:\WINDOWS\system32\dpuGUI11.dll
    
2008-01-04 21:57	57,344	----a-w	C:\WINDOWS\system32\dpv11.dll
    
2008-01-04 21:57	53,248	----a-w	C:\WINDOWS\system32\dpuGUI10.dll
    
2008-01-04 21:57	344,064	----a-w	C:\WINDOWS\system32\dpus11.dll
    
2008-01-04 21:57	294,912	----a-w	C:\WINDOWS\system32\dpu11.dll
    
2008-01-04 21:57	294,912	----a-w	C:\WINDOWS\system32\dpu10.dll
    
2008-01-04 21:57	196,608	----a-w	C:\WINDOWS\system32\dtu100.dll
    
2008-01-04 21:56	156,992	----a-w	C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    
2008-01-04 21:56	12,288	----a-w	C:\WINDOWS\system32\DivXWMPExtType.dll
    
2007-12-19 23:01	347,136	----a-w	C:\WINDOWS\system32\dllcache\dxtmsft.dll
    
2007-12-18 09:51	179,584	----a-w	C:\WINDOWS\system32\dllcache\mrxdav.sys
    
2007-12-11 16:55	3,159,432	-c--a-w	C:\WindowsXP-KB906472-v4-x86-ENU.exe
    
2007-03-27 08:27	0	----a-w	C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
    
2004-10-01 14:00	40,960	----a-w	C:\Program Files\Uninstall_CDS.exe
    
.
    

    
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    
.
    
.
    
*Note* empty entries & legit default entries are not shown 
    
REGEDIT4
    

    
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-04 16:50 68856]
    
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360]
    
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
    
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
    

    
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    
"ftutil2"="ftutil2.dll" [2004-06-07 21:05 106496 C:\WINDOWS\system32\ftutil2.dll]
    
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 23:41 45056]
    
"RTHDCPL"="RTHDCPL.EXE" [2006-01-12 00:23 15961088 C:\WINDOWS\RTHDCPL.EXE]
    
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46 147456]
    
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
    
"PCDrProfiler"="" []
    
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 00:29 249856]
    
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11 49152]
    
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
    
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-29 15:26 180269]
    
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-26 16:31 579072]
    
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
    
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-12-04 11:58 675840]
    
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 11:00 110592 C:\WINDOWS\system32\bthprops.cpl]
    
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 13:46 73728]
    
"lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 17:45 192512]
    
"EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 12:17 94208]
    
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52 36864]
    
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    

    
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-25 12:03 219136]
    

    
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-03-29 14:56:10 27136]
    

    
C:\Documents and Settings\Administrator.HOTSTUFF\Start Menu\Programs\Startup\
    
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-03-29 14:56:10 27136]
    

    
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-27 13:02:05 113664]
    
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-04-01 18:07:02 1179648]
    
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56 65588]
    

    
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    
"%windir%\\system32\\sessmgr.exe"=
    
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
    
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    
"C:\\Program Files\\iTunes\\iTunes.exe"=
    
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
    
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    

    
R2 StkASSrv;Syntek STK1160 Service;C:\WINDOWS\System32\StkASv2K.exe [2006-05-23 23:49]
    
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-01-20 11:37]
    
S3 StkAMini;Syntek STK1160;C:\WINDOWS\system32\Drivers\StkAMini.sys [2006-11-15 17:32]
    
S3 StkScan;Syntek STK1160 Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys [2006-06-27 18:27]
    

    
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
    

    

    
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
    
.
    
Contents of the 'Scheduled Tasks' folder
    
"2008-03-10 12:17:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    
.
    
**************************************************************************
    

    
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    
Rootkit scan 2008-03-10 12:27:30
    
Windows 5.1.2600 Service Pack 2 NTFS
    

    
scanning hidden processes ... 
    

    
scanning hidden autostart entries ...
    

    
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    
  LXCECATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
    

    
scanning hidden files ... 
    

    
scan completed successfully 
    
hidden files: 0 
    

    
**************************************************************************
    
.
    
Completion time: 2008-03-10 12:27:55
    
ComboFix-quarantined-files.txt  2008-03-10 12:27:53
    
ComboFix2.txt  2008-03-08 16:11:49
    
ComboFix3.txt  2008-03-07 16:30:40
    
ComboFix4.txt  2007-07-13 17:14:15
    
.
    
