1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PC infected with many worms, trojans, spyware, etc.

Discussion in 'Windows - Virus and spyware problems' started by Tigrita, Mar 20, 2008.

  1. Tigrita

    Tigrita Member

    Joined:
    Mar 19, 2008
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    Unless I am going blind...which is provably true :) I don't seeem to have the link for that program
     
  2. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Do you see it now? You might have removed it, if you have please follow the instructions again here and give me a DSS log.

     
  3. Tigrita

    Tigrita Member

    Joined:
    Mar 19, 2008
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    So sorry, I forgot Deckards had a nick name (DSS) :)

    Here is the log

    Deckard's System Scanner v20071014.68
    Run by Betty on 2008-03-22 14:00:51
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Betty.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:00:52 PM, on 3/22/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Betty\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Betty.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {B678C203-23EB-42C2-AE1B-F2A67A87E5FB} - C:\WINDOWS\system32\pmnnl.dll
    O2 - BHO: {0741e8a5-e647-d2da-e9b4-4db83ba78a2e} - {e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470} - C:\WINDOWS\system32\iscmlxap.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [4051595e] rundll32.exe "C:\WINDOWS\system32\bastjsio.dll",b
    O4 - HKLM\..\Run: [BM43626ac2] Rundll32.exe "C:\WINDOWS\system32\bqcxkvkq.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200211951812
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL...-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

    --
    End of file - 6995 bytes

    -- Files created between 2008-02-22 and 2008-03-22 -----------------------------

    2008-03-21 18:05:53 0 d-------- C:\WINDOWS\system32\NtmsData
    2008-03-21 15:15:14 178636 --ahs---- C:\WINDOWS\system32\lnnmp.ini2
    2008-03-21 15:15:12 290816 --a------ C:\WINDOWS\system32\pmnnl.dll
    2008-03-21 14:20:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-03-21 14:20:08 0 d-------- C:\Program Files\SUPERAntiSpyware
    2008-03-21 14:20:08 0 d-------- C:\Documents and Settings\Betty\Application Data\SUPERAntiSpyware.com
    2008-03-21 14:19:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-21 13:10:10 90176 --a------ C:\WINDOWS\system32\wdkcepyq.dll
    2008-03-21 13:09:18 166793 --ahs---- C:\WINDOWS\system32\stutv.ini2
    2008-03-21 12:55:40 68096 --a------ C:\WINDOWS\system32\zip.exe
    2008-03-21 12:55:40 98816 --a------ C:\WINDOWS\system32\sed.exe
    2008-03-21 12:55:40 80412 --a------ C:\WINDOWS\system32\grep.exe
    2008-03-21 12:55:40 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-03-20 19:41:50 0 d-------- C:\VundoFix Backups
    2008-03-20 18:50:42 0 d-------- C:\!KillBox
    2008-03-20 16:42:53 0 dr-h----- C:\Documents and Settings\Betty\Recent
    2008-03-19 15:11:02 0 d-------- C:\Program Files\Trend Micro
    2008-03-19 15:04:00 0 d-------- C:\WINDOWS\Internet Logs
    2008-03-19 14:46:29 0 d-------- C:\Program Files\Windows Defender
    2008-03-19 13:37:58 0 d-------- C:\Program Files\NoAdware5.0
    2008-03-19 10:22:10 0 d-------- C:\Documents and Settings\Betty\Application Data\RegistrySmart
    2008-03-19 10:21:59 0 d-------- C:\Program Files\RegistrySmart
    2008-03-19 09:31:05 0 d-------- C:\Documents and Settings\Betty\Application Data\Sammsoft
    2008-03-19 09:31:00 0 d-------- C:\Program Files\Advanced Registry Optimizer
    2008-03-17 13:29:11 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
    2008-03-17 12:45:56 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    2008-03-17 12:45:56 0 d-------- C:\Documents and Settings\Betty\Application Data\Vso
    2008-03-17 12:45:56 47360 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    2008-03-17 12:45:51 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
    2008-03-17 12:45:51 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
    2008-03-17 12:45:51 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
    2008-03-17 12:45:51 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
    2008-03-17 12:45:51 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
    2008-03-17 12:45:49 0 d-------- C:\Program Files\VSO
    2008-03-17 12:42:29 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
    2008-03-17 12:42:20 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-17 09:07:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
    2008-03-17 08:36:45 0 d-------- C:\Program Files\Elaborate Bytes
    2008-03-17 08:36:16 0 d-------- C:\Program Files\SlySoft
    2008-03-16 13:16:08 0 d-------- C:\Documents and Settings\Betty\Application Data\BitTorrent
    2008-03-16 13:16:01 0 d-------- C:\Documents and Settings\Betty\Application Data\DNA
    2008-03-13 13:40:48 0 d-------- C:\Documents and Settings\Betty\Application Data\Help
    2008-03-13 13:36:47 0 d-------- C:\Program Files\mIRC
    2008-03-13 13:32:13 0 d-------- C:\IRCap
    2008-03-11 11:42:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-03-03 18:38:20 0 d-------- C:\Documents and Settings\Betty\Application Data\vlc
    2008-03-03 18:37:16 0 d-------- C:\Program Files\VideoLAN


