PC infected with many worms, trojans, spyware, etc.

Tigrita · Mar 22, 2008

Unless I am going blind...which is provably true I don't seeem to have the link for that program

Ltangel · Mar 22, 2008

Ltangel said:

Hey Tigrita,

IMPORTANT! You have a backdoor trojan on your computer that allows an attacker to access your computer from a remote area! It then sends information such as credit card numbers, passwords, account details and other personal information back to the attacker. I would strongly advise you to alert your bank or any other organizations required IMMEDIATELY and change your private information if you have used the Internet for commercial or business matters, this is urgent, as important information may have already been leaked out!

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

[*]Close all other windows before proceeding.
[*]Double-click on dss.exe and follow the prompts.
[*]When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Go!

~Ltangel~
Click to expand...

Do you see it now? You might have removed it, if you have please follow the instructions again here and give me a DSS log.

Tigrita · Mar 22, 2008

So sorry, I forgot Deckards had a nick name (DSS)

Here is the log

Deckard's System Scanner v20071014.68
Run by Betty on 2008-03-22 14:00:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Betty.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:52 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Betty\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Betty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B678C203-23EB-42C2-AE1B-F2A67A87E5FB} - C:\WINDOWS\system32\pmnnl.dll
O2 - BHO: {0741e8a5-e647-d2da-e9b4-4db83ba78a2e} - {e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470} - C:\WINDOWS\system32\iscmlxap.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [4051595e] rundll32.exe "C:\WINDOWS\system32\bastjsio.dll",b
O4 - HKLM\..\Run: [BM43626ac2] Rundll32.exe "C:\WINDOWS\system32\bqcxkvkq.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200211951812
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL...-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 6995 bytes

-- Files created between 2008-02-22 and 2008-03-22 -----------------------------

2008-03-21 18:05:53 0 d-------- C:\WINDOWS\system32\NtmsData
2008-03-21 15:15:14 178636 --ahs---- C:\WINDOWS\system32\lnnmp.ini2
2008-03-21 15:15:12 290816 --a------ C:\WINDOWS\system32\pmnnl.dll
2008-03-21 14:20:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-21 14:20:08 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-21 14:20:08 0 d-------- C:\Documents and Settings\Betty\Application Data\SUPERAntiSpyware.com
2008-03-21 14:19:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-21 13:10:10 90176 --a------ C:\WINDOWS\system32\wdkcepyq.dll
2008-03-21 13:09:18 166793 --ahs---- C:\WINDOWS\system32\stutv.ini2
2008-03-21 12:55:40 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-21 12:55:40 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-21 12:55:40 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-21 12:55:40 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-20 19:41:50 0 d-------- C:\VundoFix Backups
2008-03-20 18:50:42 0 d-------- C:\!KillBox
2008-03-20 16:42:53 0 dr-h----- C:\Documents and Settings\Betty\Recent
2008-03-19 15:11:02 0 d-------- C:\Program Files\Trend Micro
2008-03-19 15:04:00 0 d-------- C:\WINDOWS\Internet Logs
2008-03-19 14:46:29 0 d-------- C:\Program Files\Windows Defender
2008-03-19 13:37:58 0 d-------- C:\Program Files\NoAdware5.0
2008-03-19 10:22:10 0 d-------- C:\Documents and Settings\Betty\Application Data\RegistrySmart
2008-03-19 10:21:59 0 d-------- C:\Program Files\RegistrySmart
2008-03-19 09:31:05 0 d-------- C:\Documents and Settings\Betty\Application Data\Sammsoft
2008-03-19 09:31:00 0 d-------- C:\Program Files\Advanced Registry Optimizer
2008-03-17 13:29:11 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-17 12:45:56 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-17 12:45:56 0 d-------- C:\Documents and Settings\Betty\Application Data\Vso
2008-03-17 12:45:56 47360 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-17 12:45:51 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-03-17 12:45:51 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-03-17 12:45:51 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-03-17 12:45:51 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-03-17 12:45:51 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-03-17 12:45:49 0 d-------- C:\Program Files\VSO
2008-03-17 12:42:29 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-03-17 12:42:20 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-17 09:07:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-17 08:36:45 0 d-------- C:\Program Files\Elaborate Bytes
2008-03-17 08:36:16 0 d-------- C:\Program Files\SlySoft
2008-03-16 13:16:08 0 d-------- C:\Documents and Settings\Betty\Application Data\BitTorrent
2008-03-16 13:16:01 0 d-------- C:\Documents and Settings\Betty\Application Data\DNA
2008-03-13 13:40:48 0 d-------- C:\Documents and Settings\Betty\Application Data\Help
2008-03-13 13:36:47 0 d-------- C:\Program Files\mIRC
2008-03-13 13:32:13 0 d-------- C:\IRCap
2008-03-11 11:42:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-03 18:38:20 0 d-------- C:\Documents and Settings\Betty\Application Data\vlc
2008-03-03 18:37:16 0 d-------- C:\Program Files\VideoLAN