2008-02-13 14:44:37	--- E O F ---  
    

    

    

    

    

    
Logfile of Trend Micro HijackThis v2.0.2
    
Scan saved at 12:30:38, on 10/03/2008
    
Platform: Windows XP SP2 (WinNT 5.01.2600)
    
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    
Boot mode: Normal
    

    
Running processes:
    
C:\WINDOWS\System32\smss.exe
    
C:\WINDOWS\system32\winlogon.exe
    
C:\WINDOWS\system32\services.exe
    
C:\WINDOWS\system32\lsass.exe
    
C:\WINDOWS\system32\Ati2evxx.exe
    
C:\WINDOWS\system32\svchost.exe
    
C:\WINDOWS\System32\svchost.exe
    
C:\WINDOWS\system32\spoolsv.exe
    
C:\WINDOWS\system32\Ati2evxx.exe
    
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    
C:\Program Files\Bonjour\mDNSResponder.exe
    
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    
C:\WINDOWS\system32\svchost.exe
    
C:\WINDOWS\System32\StkASv2K.exe
    
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    
C:\WINDOWS\RTHDCPL.EXE
    
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    
C:\WINDOWS\vsnp2std.exe
    
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    
C:\Program Files\Lexmark 4300 Series\ezprint.exe
    
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    
C:\WINDOWS\system32\ctfmon.exe
    
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    
C:\WINDOWS\system32\lxcecoms.exe
    
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    
C:\HP\KBD\KBD.EXE
    
c:\windows\system\hpsysdrv.exe
    
C:\Program Files\iTunes\iTunesHelper.exe
    
C:\Program Files\iPod\bin\iPodService.exe
    
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    
C:\WINDOWS\system32\notepad.exe
    
C:\WINDOWS\explorer.exe
    
C:\Program Files\internet explorer\iexplore.exe
    
C:\Program Files\Windows Live Toolbar\msn_sl.exe
    
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    

    
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
    
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    

    
--
    
End of file - 11597 bytes
    
					
     
    
				
    
			
    
			
			
		
    
		
		
		
		
		
		
		
				
		
    
			
			
    
				
				
					07anto07,
					Mar 12, 2008
				
				
				
				
				
				
				
				
				
				
				
				
			
    
			
			
    
				#27
				
				
				
				
			
    
		
    
	
		
		
    
	
    

	
	
	
	

    8. 
			
		
			
				



  8. 

	


    	

    
	
		
    
			
			07anto07
			
			
		
    
	


	
		
    
			07anto07
			Active member
			
			
		
    
	
		
	
		
    
			
			
				
					
    
						
    Joined:
    
						
    May 21, 2007
    
					
    
				
				
				
					
    
						
    Messages:
    
						
    3,511
    
					
    
				
				
				
					
    
						
    Likes Received:
    
						
    0
    
					
    
				
				
				
					
    
						
    Trophy Points:
    
						
    66
    
					
    
				
			
				
				
				
				
				
			
				
							
						
			
			
		
    
	
		


	

    

    

	
    
		
		
		
		
		
		
    		
			
    
				
    
					
					SUPERAntiSpyware Scan Log
    
http://www.superantispyware.com
    

    
Generated 03/12/2008 at 10:47 AM
    

    
Application Version : 4.0.1154
    

    
Core Rules Database Version : 3416
    
Trace Rules Database Version: 1408
    

    
Scan type       : Complete Scan
    
Total Scan Time : 01:34:56
    

    
Memory items scanned      : 650
    
Memory threats detected   : 0
    
Registry items scanned    : 7258
    
Registry threats detected : 0
    
File items scanned        : 95484
    
File threats detected     : 45
    

    
Adware.Tracking Cookie
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yadro[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@indextools[2].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.addynamix[2].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats.cdrinfo[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@serving-sys[2].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@buycom.122.2o7[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adbrite[2].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@valueclick[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2.go.globaladsales[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adserver.nathell[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[2].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@clicksor[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.revsci[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adstats.cdfreaks[2].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.techguy[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@videoegg.adbureau[2].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@traffic.buyservices[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.ookla[2].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atwola[2].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@revsci[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@entrepreneur.122.2o7[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[2].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.entrepreneur[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@overture[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@buyandsell.advertserve[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tacoda[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.pointroll[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bs.serving-sys[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adopt.euroclick[2].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@rotator.adjuggler[2].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@msnportal.112.2o7[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atlas.entrepreneur[2].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cgm.adbureau[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@optimize.indieclick[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.quizapps[2].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.exit-traffic[1].txt
    