    -- Find3M Report ---------------------------------------------------------------

    2008-03-21 14:19:38 0 d-------- C:\Program Files\Common Files
    2008-03-18 17:51:11 0 d-------- C:\Program Files\Java
    2008-03-18 11:48:49 668 --a------ C:\Documents and Settings\Betty\Application Data\vso_ts_preview.xml
    2008-03-18 06:45:04 0 d-------- C:\Documents and Settings\Betty\Application Data\LimeWire
    2008-03-17 12:46:00 34 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.log
    2008-03-17 12:45:56 1144 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.inf
    2008-03-17 12:45:56 7887 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.cat
    2008-03-17 09:55:28 0 d-------- C:\Documents and Settings\Betty\Application Data\Ahead
    2008-02-18 14:29:06 0 d-------- C:\Program Files\Common Files\Logishrd
    2008-02-18 14:28:58 0 d-------- C:\Program Files\Common Files\Logitech
    2008-02-18 14:28:43 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-02-18 14:28:37 0 d-------- C:\Documents and Settings\Betty\Application Data\InstallShield
    2008-02-18 14:25:28 0 d-------- C:\Program Files\Online Services
    2008-02-18 14:25:19 0 d-------- C:\Program Files\Windows NT
    2008-02-14 11:54:13 0 d-------- C:\Documents and Settings\Betty\Application Data\Apple Computer
    2008-02-12 13:09:42 0 d-------- C:\Program Files\Easy Duplicate Finder
    2008-02-08 15:52:19 0 d-------- C:\Program Files\iTunes
    2008-02-08 15:52:12 0 d-------- C:\Program Files\iPod
    2008-02-08 15:51:54 0 d-------- C:\Program Files\Bonjour
    2008-02-08 15:51:50 0 d-------- C:\Program Files\QuickTime
    2008-02-08 15:51:26 0 d-------- C:\Program Files\Apple Software Update
    2008-02-08 15:51:12 0 d-------- C:\Program Files\Common Files\Apple
    2008-02-06 13:49:00 17920 --a------ C:\WINDOWS\WebFerretUninstall.exe
    2008-02-06 13:49:00 8192 --a------ C:\WINDOWS\system32\NetFerret.dll
    2008-02-06 13:49:00 0 d-------- C:\Program Files\WebFerret
    2008-01-31 12:22:39 0 d-------- C:\Documents and Settings\Betty\Application Data\Canon
    2008-01-28 15:35:50 0 d-------- C:\Documents and Settings\Betty\Application Data\Lavasoft
    2008-01-28 15:35:38 0 d-------- C:\Program Files\Lavasoft
    2008-01-28 13:34:45 0 d-------- C:\Program Files\eMule
    2008-01-28 12:00:42 0 d-------- C:\Documents and Settings\Betty\Application Data\Real
    2008-01-28 11:37:22 0 d-------- C:\Program Files\Common Files\xing shared
    2008-01-28 11:37:21 0 d-------- C:\Program Files\Real
    2008-01-28 11:37:16 0 d-------- C:\Program Files\Common Files\Real
    2008-01-27 03:00:31 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-27 03:00:28 0 d-------- C:\Program Files\MSXML 4.0
    2008-01-26 11:18:20 0 d-------- C:\Documents and Settings\Betty\Application Data\Jasc
    2008-01-25 17:09:41 0 d-------- C:\Documents and Settings\Betty\Application Data\ScanSoft
    2008-01-25 17:09:37 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
    2008-01-25 17:09:36 0 d-------- C:\Program Files\Common Files\InstallShield
    2008-01-25 17:09:17 0 d-------- C:\Program Files\ScanSoft
    2008-01-25 17:00:36 0 d-------- C:\Program Files\Canon
    2008-01-25 16:59:29 0 d-------- C:\Program Files\Common Files\CANON
    2008-01-25 16:56:54 0 d--h----- C:\Program Files\CanonBJ
    2008-01-25 08:22:22 0 d-------- C:\Documents and Settings\Betty\Application Data\WinRAR
    2008-01-23 11:31:27 0 d-------- C:\Documents and Settings\Betty\Application Data\Sun
    2008-01-16 19:15:35 27210 --a------ C:\Documents and Settings\Betty\Application Data\Personal Address Book.ADR
    2008-01-16 04:21:22 38439 --a------ C:\Documents and Settings\Betty\Application Data\Comma Separated Values (Windows).ADR