-- Find3M Report ---------------------------------------------------------------

2008-03-21 14:19:38 0 d-------- C:\Program Files\Common Files
2008-03-18 17:51:11 0 d-------- C:\Program Files\Java
2008-03-18 11:48:49 668 --a------ C:\Documents and Settings\Betty\Application Data\vso_ts_preview.xml
2008-03-18 06:45:04 0 d-------- C:\Documents and Settings\Betty\Application Data\LimeWire
2008-03-17 12:46:00 34 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.log
2008-03-17 12:45:56 1144 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.inf
2008-03-17 12:45:56 7887 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.cat
2008-03-17 09:55:28 0 d-------- C:\Documents and Settings\Betty\Application Data\Ahead
2008-02-18 14:29:06 0 d-------- C:\Program Files\Common Files\Logishrd
2008-02-18 14:28:58 0 d-------- C:\Program Files\Common Files\Logitech
2008-02-18 14:28:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-18 14:28:37 0 d-------- C:\Documents and Settings\Betty\Application Data\InstallShield
2008-02-18 14:25:28 0 d-------- C:\Program Files\Online Services
2008-02-18 14:25:19 0 d-------- C:\Program Files\Windows NT
2008-02-14 11:54:13 0 d-------- C:\Documents and Settings\Betty\Application Data\Apple Computer
2008-02-12 13:09:42 0 d-------- C:\Program Files\Easy Duplicate Finder
2008-02-08 15:52:19 0 d-------- C:\Program Files\iTunes
2008-02-08 15:52:12 0 d-------- C:\Program Files\iPod
2008-02-08 15:51:54 0 d-------- C:\Program Files\Bonjour
2008-02-08 15:51:50 0 d-------- C:\Program Files\QuickTime
2008-02-08 15:51:26 0 d-------- C:\Program Files\Apple Software Update
2008-02-08 15:51:12 0 d-------- C:\Program Files\Common Files\Apple
2008-02-06 13:49:00 17920 --a------ C:\WINDOWS\WebFerretUninstall.exe
2008-02-06 13:49:00 8192 --a------ C:\WINDOWS\system32\NetFerret.dll
2008-02-06 13:49:00 0 d-------- C:\Program Files\WebFerret
2008-01-31 12:22:39 0 d-------- C:\Documents and Settings\Betty\Application Data\Canon
2008-01-28 15:35:50 0 d-------- C:\Documents and Settings\Betty\Application Data\Lavasoft
2008-01-28 15:35:38 0 d-------- C:\Program Files\Lavasoft
2008-01-28 13:34:45 0 d-------- C:\Program Files\eMule
2008-01-28 12:00:42 0 d-------- C:\Documents and Settings\Betty\Application Data\Real
2008-01-28 11:37:22 0 d-------- C:\Program Files\Common Files\xing shared
2008-01-28 11:37:21 0 d-------- C:\Program Files\Real
2008-01-28 11:37:16 0 d-------- C:\Program Files\Common Files\Real
2008-01-27 03:00:31 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-27 03:00:28 0 d-------- C:\Program Files\MSXML 4.0
2008-01-26 11:18:20 0 d-------- C:\Documents and Settings\Betty\Application Data\Jasc
2008-01-25 17:09:41 0 d-------- C:\Documents and Settings\Betty\Application Data\ScanSoft
2008-01-25 17:09:37 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-01-25 17:09:36 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-25 17:09:17 0 d-------- C:\Program Files\ScanSoft
2008-01-25 17:00:36 0 d-------- C:\Program Files\Canon
2008-01-25 16:59:29 0 d-------- C:\Program Files\Common Files\CANON
2008-01-25 16:56:54 0 d--h----- C:\Program Files\CanonBJ
2008-01-25 08:22:22 0 d-------- C:\Documents and Settings\Betty\Application Data\WinRAR
2008-01-23 11:31:27 0 d-------- C:\Documents and Settings\Betty\Application Data\Sun
2008-01-16 19:15:35 27210 --a------ C:\Documents and Settings\Betty\Application Data\Personal Address Book.ADR
2008-01-16 04:21:22 38439 --a------ C:\Documents and Settings\Betty\Application Data\Comma Separated Values (Windows).ADR

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B678C203-23EB-42C2-AE1B-F2A67A87E5FB}]
03/21/2008 03:15 PM 290816 --a------ C:\WINDOWS\system32\pmnnl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470}]
C:\WINDOWS\system32\iscmlxap.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/07/2007 05:00 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]
"4051595e"="C:\WINDOWS\system32\bastjsio.dll" []
"BM43626ac2"="C:\WINDOWS\system32\bqcxkvkq.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [07/27/2007 01:00 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2/18/2008 2:28:55 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 11/15/2007 10:10 AM 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnnl.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4051595e]
rundll32.exe "C:\WINDOWS\system32\aacgptld.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM43626ac2]
Rundll32.exe "C:\WINDOWS\system32\vopgebir.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
C:\Program Files\RegistrySmart\RegistrySmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

-- End of Deckard's System Scanner: finished at 2008-03-22 14:01:11 ------------

Ltangel · Mar 22, 2008

Hey Tigrita,

No worries, things do slip our eyes sometimes.

Remove unnecessary programs

Please remove the following program from Add or Remove Programs in Control Panel (if present):

mIRC
LimeWire
xing shared

----------------------------------------------------------------------

Fix with ComboFix

1. Please open Notepad. (Use ONLY Notepad and no other text editor)

[*] Click Start , then Run
[*]Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the quotebox below into the Notepad window:

File::
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\wdkcepyq.dll
C:\WINDOWS\system32\stutv.ini2

Folder::
C:\VundoFix Backups
C:\!KillBox
C:\Documents and Settings\Betty\Application Data\DNA
C:\Program Files\mIRC
C:\IRCap
C:\Documents and Settings\Betty\Application Data\LimeWire
C:\Program Files\Common Files\xing shared
C:\Documents and Settings\Betty\Application Data\Personal Address Book.ADR
C:\Documents and Settings\Betty\Application Data\Comma Separated Values (Windows).ADR

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B678C203-23EB-42C2-AE1B-F2A67A87E5FB}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"4051595e"="C:\WINDOWS\system32\bastjsio.dll" []
"BM43626ac2"="C:\WINDOWS\system32\bqcxkvkq.dll" []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnnl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4051595e]
rundll32.exe "C:\WINDOWS\system32\aacgptld.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM43626ac2]
Rundll32.exe "C:\WINDOWS\system32\vopgebir.dll",s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

Click to expand...

Note: The above script is specifically for this user, using it on another computer can may cause permanent damage to your system!

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

[*]Combofix.txt
[*]A new HijackThis log.

Go!

~Ltangel~

Tigrita · Mar 22, 2008

Dear Ltangel,
First good news, The IE is performing much faster than before ))

Since I couldn't find the "xing shared" file, I tried to perform a search and got a message "Can not perform search, a file that is required to run search companion cannot be found"

Here is my log:

ComboFix 08-03-20.5 - Betty 2008-03-22 14:40:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1688 [GMT 1:00]
Running from: C:\Documents and Settings\Betty\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Betty\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\wdkcepyq.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\!KillBox
C:\!KillBox\jncixdct.dll ( 1)
C:\!KillBox\Logs\kb.log
C:\!KillBox\mloiotut.dll
C:\!KillBox\qomlmjg.dll ( 2)
C:\!KillBox\qomlmjg.dll
C:\!KillBox\qomlmjg.dll( 2)
C:\!KillBox\skeysw.exe
C:\Documents and Settings\Betty\Application Data\Comma Separated Values (Windows).ADR\
C:\Documents and Settings\Betty\Application Data\DNA
C:\Documents and Settings\Betty\Application Data\DNA\dht.dat
C:\Documents and Settings\Betty\Application Data\DNA\dht.dat.old
C:\Documents and Settings\Betty\Application Data\DNA\resume.dat
C:\Documents and Settings\Betty\Application Data\DNA\resume.dat.old
C:\Documents and Settings\Betty\Application Data\DNA\settings.dat
C:\Documents and Settings\Betty\Application Data\DNA\settings.dat.old
C:\Documents and Settings\Betty\Application Data\LimeWire
C:\Documents and Settings\Betty\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
C:\Documents and Settings\Betty\Application Data\LimeWire\410splashpro.png
C:\Documents and Settings\Betty\Application Data\LimeWire\createtimes.cache
C:\Documents and Settings\Betty\Application Data\LimeWire\fileurns.bak
C:\Documents and Settings\Betty\Application Data\LimeWire\fileurns.cache
C:\Documents and Settings\Betty\Application Data\LimeWire\filters.props
C:\Documents and Settings\Betty\Application Data\LimeWire\gnutella.net
C:\Documents and Settings\Betty\Application Data\LimeWire\installation.props
C:\Documents and Settings\Betty\Application Data\LimeWire\library.dat
C:\Documents and Settings\Betty\Application Data\LimeWire\limewire.props
C:\Documents and Settings\Betty\Application Data\LimeWire\pub1.key
C:\Documents and Settings\Betty\Application Data\LimeWire\public.key
C:\Documents and Settings\Betty\Application Data\LimeWire\questions.props
C:\Documents and Settings\Betty\Application Data\LimeWire\simpp.xml
C:\Documents and Settings\Betty\Application Data\LimeWire\spam.dat
C:\Documents and Settings\Betty\Application Data\LimeWire\tables.props
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\dir_closed.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\dir_open.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\kill_on.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\lime.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\logo.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\notsearching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\dir_open.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\logo.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\notsearching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\search.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\lime.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\logo.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\dir_closed.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\dir_open.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\kill_on.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\lime.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\logo.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\notsearching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\kill_on.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\logo.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\notsearching.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\kill_on.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\logo.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\notsearching.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\ttree.cache
C:\Documents and Settings\Betty\Application Data\LimeWire\update.xml
C:\Documents and Settings\Betty\Application Data\LimeWire\version.key
C:\Documents and Settings\Betty\Application Data\LimeWire\version.xml
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\application.sxml
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\audio.sxml
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\delete_me
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\video.sxml
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\application.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\audio.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\document.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\image.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\video.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\application.xsd
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\audio.xsd
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\document.xsd
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\image.xsd
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\video.xsd
C:\Documents and Settings\Betty\Application Data\Personal Address Book.ADR\
C:\IRCap
C:\IRCap\Crack\779b31484656d7207ff1d8e2c7a5ac1f896.zip
C:\IRCap\Crack\keygen.exe
C:\IRCap\Crack\XBiNX.nfo
C:\IRCap\mirc62.exe
C:\Program Files\Common Files\xing shared
C:\Program Files\Common Files\xing shared\mpeg encode\xmencmp3.dll
C:\VundoFix Backups
C:\VundoFix Backups\aacgptld.dll.bad
C:\VundoFix Backups\dltpgcaa.ini.bad
C:\VundoFix Backups\mllml.dll.bad
C:\VundoFix Backups\pmnlj.dll.bad
C:\VundoFix Backups\ssttt.dll.bad
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\wdkcepyq.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-22 12:44 . 2008-03-22 12:44 <DIR> d-------- C:\_OTMoveIt
2008-03-21 18:05 . 2008-03-21 18:06 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-21 15:16 . 2008-03-22 12:36 1,540,055 ---hs---- C:\WINDOWS\system32\oisjtsab.ini
2008-03-21 14:20 . 2008-03-22 08:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-21 14:20 . 2008-03-21 14:20 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\SUPERAntiSpyware.com
2008-03-21 14:20 . 2008-03-21 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-21 14:19 . 2008-03-21 14:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-21 13:12 . 2008-03-21 13:12 1,539,724 ---hs---- C:\WINDOWS\system32\elmnvfub.ini
2008-03-20 23:34 . 2008-03-18 23:48 1,526,077 ---hs---- C:\WINDOWS\system32\pbptwjie.ini
2008-03-20 23:30 . 2008-03-20 23:30 354 ---hs---- C:\WINDOWS\system32\tyslcunr.ini
2008-03-20 22:23 . 2008-03-20 22:23 294 ---hs---- C:\WINDOWS\system32\vtnigbmw.ini
2008-03-20 09:41 . 2008-03-20 17:46 1,540,176 ---hs---- C:\WINDOWS\system32\yyclgtte.ini
2008-03-19 17:12 . 2007-03-19 17:20 1,534,825 ---hs---- C:\WINDOWS\system32\fxwodjpi.ini
2008-03-19 15:11 . 2008-03-19 15:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-19 15:04 . 2008-03-22 13:44 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-19 15:04 . 2008-03-19 15:04 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-19 14:46 . 2008-03-19 14:46 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-19 13:37 . 2008-03-19 14:20 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-03-19 11:05 . 2007-03-19 11:30 <DIR> d-------- C:\SDFix
2008-03-19 10:22 . 2008-03-19 10:22 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\RegistrySmart
2008-03-19 10:21 . 2008-03-19 10:22 <DIR> d-------- C:\Program Files\RegistrySmart
2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Sammsoft
2008-03-19 09:00 . 2007-03-19 11:10 1,525,531 ---hs---- C:\WINDOWS\system32\tkdulbpy.ini
2008-03-19 08:08 . 2008-03-19 08:57 1,525,099 ---hs---- C:\WINDOWS\system32\uytajghn.ini
2008-03-19 07:27 . 2008-03-19 08:05 1,524,664 ---hs---- C:\WINDOWS\system32\caabjwjs.ini
2008-03-18 23:50 . 2007-03-19 07:14 1,526,197 ---hs---- C:\WINDOWS\system32\ostcxxlp.ini
2008-03-18 16:08 . 2007-03-18 17:59 1,521,492 ---hs---- C:\WINDOWS\system32\xhartsjb.ini
2008-03-18 12:00 . 2008-03-18 12:00 1,390,596 ---hs---- C:\WINDOWS\system32\bijctraq.ini
2008-03-17 13:29 . 2008-03-17 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-17 12:45 . 2008-03-17 12:45 <DIR> d-------- C:\Program Files\VSO
2008-03-17 12:45 . 2008-03-18 11:48 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Vso
2008-03-17 12:45 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-03-17 12:45 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-03-17 12:45 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-03-17 12:45 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-03-17 12:45 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-03-17 12:45 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-03-17 12:45 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.sys
2008-03-17 12:42 . 2008-03-19 17:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-17 12:42 . 2008-03-17 12:47 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-03-17 09:51 . 2007-03-19 12:33 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-17 09:08 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-03-17 09:07 . 2008-03-17 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\SlySoft
2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-03-16 13:16 . 2008-03-16 22:12 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\BitTorrent
2008-03-11 11:42 . 2008-03-11 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-03 18:38 . 2008-03-03 18:38 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\vlc
2008-03-03 18:37 . 2008-03-03 18:37 <DIR> d-------- C:\Program Files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 13:44 600,096 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-22 13:42 9,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-22 13:28 --------- d-----w C:\Program Files\LimeWire
2008-03-18 16:51 --------- d-----w C:\Program Files\Java
2008-03-17 13:42 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-03-17 13:42 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-17 13:42 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-17 08:55 --------- d-----w C:\Documents and Settings\Betty\Application Data\Ahead
2008-02-18 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-02-18 13:29 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-02-18 13:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 13:28 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-18 13:28 --------- d-----w C:\Documents and Settings\Betty\Application Data\InstallShield
2008-02-14 10:54 --------- d-----w C:\Documents and Settings\Betty\Application Data\Apple Computer
2008-02-12 12:09 --------- d-----w C:\Program Files\Easy Duplicate Finder
2008-02-08 14:52 --------- d-----w C:\Program Files\iTunes
2008-02-08 14:52 --------- d-----w C:\Program Files\iPod
2008-02-08 14:51 --------- d-----w C:\Program Files\QuickTime
2008-02-08 14:51 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-08 14:51 --------- d-----w C:\Program Files\Bonjour
2008-02-08 14:51 --------- d-----w C:\Program Files\Apple Software Update
2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-08 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-06 12:49 17,920 ----a-w C:\WINDOWS\WebFerretUninstall.exe
2008-02-06 12:49 --------- d-----w C:\Program Files\WebFerret
2008-01-31 11:22 --------- d-----w C:\Documents and Settings\Betty\Application Data\Canon
2008-01-28 14:35 --------- d-----w C:\Program Files\Lavasoft
2008-01-28 14:35 --------- d-----w C:\Documents and Settings\Betty\Application Data\Lavasoft
2008-01-28 12:34 --------- d-----w C:\Program Files\eMule
2008-01-28 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-28 10:37 --------- d-----w C:\Program Files\Real
2008-01-28 10:37 --------- d-----w C:\Program Files\Common Files\Real
2008-01-27 02:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-27 02:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-26 10:18 --------- d-----w C:\Documents and Settings\Betty\Application Data\Jasc
2008-01-25 16:09 --------- d-----w C:\Program Files\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\Betty\Application Data\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-25 16:00 --------- d-----w C:\Program Files\Canon
2008-01-25 15:59 --------- d-----w C:\Program Files\Common Files\CANON
2008-01-25 15:57 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-01-25 15:56 --------- d--h--w C:\Program Files\CanonBJ
2008-01-16 02:04 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-21_13.03.21.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-21 13:20:17 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-03-21 13:20:17 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470}]
C:\WINDOWS\system32\iscmlxap.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 13:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 05:00 8523776]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14 919016]
"4051595e"="C:\WINDOWS\system32\bastjsio.dll" [ ]
"BM43626ac2"="C:\WINDOWS\system32\bqcxkvkq.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-18 14:28:55 784912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4051595e]
C:\WINDOWS\system32\aacgptld.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 20:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-03-17 08:37 454144 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
--a------ 2007-07-23 09:34 2084480 C:\Program Files\Advanced Registry Optimizer\ARO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-12-04 14:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-24 03:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM43626ac2]
--a------ 2007-03-19 17:21 90688 C:\WINDOWS\system32\vopgebir.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-04-03 17:50 1603152 C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-05-14 17:01 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 14:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-13 00:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-11-07 05:00 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
--a------ 2008-03-14 15:09 4351216 C:\Program Files\RegistrySmart\RegistrySmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-28 11:37 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-02-10 16:27 1420560 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\WebFerret\\WebFerret.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 02:30:03 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 14:43:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2008-03-22 14:45:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-22 13:45:27
ComboFix2.txt 2008-03-21 12:03:54
.
2008-03-19 08:00:28 --- E O F ---