	C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advertising[2].txt
    

    
Trojan.Downloader-CREW
    
	C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DMFXSHGR.DLL.VIR
    

    
Adware.180solutions/ZangoSearch
    
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP10\A0003515.DLL
    
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP10\A0003522.EXE
    
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP10\A0003528.EXE
    
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP10\A0003534.DLL
    
					
     
    
				
    
			
    
			
			
		
    
		
		
		
		
		
		
		
				
		
    
			
			
    
				
				
					07anto07,
					Mar 12, 2008
				
				
				
				
				
				
				
				
				
				
				
				
			
    
			
			
    
				#28
				
				
				
				
			
    
		
    
	
		
		
    
	
    

	
	
	
	

    9. 
			
		
			
				



  9. 

	


    	

    
	
		
    
			
			Ltangel
			
			
		
    
	


	
		
    
			Ltangel
			Regular member
			
			
		
    
	
		
	
		
    
			
			
				
					
    
						
    Joined:
    
						
    Feb 17, 2008
    
					
    
				
				
				
					
    
						
    Messages:
    
						
    200
    
					
    
				
				
				
					
    
						
    Likes Received:
    
						
    0
    
					
    
				
				
				
					
    
						
    Trophy Points:
    
						
    26
    
					
    
				
			
				
				
				
				
				
			
				
							
						
			
			
		
    
	
		


	

    

    

	
    
		
		
		
		
		
		
    		
			
    
				
    
					
					Hey 07anto07,
    

    
All your logs look great now. Nice work!
    

    
Now, let's do some final touchups and we'll done!
    

    
Uninstall ComboFix
    

    
Go to Start>Run and type in ComboFix /u. This will remove ComboFix.exe and all the other files associated with it.
    

    
--------------------------------------------------------------------
    
Re-enable AVG real time protection
    

    
* Double click in the AVG icon in Systray
    
* Double click on Resident Shield, Check Turn on AVG Free Resident Shield. Then click Apply.
    
* Close AVG. 
    

    
--------------------------------------------------------------------
    
Uninstall programs
    

    
Please go to Add or Remove Programs in Control Panel, and remove the following programs:
    

    
LimeWire
    
uTorrent 
    
BitTorrent
    

    
The reason I'm asking you to remove the above programs is because they are softwares that can bring in malicious softwares onto your computer. Removing them is the best way to keep your computer from infections.
    

    
--------------------------------------------------------------------
    
Clean with ATF Cleaner
    

    
Please reopen ATF Cleaner.
    

    
Under Main choose: Select All
    
Click the Empty Selected button.
    

    
If you use Firefox browser
    

    
Click Firefox at the top and choose: Select All
    
Click the Empty Selected button.
    
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    

    
If you use Opera browser
    

    
Click Opera at the top and choose: Select All
    
Click the Empty Selected button.
    
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    
Click Exit on the Main menu to close the program.
    

    
--------------------------------------------------------------------
    
Clear and reset your System Restore Points
    

    
Now, we shall clean and reset the Restore Points so as to clean up remnants from the current infection .
    

    
To reset and clean your Restore Points, please note that you will need to log into your computer with an account which has full administrator access. 
    

    
Please right click on My Computer, select "Properties". Then in "System Properties" window, select the "System Restore" tab.
    

    
Clean existing Restore Points
    
* Put a check next to "Turn off System Restore on all drives". Click Apply. (Please wait for a moment to complete the cleaning process) 
    

    
Set new Restore Points
    
* Uncheck "Turn off System Restore on all drives". Click Apply. (Please wait for a moment to complete the reset process) 
    

    
--------------------------------------------------------------------
    
Now that your log is fine, I have some recommended downloads for you. Please have a look at them and decide for yourself what you would like to use as protection for your system. After you have chosen the protection softwares you want to download, please don't forget to set them to automatic updating so that you have the latest protection.
    

    
[*]Spybot Search & Destroy- An excellent and free anti-spyware software with Immunize functionability that will help prevent future infections. PGPhantom has written a very comprehensive instruction set for Spybot, available here.
    

    
[*]SpywareBlaster - A wonderful prevention tool to protect yourself from installation of malicious codes. SpywareBlaster tutorial (by Grinler) is available here.
    

    
[*]IE-SpyAd - It puts over 5000 sites in your restricted zone and protect your Internet browser from being redirected to a malicious site.  Lawrence Abrams has written an excellent tutorial about IE-SpyAd here.
    