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B678C203-23EB-42C2-AE1B-F2A67A87E5FB}]
    03/21/2008 03:15 PM 290816 --a------ C:\WINDOWS\system32\pmnnl.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470}]
    C:\WINDOWS\system32\iscmlxap.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/07/2007 05:00 AM]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]
    "4051595e"="C:\WINDOWS\system32\bastjsio.dll" []
    "BM43626ac2"="C:\WINDOWS\system32\bqcxkvkq.dll" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [07/27/2007 01:00 PM]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2/18/2008 2:28:55 PM]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 11/15/2007 10:10 AM 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnnl.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4051595e]
    rundll32.exe "C:\WINDOWS\system32\aacgptld.dll",b

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
    C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM43626ac2]
    Rundll32.exe "C:\WINDOWS\system32\vopgebir.dll",s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    KHALMNPR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
    C:\Program Files\RegistrySmart\RegistrySmart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    %systemroot%\system32\dumprep 0 -u

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Adobe LM Service"=3 (0x3)
    "iPod Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "avast! Web Scanner"=3 (0x3)
    "avast! Mail Scanner"=3 (0x3)
    "avast! Antivirus"=2 (0x2)
    "aswUpdSv"=2 (0x2)




    -- End of Deckard's System Scanner: finished at 2008-03-22 14:01:11 ------------

     
  4. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Hey Tigrita,

    No worries, things do slip our eyes sometimes. :)

    Remove unnecessary programs

    Please remove the following program from Add or Remove Programs in Control Panel (if present):

    mIRC
    LimeWire
    xing shared


    ----------------------------------------------------------------------

    Fix with ComboFix

    1. Please open Notepad. (Use ONLY Notepad and no other text editor)

    [*] Click Start , then Run
    [*]Type notepad.exe in the Run Box.

    2. Now copy/paste the entire content of the quotebox below into the Notepad window:


    Note: The above script is specifically for this user, using it on another computer can may cause permanent damage to your system!

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]

    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

    [*]Combofix.txt
    [*]A new HijackThis log.

    Go!

    ~Ltangel~
     
  5. Tigrita

    Tigrita Member

    Joined:
    Mar 19, 2008
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    Dear Ltangel,
    First good news, The IE is performing much faster than before :)))

    Since I couldn't find the "xing shared" file, I tried to perform a search and got a message "Can not perform search, a file that is required to run search companion cannot be found"

    Here is my log:

    ComboFix 08-03-20.5 - Betty 2008-03-22 14:40:23.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1688 [GMT 1:00]
    Running from: C:\Documents and Settings\Betty\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Betty\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\WINDOWS\system32\lnnmp.ini2
    C:\WINDOWS\system32\pmnnl.dll
    C:\WINDOWS\system32\stutv.ini2
    C:\WINDOWS\system32\wdkcepyq.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\!KillBox
    C:\!KillBox\jncixdct.dll ( 1)
    C:\!KillBox\Logs\kb.log
    C:\!KillBox\mloiotut.dll
    C:\!KillBox\qomlmjg.dll ( 2)
    C:\!KillBox\qomlmjg.dll
    C:\!KillBox\qomlmjg.dll( 2)
    C:\!KillBox\skeysw.exe
    C:\Documents and Settings\Betty\Application Data\Comma Separated Values (Windows).ADR\
    C:\Documents and Settings\Betty\Application Data\DNA
    C:\Documents and Settings\Betty\Application Data\DNA\dht.dat
    C:\Documents and Settings\Betty\Application Data\DNA\dht.dat.old
    C:\Documents and Settings\Betty\Application Data\DNA\resume.dat
    C:\Documents and Settings\Betty\Application Data\DNA\resume.dat.old
    C:\Documents and Settings\Betty\Application Data\DNA\settings.dat
    C:\Documents and Settings\Betty\Application Data\DNA\settings.dat.old
    C:\Documents and Settings\Betty\Application Data\LimeWire
    C:\Documents and Settings\Betty\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
    C:\Documents and Settings\Betty\Application Data\LimeWire\410splashpro.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\createtimes.cache
    C:\Documents and Settings\Betty\Application Data\LimeWire\fileurns.bak
    C:\Documents and Settings\Betty\Application Data\LimeWire\fileurns.cache
    C:\Documents and Settings\Betty\Application Data\LimeWire\filters.props
    C:\Documents and Settings\Betty\Application Data\LimeWire\gnutella.net
    C:\Documents and Settings\Betty\Application Data\LimeWire\installation.props
    C:\Documents and Settings\Betty\Application Data\LimeWire\library.dat
    C:\Documents and Settings\Betty\Application Data\LimeWire\limewire.props
    C:\Documents and Settings\Betty\Application Data\LimeWire\pub1.key
    C:\Documents and Settings\Betty\Application Data\LimeWire\public.key
    C:\Documents and Settings\Betty\Application Data\LimeWire\questions.props
    C:\Documents and Settings\Betty\Application Data\LimeWire\simpp.xml
    C:\Documents and Settings\Betty\Application Data\LimeWire\spam.dat
    C:\Documents and Settings\Betty\Application Data\LimeWire\tables.props
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme.lwtp
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\01_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\02_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\03_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\04_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\05_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\chat.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\dir_closed.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\dir_open.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\forward_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\forward_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\kill.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\kill_on.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\lime.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\logo.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\notsearching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\pause_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\pause_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\play_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\play_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\question.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\rewind_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\searching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\splash.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\stop_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\stop_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\theme.txt
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\warning.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme.lwtp
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\01_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\02_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\03_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\04_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\05_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\chat.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\dir_open.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\forward_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\kill.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\logo.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\notsearching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\pause_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\play_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\play_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\question.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\search.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\searching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\splash.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\stop_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\theme.txt
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\warning.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme.lwtp
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\01_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\02_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\03_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\04_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\05_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\chat.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\kill.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\lime.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\logo.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\play_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\question.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\searching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\splash.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\theme.txt
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\warning.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme.lwtp
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\01_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\02_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\03_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\04_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\05_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\chat.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\dir_closed.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\dir_open.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\forward_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\forward_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\kill.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\kill_on.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\lime.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\logo.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\notsearching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\pause_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\pause_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\play_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\play_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\question.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\rewind_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\rewind_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\searching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\splash.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\stop_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\stop_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\theme.txt
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\warning.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme.lwtp
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\01_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\02_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\03_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\04_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\05_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\chat.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\forward_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\forward_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\kill.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\kill_on.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\logo.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\notsearching.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\pause_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\pause_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\play_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\play_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\question.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\rewind_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\searching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\splash.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\stop_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\stop_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\theme.txt
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\warning.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme.lwtp
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\01_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\02_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\03_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\04_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\05_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\chat.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\forward_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\kill.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\kill_on.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\logo.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\notsearching.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\pause_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\play_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\play_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\question.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\searching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\splash.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\stop_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\theme.txt
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\warning.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\ttree.cache
    C:\Documents and Settings\Betty\Application Data\LimeWire\update.xml
    C:\Documents and Settings\Betty\Application Data\LimeWire\version.key
    C:\Documents and Settings\Betty\Application Data\LimeWire\version.xml
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\application.sxml
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\audio.sxml
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\delete_me
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\video.sxml
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\application.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\audio.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\document.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\image.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\video.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\application.xsd
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\audio.xsd
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\document.xsd
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\image.xsd
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\video.xsd
    C:\Documents and Settings\Betty\Application Data\Personal Address Book.ADR\
    C:\IRCap
    C:\IRCap\Crack\779b31484656d7207ff1d8e2c7a5ac1f896.zip
    C:\IRCap\Crack\keygen.exe
    C:\IRCap\Crack\XBiNX.nfo
    C:\IRCap\mirc62.exe
    C:\Program Files\Common Files\xing shared
    C:\Program Files\Common Files\xing shared\mpeg encode\xmencmp3.dll
    C:\VundoFix Backups
    C:\VundoFix Backups\aacgptld.dll.bad
    C:\VundoFix Backups\dltpgcaa.ini.bad
    C:\VundoFix Backups\mllml.dll.bad
    C:\VundoFix Backups\pmnlj.dll.bad
    C:\VundoFix Backups\ssttt.dll.bad
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\lnnmp.ini
    C:\WINDOWS\system32\lnnmp.ini2
    C:\WINDOWS\system32\pmnnl.dll
    C:\WINDOWS\system32\stutv.ini2
    C:\WINDOWS\system32\wdkcepyq.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
    .