Tigrita · Mar 22, 2008

Dear Ltangel,
First good news, The IE is performing much faster than before ))

Since I couldn't find the "xing shared" file, I tried to perform a search and got a message "Can not perform search, a file that is required to run search companion cannot be found"

Here is my log:

ComboFix 08-03-20.5 - Betty 2008-03-22 14:40:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1688 [GMT 1:00]
Running from: C:\Documents and Settings\Betty\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Betty\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\wdkcepyq.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\!KillBox
C:\!KillBox\jncixdct.dll ( 1)
C:\!KillBox\Logs\kb.log
C:\!KillBox\mloiotut.dll
C:\!KillBox\qomlmjg.dll ( 2)
C:\!KillBox\qomlmjg.dll
C:\!KillBox\qomlmjg.dll( 2)
C:\!KillBox\skeysw.exe
C:\Documents and Settings\Betty\Application Data\Comma Separated Values (Windows).ADR\
C:\Documents and Settings\Betty\Application Data\DNA
C:\Documents and Settings\Betty\Application Data\DNA\dht.dat
C:\Documents and Settings\Betty\Application Data\DNA\dht.dat.old
C:\Documents and Settings\Betty\Application Data\DNA\resume.dat
C:\Documents and Settings\Betty\Application Data\DNA\resume.dat.old
C:\Documents and Settings\Betty\Application Data\DNA\settings.dat
C:\Documents and Settings\Betty\Application Data\DNA\settings.dat.old
C:\Documents and Settings\Betty\Application Data\LimeWire
C:\Documents and Settings\Betty\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
C:\Documents and Settings\Betty\Application Data\LimeWire\410splashpro.png
C:\Documents and Settings\Betty\Application Data\LimeWire\createtimes.cache
C:\Documents and Settings\Betty\Application Data\LimeWire\fileurns.bak
C:\Documents and Settings\Betty\Application Data\LimeWire\fileurns.cache
C:\Documents and Settings\Betty\Application Data\LimeWire\filters.props
C:\Documents and Settings\Betty\Application Data\LimeWire\gnutella.net
C:\Documents and Settings\Betty\Application Data\LimeWire\installation.props
C:\Documents and Settings\Betty\Application Data\LimeWire\library.dat
C:\Documents and Settings\Betty\Application Data\LimeWire\limewire.props
C:\Documents and Settings\Betty\Application Data\LimeWire\pub1.key
C:\Documents and Settings\Betty\Application Data\LimeWire\public.key
C:\Documents and Settings\Betty\Application Data\LimeWire\questions.props
C:\Documents and Settings\Betty\Application Data\LimeWire\simpp.xml
C:\Documents and Settings\Betty\Application Data\LimeWire\spam.dat
C:\Documents and Settings\Betty\Application Data\LimeWire\tables.props
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\dir_closed.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\dir_open.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\kill_on.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\lime.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\logo.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\notsearching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\dir_open.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\logo.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\notsearching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\search.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\lime.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\logo.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\dir_closed.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\dir_open.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\kill_on.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\lime.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\logo.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\notsearching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\kill_on.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\logo.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\notsearching.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme.lwtp
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\01_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\02_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\03_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\04_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\05_star.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\chat.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\forward_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\kill.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\kill_on.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\logo.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\notsearching.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\pause_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\play_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\play_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\question.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\searching.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\splash.png
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\stop_up.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\theme.txt
C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\warning.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\ttree.cache
C:\Documents and Settings\Betty\Application Data\LimeWire\update.xml
C:\Documents and Settings\Betty\Application Data\LimeWire\version.key
C:\Documents and Settings\Betty\Application Data\LimeWire\version.xml
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\application.sxml
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\audio.sxml
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\delete_me
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\video.sxml
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\application.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\audio.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\document.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\image.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\video.gif
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\application.xsd
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\audio.xsd
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\document.xsd
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\image.xsd
C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\video.xsd
C:\Documents and Settings\Betty\Application Data\Personal Address Book.ADR\
C:\IRCap
C:\IRCap\Crack\779b31484656d7207ff1d8e2c7a5ac1f896.zip
C:\IRCap\Crack\keygen.exe
C:\IRCap\Crack\XBiNX.nfo
C:\IRCap\mirc62.exe
C:\Program Files\Common Files\xing shared
C:\Program Files\Common Files\xing shared\mpeg encode\xmencmp3.dll
C:\VundoFix Backups
C:\VundoFix Backups\aacgptld.dll.bad
C:\VundoFix Backups\dltpgcaa.ini.bad
C:\VundoFix Backups\mllml.dll.bad
C:\VundoFix Backups\pmnlj.dll.bad
C:\VundoFix Backups\ssttt.dll.bad
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\wdkcepyq.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-22 12:44 . 2008-03-22 12:44 <DIR> d-------- C:\_OTMoveIt
2008-03-21 18:05 . 2008-03-21 18:06 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-21 15:16 . 2008-03-22 12:36 1,540,055 ---hs---- C:\WINDOWS\system32\oisjtsab.ini
2008-03-21 14:20 . 2008-03-22 08:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-21 14:20 . 2008-03-21 14:20 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\SUPERAntiSpyware.com
2008-03-21 14:20 . 2008-03-21 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-21 14:19 . 2008-03-21 14:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-21 13:12 . 2008-03-21 13:12 1,539,724 ---hs---- C:\WINDOWS\system32\elmnvfub.ini
2008-03-20 23:34 . 2008-03-18 23:48 1,526,077 ---hs---- C:\WINDOWS\system32\pbptwjie.ini
2008-03-20 23:30 . 2008-03-20 23:30 354 ---hs---- C:\WINDOWS\system32\tyslcunr.ini
2008-03-20 22:23 . 2008-03-20 22:23 294 ---hs---- C:\WINDOWS\system32\vtnigbmw.ini
2008-03-20 09:41 . 2008-03-20 17:46 1,540,176 ---hs---- C:\WINDOWS\system32\yyclgtte.ini