    
Special Note: It is vital to know that you should only have ONE anti-spyware resident protection and ONE anti-virus resident protection running. Running more than one resident protection can slow down your system and cause conflicts between the protection softwares.
    

    
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
    
LT
					
     
    
				
    
			
    
			
			
		
    
		
		
		
			
    
			
				Last edited: Mar 13, 2008
			
			
    
		
		
		
		
		
				
		
    
			
			
    
				
				
					Ltangel,
					Mar 12, 2008
				
				
				
				
				
				
				
				
				
				
				
				
			
    
			
			
    
				#29
				
				
				
				
			
    
		
    
	
		
		
    
	
    

	
	
	
	

    10. 
			
		
			
				



  10. 

	


    	

    
	
		
    
			
			07anto07
			
			
		
    
	


	
		
    
			07anto07
			Active member
			
			
		
    
	
		
	
		
    
			
			
				
					
    
						
    Joined:
    
						
    May 21, 2007
    
					
    
				
				
				
					
    
						
    Messages:
    
						
    3,511
    
					
    
				
				
				
					
    
						
    Likes Received:
    
						
    0
    
					
    
				
				
				
					
    
						
    Trophy Points:
    
						
    66
    
					
    
				
			
				
				
				
				
				
			
				
							
						
			
			
		
    
	
		


	

    

    

	
    
		
		
		
		
		
		
    		
			
    
				
    
					
					thanks for all the help Ltangel one last thing i can't get java to run this keep's coming up [​IMG] do u know what i can do?
					
     
    
				
    
			
    
			
			
		
    
		
		
		
			
    
			
				Last edited: Mar 13, 2008
			
			
    
		
		
		
		
		
				
		
    
			
			
    
				
				
					07anto07,
					Mar 13, 2008
				
				
				
				
				
				
				
				
				
				
				
				
			
    
			
			
    
				#30
				
				
				
				
			
    
		
    
	
		
		
    
	
    

	
	
	
	

    11. 
			
		
			
				



  11. 

	


    	

    
	
		
    
			
			Ltangel
			
			
		
    
	


	
		
    
			Ltangel
			Regular member
			
			
		
    
	
		
	
		
    
			
			
				
					
    
						
    Joined:
    
						
    Feb 17, 2008
    
					
    
				
				
				
					
    
						
    Messages:
    
						
    200
    
					
    
				
				
				
					
    
						
    Likes Received:
    
						
    0
    
					
    
				
				
				
					
    
						
    Trophy Points:
    
						
    26
    
					
    
				
			
				
				
				
				
				
			
				
							
						
			
			
		
    
	
		


	

    

    

	
    
		
		
		
		
		
		
    		
			
    
				
    
					
					Hey 07anto07,
    

    
Not sure what is wrong, but try the following:
    

    
Go to Add or Remove programs and remove all versions of Java(including Java(TM) 6 Update 5).
    
* Download and install the latest version of Java here. 
    

    
Clean all your temporary files with ATF again, using the instructions I gave earlier.
    

    
How is your computer doing anyway?
    

    

    
					
     
    
				
    
			
    
			
			
		
    
		
		
		
		
		
		
		
				
		
    
			
			
    
				
				
					Ltangel,
					Mar 14, 2008
				
				
				
				
				
				
				
				
				
				
				
				
			
    
			
			
    
				#31
				
				
				
				
			
    
		
    
	
		
		
    
	
    

	
	
	
	

    12. 
			
		
			
				



  12. 

	


    	

    
	
		
    
			
			LTDevil
			
			
		
    
	


	
		
    
			LTDevil
			Guest
			
			
		
    
	
		
	
		


	

    

    

	
    
		
		
		
		
		
		
    		
			
			
			
		
    
		
		
		
		
		
		
		
				
		
    
			
			
    
				
				
					LTDevil,
					Mar 14, 2008
				
				
				
				
				
				
				
				
				
				
				
				
			
    
			
			
    
				#32
				
				
				
				
			
    
		
    
	
		
		
    
	
    

	
	
	
	

    13. 
			
		
			
				



  13. 