    2008-03-22 12:44 . 2008-03-22 12:44 <DIR> d-------- C:\_OTMoveIt
    2008-03-21 18:05 . 2008-03-21 18:06 <DIR> d-------- C:\WINDOWS\system32\NtmsData
    2008-03-21 15:16 . 2008-03-22 12:36 1,540,055 ---hs---- C:\WINDOWS\system32\oisjtsab.ini
    2008-03-21 14:20 . 2008-03-22 08:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-03-21 14:20 . 2008-03-21 14:20 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\SUPERAntiSpyware.com
    2008-03-21 14:20 . 2008-03-21 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-03-21 14:19 . 2008-03-21 14:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-21 13:12 . 2008-03-21 13:12 1,539,724 ---hs---- C:\WINDOWS\system32\elmnvfub.ini
    2008-03-20 23:34 . 2008-03-18 23:48 1,526,077 ---hs---- C:\WINDOWS\system32\pbptwjie.ini
    2008-03-20 23:30 . 2008-03-20 23:30 354 ---hs---- C:\WINDOWS\system32\tyslcunr.ini
    2008-03-20 22:23 . 2008-03-20 22:23 294 ---hs---- C:\WINDOWS\system32\vtnigbmw.ini
    2008-03-20 09:41 . 2008-03-20 17:46 1,540,176 ---hs---- C:\WINDOWS\system32\yyclgtte.ini
    2008-03-19 17:12 . 2007-03-19 17:20 1,534,825 ---hs---- C:\WINDOWS\system32\fxwodjpi.ini
    2008-03-19 15:11 . 2008-03-19 15:11 <DIR> d-------- C:\Program Files\Trend Micro
    2008-03-19 15:04 . 2008-03-22 13:44 <DIR> d-------- C:\WINDOWS\Internet Logs
    2008-03-19 15:04 . 2008-03-19 15:04 <DIR> d-------- C:\Program Files\Zone Labs
    2008-03-19 14:46 . 2008-03-19 14:46 <DIR> d-------- C:\Program Files\Windows Defender
    2008-03-19 13:37 . 2008-03-19 14:20 <DIR> d-------- C:\Program Files\NoAdware5.0
    2008-03-19 11:05 . 2007-03-19 11:30 <DIR> d-------- C:\SDFix
    2008-03-19 10:22 . 2008-03-19 10:22 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\RegistrySmart
    2008-03-19 10:21 . 2008-03-19 10:22 <DIR> d-------- C:\Program Files\RegistrySmart
    2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
    2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Sammsoft
    2008-03-19 09:00 . 2007-03-19 11:10 1,525,531 ---hs---- C:\WINDOWS\system32\tkdulbpy.ini
    2008-03-19 08:08 . 2008-03-19 08:57 1,525,099 ---hs---- C:\WINDOWS\system32\uytajghn.ini
    2008-03-19 07:27 . 2008-03-19 08:05 1,524,664 ---hs---- C:\WINDOWS\system32\caabjwjs.ini
    2008-03-18 23:50 . 2007-03-19 07:14 1,526,197 ---hs---- C:\WINDOWS\system32\ostcxxlp.ini
    2008-03-18 16:08 . 2007-03-18 17:59 1,521,492 ---hs---- C:\WINDOWS\system32\xhartsjb.ini
    2008-03-18 12:00 . 2008-03-18 12:00 1,390,596 ---hs---- C:\WINDOWS\system32\bijctraq.ini
    2008-03-17 13:29 . 2008-03-17 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
    2008-03-17 12:45 . 2008-03-17 12:45 <DIR> d-------- C:\Program Files\VSO
    2008-03-17 12:45 . 2008-03-18 11:48 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Vso
    2008-03-17 12:45 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
    2008-03-17 12:45 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
    2008-03-17 12:45 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
    2008-03-17 12:45 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
    2008-03-17 12:45 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
    2008-03-17 12:45 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
    2008-03-17 12:45 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
    2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
    2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.sys
    2008-03-17 12:42 . 2008-03-19 17:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-17 12:42 . 2008-03-17 12:47 37,888 --a------ C:\WINDOWS\system32\rar.exe
    2008-03-17 09:51 . 2007-03-19 12:33 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-03-17 09:08 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
    2008-03-17 09:07 . 2008-03-17 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
    2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\SlySoft
    2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\Elaborate Bytes
    2008-03-16 13:16 . 2008-03-16 22:12 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\BitTorrent
    2008-03-11 11:42 . 2008-03-11 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-03-03 18:38 . 2008-03-03 18:38 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\vlc
    2008-03-03 18:37 . 2008-03-03 18:37 <DIR> d-------- C:\Program Files\VideoLAN