2008-03-19 17:12 . 2007-03-19 17:20 1,534,825 ---hs---- C:\WINDOWS\system32\fxwodjpi.ini
2008-03-19 15:11 . 2008-03-19 15:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-19 15:04 . 2008-03-22 13:44 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-19 15:04 . 2008-03-19 15:04 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-19 14:46 . 2008-03-19 14:46 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-19 13:37 . 2008-03-19 14:20 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-03-19 11:05 . 2007-03-19 11:30 <DIR> d-------- C:\SDFix
2008-03-19 10:22 . 2008-03-19 10:22 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\RegistrySmart
2008-03-19 10:21 . 2008-03-19 10:22 <DIR> d-------- C:\Program Files\RegistrySmart
2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Sammsoft
2008-03-19 09:00 . 2007-03-19 11:10 1,525,531 ---hs---- C:\WINDOWS\system32\tkdulbpy.ini
2008-03-19 08:08 . 2008-03-19 08:57 1,525,099 ---hs---- C:\WINDOWS\system32\uytajghn.ini
2008-03-19 07:27 . 2008-03-19 08:05 1,524,664 ---hs---- C:\WINDOWS\system32\caabjwjs.ini
2008-03-18 23:50 . 2007-03-19 07:14 1,526,197 ---hs---- C:\WINDOWS\system32\ostcxxlp.ini
2008-03-18 16:08 . 2007-03-18 17:59 1,521,492 ---hs---- C:\WINDOWS\system32\xhartsjb.ini
2008-03-18 12:00 . 2008-03-18 12:00 1,390,596 ---hs---- C:\WINDOWS\system32\bijctraq.ini
2008-03-17 13:29 . 2008-03-17 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-17 12:45 . 2008-03-17 12:45 <DIR> d-------- C:\Program Files\VSO
2008-03-17 12:45 . 2008-03-18 11:48 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Vso
2008-03-17 12:45 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-03-17 12:45 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-03-17 12:45 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-03-17 12:45 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-03-17 12:45 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-03-17 12:45 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-03-17 12:45 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.sys
2008-03-17 12:42 . 2008-03-19 17:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-17 12:42 . 2008-03-17 12:47 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-03-17 09:51 . 2007-03-19 12:33 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-17 09:08 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-03-17 09:07 . 2008-03-17 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\SlySoft
2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-03-16 13:16 . 2008-03-16 22:12 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\BitTorrent
2008-03-11 11:42 . 2008-03-11 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-03 18:38 . 2008-03-03 18:38 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\vlc
2008-03-03 18:37 . 2008-03-03 18:37 <DIR> d-------- C:\Program Files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 13:44 600,096 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-22 13:42 9,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-22 13:28 --------- d-----w C:\Program Files\LimeWire
2008-03-18 16:51 --------- d-----w C:\Program Files\Java
2008-03-17 13:42 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-03-17 13:42 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-17 13:42 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-17 08:55 --------- d-----w C:\Documents and Settings\Betty\Application Data\Ahead
2008-02-18 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-02-18 13:29 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-02-18 13:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 13:28 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-18 13:28 --------- d-----w C:\Documents and Settings\Betty\Application Data\InstallShield
2008-02-14 10:54 --------- d-----w C:\Documents and Settings\Betty\Application Data\Apple Computer
2008-02-12 12:09 --------- d-----w C:\Program Files\Easy Duplicate Finder
2008-02-08 14:52 --------- d-----w C:\Program Files\iTunes
2008-02-08 14:52 --------- d-----w C:\Program Files\iPod
2008-02-08 14:51 --------- d-----w C:\Program Files\QuickTime
2008-02-08 14:51 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-08 14:51 --------- d-----w C:\Program Files\Bonjour
2008-02-08 14:51 --------- d-----w C:\Program Files\Apple Software Update
2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-08 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-06 12:49 17,920 ----a-w C:\WINDOWS\WebFerretUninstall.exe
2008-02-06 12:49 --------- d-----w C:\Program Files\WebFerret
2008-01-31 11:22 --------- d-----w C:\Documents and Settings\Betty\Application Data\Canon
2008-01-28 14:35 --------- d-----w C:\Program Files\Lavasoft
2008-01-28 14:35 --------- d-----w C:\Documents and Settings\Betty\Application Data\Lavasoft
2008-01-28 12:34 --------- d-----w C:\Program Files\eMule
2008-01-28 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-28 10:37 --------- d-----w C:\Program Files\Real
2008-01-28 10:37 --------- d-----w C:\Program Files\Common Files\Real
2008-01-27 02:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-27 02:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-26 10:18 --------- d-----w C:\Documents and Settings\Betty\Application Data\Jasc
2008-01-25 16:09 --------- d-----w C:\Program Files\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\Betty\Application Data\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-25 16:00 --------- d-----w C:\Program Files\Canon
2008-01-25 15:59 --------- d-----w C:\Program Files\Common Files\CANON
2008-01-25 15:57 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-01-25 15:56 --------- d--h--w C:\Program Files\CanonBJ
2008-01-16 02:04 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-21_13.03.21.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-21 13:20:17 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-03-21 13:20:17 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470}]
C:\WINDOWS\system32\iscmlxap.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 13:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 05:00 8523776]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14 919016]
"4051595e"="C:\WINDOWS\system32\bastjsio.dll" [ ]
"BM43626ac2"="C:\WINDOWS\system32\bqcxkvkq.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-18 14:28:55 784912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4051595e]
C:\WINDOWS\system32\aacgptld.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 20:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-03-17 08:37 454144 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
--a------ 2007-07-23 09:34 2084480 C:\Program Files\Advanced Registry Optimizer\ARO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-12-04 14:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-24 03:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM43626ac2]
--a------ 2007-03-19 17:21 90688 C:\WINDOWS\system32\vopgebir.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-04-03 17:50 1603152 C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-05-14 17:01 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 14:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-13 00:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-11-07 05:00 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
--a------ 2008-03-14 15:09 4351216 C:\Program Files\RegistrySmart\RegistrySmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-28 11:37 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-02-10 16:27 1420560 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\WebFerret\\WebFerret.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 02:30:03 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 14:43:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2008-03-22 14:45:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-22 13:45:27
ComboFix2.txt 2008-03-21 12:03:54
.
2008-03-19 08:00:28 --- E O F ---