	


    	

    
	
		
    
			
			SuperGeek
			
			
		
    
	


	
		
    
			SuperGeek
			Member
			
			
		
    
	
		
	
		
    
			
			
				
					
    
						
    Joined:
    
						
    Dec 18, 2007
    
					
    
				
				
				
					
    
						
    Messages:
    
						
    8
    
					
    
				
				
				
					
    
						
    Likes Received:
    
						
    0
    
					
    
				
				
				
					
    
						
    Trophy Points:
    
						
    11
    
					
    
				
			
				
				
				
				
				
			
				
							
						
			
			
		
    
	
		


	

    

    

	
    
		
		
		
		
		
		
    		
			
			
			
		
    
		
		
		
		
		
		
		
				
		
    
			
			
    
				
				
					SuperGeek,
					Apr 9, 2008
				
				
				
				
				
				
				
				
				
				
				
				
			
    
			
			
    
				#33
				
				
				
				
			
    
		
    
	
		
		
    
	
    

	
	
	
	

    14. 
			
		
			
				



  14. 

	


    	

    
	
		
    
			
			Ltangel
			
			
		
    
	


	
		
    
			Ltangel
			Regular member
			
			
		
    
	
		
	
		
    
			
			
				
					
    
						
    Joined:
    
						
    Feb 17, 2008
    
					
    
				
				
				
					
    
						
    Messages:
    
						
    200
    
					
    
				
				
				
					
    
						
    Likes Received:
    
						
    0
    
					
    
				
				
				
					
    
						
    Trophy Points:
    
						
    26
    
					
    
				
			
				
				
				
				
				
			
				
							
						
			
			
		
    
	
		


	

    

    

	
    
		
		
		
		
		
		
    		
			
    
				
    
					
					None of the registry cleaners are reliable. They are known to use exaggerated means to earn your money. I would advise not to use one.
					
     
    
				
    
			
    
			
			
		
    
		
		
		
		
		
		
		
				
		
    
			
			
    
				
				
					Ltangel,
					Apr 10, 2008
				
				
				
				
				
				
				
				
				
				
				
				
			
    
			
			
    
				#34
				
				
				
				
			
    
		
    
	
		
		
    
	
    

	
	
	
	

    15. 
			
		
			
				



  15. 

	


    	

    
	
		
    
			
			PeaInAPod
			
			
		
    
	


	
		
    
			PeaInAPod
			Active member
			
			
		
    
	
		
	
		
    
			
			
				
					
    
						
    Joined:
    
						
    Nov 28, 2005
    
					
    
				
				
				
					
    
						
    Messages:
    
						
    3,050
    
					
    
				
				
				
					
    
						
    Likes Received:
    
						
    0
    
					
    
				
				
				
					
    
						
    Trophy Points:
    
						
    66
    
					
    
				
			
				
				
				
				
				
			
				
							
						
			
			
		
    
	
		


	

    

    

	
    
		
		
		
		
		
		
    		
			
    
				
    
					
					For a good registry cleaner use CCleaner. It is freeware, and also has a junk file scanning/deletion program.
					
     
    
				
    
			
    
			
			
		
    
		
		
		
		
		
		
		
				
		
    
			
			
    
				
				
					PeaInAPod,
					Apr 10, 2008
				
				
				
				
				
				
				
				
				
				
				
				
			
    
			
			
    
				#35
				
				
				
				
			
    
		
    
	
		
		
    
	
    

	
	
	
	

    16. 
			
		
			
				



  16. 

	


    	

    
	
		
    
			
			binkie7
			
			
		
    
	


	
		
    
			binkie7
			Moderator
			Staff Member
			
		
    
	
		
	
		
    
			
			
				
					
    
						
    Joined:
    
						
    Feb 12, 2005
    
					
    
				
				
				
					
    
						
    Messages:
    
						
    17,588
    
					
    
				
				
				
					
    
						
    Likes Received:
    
						
    0
    
					
    
				
				
				
					
    
						
    Trophy Points:
    
						
    116
    
					
    
				
			
				
				
				
				
				
			
				
							
						
			
			
		
    
	
		


	

    

    

	
    
		
		
		
		
		
		
    		
			
    
				
    
					
					Closed by request :)
					
     
    
				
    
			
    
			
			
		
    
		
		
		
		
		
		
		
				
		
    
			
			
    
				
				
					binkie7,
					Apr 11, 2008
				
				
				
				
				
				
				
				
				
				
				
				
			
    
			
			
    
				#36
				
				
				
				
			
    
		
    
	
		
		
    
	
    

	
	
	
	

    17. 
			
		
		
	


	

	





	

		
			
				

					
						
					
				

			
			

			




	
	Page 2 of 2
	
		
	
	



		
	












	
		

			
Thread Status:

			
				
	
				
					

						
							Not open for further replies.

				
			
		

	



	

	

		
Share This Page