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-22 13:44 600,096 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-03-22 13:42 9,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-03-22 13:28 --------- d-----w C:\Program Files\LimeWire
    2008-03-18 16:51 --------- d-----w C:\Program Files\Java
    2008-03-17 13:42 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2008-03-17 13:42 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-03-17 13:42 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-03-17 08:55 --------- d-----w C:\Documents and Settings\Betty\Application Data\Ahead
    2008-02-18 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
    2008-02-18 13:29 --------- d-----w C:\Program Files\Common Files\Logishrd
    2008-02-18 13:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-18 13:28 --------- d-----w C:\Program Files\Common Files\Logitech
    2008-02-18 13:28 --------- d-----w C:\Documents and Settings\Betty\Application Data\InstallShield
    2008-02-14 10:54 --------- d-----w C:\Documents and Settings\Betty\Application Data\Apple Computer
    2008-02-12 12:09 --------- d-----w C:\Program Files\Easy Duplicate Finder
    2008-02-08 14:52 --------- d-----w C:\Program Files\iTunes
    2008-02-08 14:52 --------- d-----w C:\Program Files\iPod
    2008-02-08 14:51 --------- d-----w C:\Program Files\QuickTime
    2008-02-08 14:51 --------- d-----w C:\Program Files\Common Files\Apple
    2008-02-08 14:51 --------- d-----w C:\Program Files\Bonjour
    2008-02-08 14:51 --------- d-----w C:\Program Files\Apple Software Update
    2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-02-08 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
    2008-02-06 12:49 17,920 ----a-w C:\WINDOWS\WebFerretUninstall.exe
    2008-02-06 12:49 --------- d-----w C:\Program Files\WebFerret
    2008-01-31 11:22 --------- d-----w C:\Documents and Settings\Betty\Application Data\Canon
    2008-01-28 14:35 --------- d-----w C:\Program Files\Lavasoft
    2008-01-28 14:35 --------- d-----w C:\Documents and Settings\Betty\Application Data\Lavasoft
    2008-01-28 12:34 --------- d-----w C:\Program Files\eMule
    2008-01-28 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-01-28 10:37 --------- d-----w C:\Program Files\Real
    2008-01-28 10:37 --------- d-----w C:\Program Files\Common Files\Real
    2008-01-27 02:00 --------- d-----w C:\Program Files\MSXML 4.0
    2008-01-27 02:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-26 10:18 --------- d-----w C:\Documents and Settings\Betty\Application Data\Jasc
    2008-01-25 16:09 --------- d-----w C:\Program Files\ScanSoft
    2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
    2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-01-25 16:09 --------- d-----w C:\Documents and Settings\Betty\Application Data\ScanSoft
    2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-01-25 16:00 --------- d-----w C:\Program Files\Canon
    2008-01-25 15:59 --------- d-----w C:\Program Files\Common Files\CANON
    2008-01-25 15:57 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
    2008-01-25 15:56 --------- d--h--w C:\Program Files\CanonBJ
    2008-01-16 02:04 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-21_13.03.21.00 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-03-21 13:20:17 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    + 2008-03-21 13:20:17 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470}]
    C:\WINDOWS\system32\iscmlxap.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 13:00 15360]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 05:00 8523776]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14 919016]
    "4051595e"="C:\WINDOWS\system32\bastjsio.dll" [ ]
    "BM43626ac2"="C:\WINDOWS\system32\bqcxkvkq.dll" [ ]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-18 14:28:55 784912]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4051595e]
    C:\WINDOWS\system32\aacgptld.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    --a------ 2006-01-12 20:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    --a------ 2008-03-17 08:37 454144 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
    --a------ 2007-07-23 09:34 2084480 C:\Program Files\Advanced Registry Optimizer\ARO.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    --a------ 2007-12-04 14:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2006-12-24 03:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM43626ac2]
    --a------ 2007-03-19 17:21 90688 C:\WINDOWS\system32\vopgebir.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    --a------ 2007-04-03 17:50 1603152 C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    --a------ 2007-05-14 17:01 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-02-04 14:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    --a------ 2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    ---hs---- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-13 00:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-11-07 05:00 81920 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
    --a------ 2008-03-14 15:09 4351216 C:\Program Files\RegistrySmart\RegistrySmart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-01-28 11:37 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -u