Ltangel · Mar 22, 2008

Hey Tigrita,

That's good to hear. The ComboFix.txt is looking better now, but we still have malicious files in there. Let's run ComboFix again.

Please follow my instructions carefully and try not to miss out any step or logs requested.

Fix with ComboFix

1. Please open Notepad. (Use ONLY Notepad and no other text editor)

[*] Click Start , then Run
[*]Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the quotebox below into the Notepad window:

File::
C:\WINDOWS\system32\oisjtsab.ini
C:\WINDOWS\system32\elmnvfub.ini
C:\WINDOWS\system32\pbptwjie.ini
C:\WINDOWS\system32\tyslcunr.ini
C:\WINDOWS\system32\vtnigbmw.ini
C:\WINDOWS\system32\yyclgtte.ini
C:\WINDOWS\system32\fxwodjpi.ini
C:\WINDOWS\system32\tkdulbpy.ini
C:\WINDOWS\system32\uytajghn.ini
C:\WINDOWS\system32\caabjwjs.ini
C:\WINDOWS\system32\ostcxxlp.ini
C:\WINDOWS\system32\xhartsjb.ini
C:\WINDOWS\system32\bijctraq.ini
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

Folder::
C:\SDFix
C:\Documents and Settings\Betty\Application Data\BitTorrent
C:\Program Files\LimeWire
C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470}]
C:\WINDOWS\system32\iscmlxap.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"4051595e"="C:\WINDOWS\system32\bastjsio.dll" [ ]
"BM43626ac2"="C:\WINDOWS\system32\bqcxkvkq.dll" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4051595e]
C:\WINDOWS\system32\aacgptld.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM43626ac2]
--a------ 2007-03-19 17:21 90688 C:\WINDOWS\system32\vopgebir.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

Click to expand...

Note: The above script is specifically for this user, using it on another computer can may cause permanent damage to your system!

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. Reboot your computer.

---------------------------------------------------------------------

Run an anti-rootkit scan

Download Sophos Anti-Rootkit & save it to your desktop after filling out the questionaire and reading the EULA.

Note: You will need to enter your name, e-mail address and location in order to access the download page.
[*]Double-click sarsfx.exe to extract the files.
[*]Click the Accept button at the EULA, then Install to the default directory
[*]At the next prompt, click Yes to start the program
[*]Make sure the following are checked:

[*]Running processes
[*]Windows Registry
[*]Local Hard Drives

Click the "Start Scan" button.

Allow the program to scan your computer - please be patient as it may take some time

Once the scan has completed a window will pop-up with the results of the scan - click OK to this

In the main window, you will see each of the entries found by the scan (if any)

If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review

Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you

If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry

To clean up these entries click on the Clean up checked items button

If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up

Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so

When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now and if any rootkits have been found (please take down the file names of the rootkits found).

----------------------------------------------------------------------

Scan with MalwareByte's Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

----------------------------------------------------------------------

In your next reply (please include):

* Fresh HijackThis Log (after completing everything)
* ComboFix.txt
* Report on rootkit scan and computer performance(please tell me the names of all the rootkit files found, if any)
* MalwareByte's Anti-Malware log

Go!

~Ltangel~

Tigrita · Mar 22, 2008

Hi Ltangel,

1. RUNDLL: Errors loading bastjsio.ddd & bqcxkvkq.dll

2. Appeared after rebooting (after Combofix)
3. After running Sophos-Anti-Roothit, there were “no hidden files found by scan”

Here is the first Hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:39 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\Betty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: {0741e8a5-e647-d2da-e9b4-4db83ba78a2e} - {e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470} - C:\WINDOWS\system32\iscmlxap.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [4051595e] rundll32.exe "C:\WINDOWS\system32\bastjsio.dll",b
O4 - HKLM\..\Run: [BM43626ac2] Rundll32.exe "C:\WINDOWS\system32\bqcxkvkq.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200211951812
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL...-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 6904 bytes

Malwarebytes' Anti-Malware 1.09
Database version: 521

Scan type: Quick Scan
Objects scanned: 29023
Time elapsed: 1 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Sammsoft (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

And the seconf Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:16 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\Betty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: {0741e8a5-e647-d2da-e9b4-4db83ba78a2e} - {e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470} - C:\WINDOWS\system32\iscmlxap.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [4051595e] rundll32.exe "C:\WINDOWS\system32\bastjsio.dll",b
O4 - HKLM\..\Run: [BM43626ac2] Rundll32.exe "C:\WINDOWS\system32\bqcxkvkq.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200211951812
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL...-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 6904 bytes

Ltangel · Mar 22, 2008

Hey,

You left out ComboFix.txt. Can I have a look at it please?

Thanks.

Edit: Please hurry, I need to go soon. ComboFix.txt is located in C:\.

Tigrita · Mar 22, 2008

ComboFix 08-03-20.5 - Betty 2008-03-22 15:43:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1629 [GMT 1:00]
Running from: C:\Documents and Settings\Betty\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Betty\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
C:\WINDOWS\system32\bijctraq.ini
C:\WINDOWS\system32\caabjwjs.ini
C:\WINDOWS\system32\elmnvfub.ini
C:\WINDOWS\system32\fxwodjpi.ini
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\oisjtsab.ini
C:\WINDOWS\system32\ostcxxlp.ini
C:\WINDOWS\system32\pbptwjie.ini
C:\WINDOWS\system32\tkdulbpy.ini
C:\WINDOWS\system32\tyslcunr.ini
C:\WINDOWS\system32\uytajghn.ini
C:\WINDOWS\system32\vtnigbmw.ini
C:\WINDOWS\system32\xhartsjb.ini
C:\WINDOWS\system32\yyclgtte.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Betty\Application Data\BitTorrent
C:\Documents and Settings\Betty\Application Data\BitTorrent\dht.dat
C:\Documents and Settings\Betty\Application Data\BitTorrent\Plato DVD Creator 3.75 + Key [App][English][www.zonatorrent.com].rar.torrent
C:\Documents and Settings\Betty\Application Data\BitTorrent\resume.dat
C:\Documents and Settings\Betty\Application Data\BitTorrent\resume.dat.old
C:\Documents and Settings\Betty\Application Data\BitTorrent\settings.dat
C:\Documents and Settings\Betty\Application Data\BitTorrent\settings.dat.old
C:\Program Files\LimeWire
C:\Program Files\LimeWire\log.txt
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\backups.zip
C:\SDFix\backups\catchme.log
C:\SDFix\backups\HOSTS
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\Report.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
C:\WINDOWS\system32\bijctraq.ini
C:\WINDOWS\system32\caabjwjs.ini
C:\WINDOWS\system32\elmnvfub.ini
C:\WINDOWS\system32\fxwodjpi.ini
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\oisjtsab.ini
C:\WINDOWS\system32\ostcxxlp.ini
C:\WINDOWS\system32\pbptwjie.ini
C:\WINDOWS\system32\tkdulbpy.ini
C:\WINDOWS\system32\tyslcunr.ini
C:\WINDOWS\system32\uytajghn.ini
C:\WINDOWS\system32\vtnigbmw.ini
C:\WINDOWS\system32\xhartsjb.ini
C:\WINDOWS\system32\yyclgtte.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-22 12:44 . 2008-03-22 12:44 <DIR> d-------- C:\_OTMoveIt
2008-03-21 18:05 . 2008-03-21 18:06 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-21 14:20 . 2008-03-22 08:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-21 14:20 . 2008-03-21 14:20 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\SUPERAntiSpyware.com
2008-03-21 14:20 . 2008-03-21 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-21 14:19 . 2008-03-21 14:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-19 15:11 . 2008-03-19 15:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-19 15:04 . 2008-03-22 14:50 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-19 15:04 . 2008-03-19 15:04 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-19 14:46 . 2008-03-19 14:46 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-19 13:37 . 2008-03-19 14:20 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-03-19 10:22 . 2008-03-19 10:22 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\RegistrySmart
2008-03-19 10:21 . 2008-03-19 10:22 <DIR> d-------- C:\Program Files\RegistrySmart
2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Sammsoft
2008-03-17 13:29 . 2008-03-17 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-17 12:45 . 2008-03-17 12:45 <DIR> d-------- C:\Program Files\VSO
2008-03-17 12:45 . 2008-03-18 11:48 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Vso
2008-03-17 12:45 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-03-17 12:45 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-03-17 12:45 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-03-17 12:45 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-03-17 12:45 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-03-17 12:45 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-03-17 12:45 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.sys
2008-03-17 12:42 . 2008-03-19 17:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-17 12:42 . 2008-03-17 12:47 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-03-17 09:51 . 2007-03-19 12:33 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-17 09:07 . 2008-03-17 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\SlySoft
2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-03-11 11:42 . 2008-03-11 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-03 18:38 . 2008-03-03 18:38 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\vlc
2008-03-03 18:37 . 2008-03-03 18:37 <DIR> d-------- C:\Program Files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 14:44 634,912 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-22 13:42 9,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-18 16:51 --------- d-----w C:\Program Files\Java
2008-03-17 13:42 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-03-17 13:42 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-17 13:42 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-17 13:42 158,456 ------w C:\WINDOWS\system32\pxwma.dll
2008-03-17 08:55 --------- d-----w C:\Documents and Settings\Betty\Application Data\Ahead
2008-02-18 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-02-18 13:29 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-02-18 13:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 13:28 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-18 13:28 --------- d-----w C:\Documents and Settings\Betty\Application Data\InstallShield
2008-02-14 10:54 --------- d-----w C:\Documents and Settings\Betty\Application Data\Apple Computer
2008-02-12 12:09 --------- d-----w C:\Program Files\Easy Duplicate Finder
2008-02-08 14:52 --------- d-----w C:\Program Files\iTunes
2008-02-08 14:52 --------- d-----w C:\Program Files\iPod
2008-02-08 14:51 --------- d-----w C:\Program Files\QuickTime
2008-02-08 14:51 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-08 14:51 --------- d-----w C:\Program Files\Bonjour
2008-02-08 14:51 --------- d-----w C:\Program Files\Apple Software Update
2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-08 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-06 12:49 8,192 ----a-w C:\WINDOWS\system32\NetFerret.dll
2008-02-06 12:49 17,920 ----a-w C:\WINDOWS\WebFerretUninstall.exe
2008-02-06 12:49 --------- d-----w C:\Program Files\WebFerret
2008-02-04 17:23 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
2008-01-31 11:22 --------- d-----w C:\Documents and Settings\Betty\Application Data\Canon
2008-01-28 14:35 --------- d-----w C:\Program Files\Lavasoft
2008-01-28 14:35 --------- d-----w C:\Documents and Settings\Betty\Application Data\Lavasoft
2008-01-28 12:34 --------- d-----w C:\Program Files\eMule
2008-01-28 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-28 10:37 --------- d-----w C:\Program Files\Real
2008-01-28 10:37 --------- d-----w C:\Program Files\Common Files\Real
2008-01-27 02:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-27 02:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-26 10:18 --------- d-----w C:\Documents and Settings\Betty\Application Data\Jasc
2008-01-25 16:09 --------- d-----w C:\Program Files\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\Betty\Application Data\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-25 16:00 --------- d-----w C:\Program Files\Canon
2008-01-25 15:59 --------- d-----w C:\Program Files\Common Files\CANON
2008-01-25 15:57 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-01-25 15:56 --------- d--h--w C:\Program Files\CanonBJ
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470}]
C:\WINDOWS\system32\iscmlxap.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 13:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 05:00 8523776]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14 919016]
"4051595e"="C:\WINDOWS\system32\bastjsio.dll" [ ]
"BM43626ac2"="C:\WINDOWS\system32\bqcxkvkq.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-18 14:28:55 784912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4051595e]
C:\WINDOWS\system32\aacgptld.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 20:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-03-17 08:37 454144 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
--a------ 2007-07-23 09:34 2084480 C:\Program Files\Advanced Registry Optimizer\ARO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-12-04 14:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-24 03:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM43626ac2]
--a------ 2007-03-19 17:21 90688 C:\WINDOWS\system32\vopgebir.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-04-03 17:50 1603152 C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-05-14 17:01 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 14:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-13 00:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-11-07 05:00 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
--a------ 2008-03-14 15:09 4351216 C:\Program Files\RegistrySmart\RegistrySmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-28 11:37 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-02-10 16:27 1420560 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\WebFerret\\WebFerret.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 02:30:03 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 15:44:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-22 15:44:22
ComboFix-quarantined-files.txt 2008-03-22 14:44:21
ComboFix2.txt 2008-03-22 13:45:31
ComboFix3.txt 2008-03-21 12:03:54
.
2008-03-19 08:00:28 --- E O F ---

Tigrita · Mar 22, 2008

Dear Ltangel,

First of all I would like to wish you and your loved ones a very happy Easter.

I am sorry we didn't get to finish fixing my computer. I hope you will be available to help me again when I return on the 6th of April. I am also sorry I made you spend so much of your time with me, you are truly a wonderful person.

All the best and warm regards,

Tigrita

Ltangel · Mar 22, 2008

Hey Tigrita,

Thanks for your compliments. I'll bump your topic constantly and think of a fix for you when you return. Happy easter to you too.

~Ltangel~

Ltangel · Mar 29, 2008

Bumped for original poster.

Tigrita · Apr 6, 2008

Dear Ltangel,
I am back and ready to continue, whenever you have time of course ))
Have a wonderful day!!!

peterpeck · Apr 6, 2008

so sorry about your problems but i would suggest a complete reinstall of your operating system i only use AVG free version and would you believe i have no problems with any viruses . also i use win xp system restore my operating system is WIN XP PRO.. regards win restore i disable at least twice per week but imediately start it up again then do a clean restore point ; if you are not careful system restore restore will keep re- installing any viruses you may have on youe system peterpeck

Tigrita · Apr 6, 2008

Dear Peterpeck,
Thank you for your suggestions, I am sure they are good. However, I have been following Ltangel's instructions from the beginning and all the way he/she has been absolutely wonderful to me. I know I have to follow the instructions to the end; his/her help has been absolutely great!!

thor999 · Apr 8, 2008

hell yeah they were great wow man, I wished i knew everything you did! are you self-taught? I mean, I know how to do this stuff onsite but, you take it to a whole new level!

Ltangel · Apr 10, 2008

Hey Tigrita,

Welcome back!

Sorry, I've been really busy these days. Could you please post a fresh HijackThis log?

Thanks.

Ltangel · Apr 10, 2008

Hey thor999,

thor999 said:

hell yeah they were great wow man, I wished i knew everything you did! are you self-taught? I mean, I know how to do this stuff onsite but, you take it to a whole new level!
Click to expand...

I have gone through proper training from malware removal experts, and have been doing this for quite a while. If you want to learn about malware removal, please PM me.

Tigrita · Apr 12, 2008

Dear LTangel,

Thank you so much for all your help through my crisis, you were very supportive. I understand you were very busy but I needed my PC and couldn't wait any longer so I took it to a professional who did the fixing for me. (I hope he did!!)
Thanks again for being there for me.
I wish you all the best.
Tigrita

Log in or Sign up

PC infected with many worms, trojans, spyware, etc.

Tigrita Member

Ltangel Regular member

Tigrita Member

Ltangel Regular member

Tigrita Member

Tigrita Member

Ltangel Regular member

Tigrita Member

Ltangel Regular member

Tigrita Member

Tigrita Member

Ltangel Regular member

Ltangel Regular member

Tigrita Member

peterpeck Member

Tigrita Member

thor999 Regular member

Ltangel Regular member

Ltangel Regular member

Tigrita Member

Share This Page

Log in or Sign up

PC infected with many worms, trojans, spyware, etc.

Tigrita Member

Ltangel Regular member

Tigrita Member

Ltangel Regular member

Tigrita Member

Tigrita Member

Ltangel Regular member

Tigrita Member

Ltangel Regular member

Tigrita Member

Tigrita Member

Ltangel Regular member

Ltangel Regular member

Tigrita Member

peterpeck Member

Tigrita Member

thor999 Regular member

Ltangel Regular member

Ltangel Regular member

Tigrita Member

Share This Page

Useful Searches