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2006-02-10 16:27 1420560 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Adobe LM Service"=3 (0x3)
    "iPod Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "avast! Web Scanner"=3 (0x3)
    "avast! Mail Scanner"=3 (0x3)
    "avast! Antivirus"=2 (0x2)
    "aswUpdSv"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
    "C:\\Program Files\\WebFerret\\WebFerret.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=


    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-22 02:30:03 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmart
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-22 14:43:47
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    .
    **************************************************************************
    .
    Completion time: 2008-03-22 14:45:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-22 13:45:27
    ComboFix2.txt 2008-03-21 12:03:54
    .
    2008-03-19 08:00:28 --- E O F ---
     
  6. Tigrita

    Tigrita Member

    Joined:
    Mar 19, 2008
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    Dear Ltangel,
    First good news, The IE is performing much faster than before :)))

    Since I couldn't find the "xing shared" file, I tried to perform a search and got a message "Can not perform search, a file that is required to run search companion cannot be found"

    Here is my log:

    ComboFix 08-03-20.5 - Betty 2008-03-22 14:40:23.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1688 [GMT 1:00]
    Running from: C:\Documents and Settings\Betty\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Betty\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\WINDOWS\system32\lnnmp.ini2
    C:\WINDOWS\system32\pmnnl.dll
    C:\WINDOWS\system32\stutv.ini2
    C:\WINDOWS\system32\wdkcepyq.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\!KillBox
    C:\!KillBox\jncixdct.dll ( 1)
    C:\!KillBox\Logs\kb.log
    C:\!KillBox\mloiotut.dll
    C:\!KillBox\qomlmjg.dll ( 2)
    C:\!KillBox\qomlmjg.dll
    C:\!KillBox\qomlmjg.dll( 2)
    C:\!KillBox\skeysw.exe
    C:\Documents and Settings\Betty\Application Data\Comma Separated Values (Windows).ADR\
    C:\Documents and Settings\Betty\Application Data\DNA
    C:\Documents and Settings\Betty\Application Data\DNA\dht.dat
    C:\Documents and Settings\Betty\Application Data\DNA\dht.dat.old
    C:\Documents and Settings\Betty\Application Data\DNA\resume.dat
    C:\Documents and Settings\Betty\Application Data\DNA\resume.dat.old
    C:\Documents and Settings\Betty\Application Data\DNA\settings.dat
    C:\Documents and Settings\Betty\Application Data\DNA\settings.dat.old
    C:\Documents and Settings\Betty\Application Data\LimeWire
    C:\Documents and Settings\Betty\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
    C:\Documents and Settings\Betty\Application Data\LimeWire\410splashpro.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\createtimes.cache
    C:\Documents and Settings\Betty\Application Data\LimeWire\fileurns.bak
    C:\Documents and Settings\Betty\Application Data\LimeWire\fileurns.cache
    C:\Documents and Settings\Betty\Application Data\LimeWire\filters.props
    C:\Documents and Settings\Betty\Application Data\LimeWire\gnutella.net
    C:\Documents and Settings\Betty\Application Data\LimeWire\installation.props
    C:\Documents and Settings\Betty\Application Data\LimeWire\library.dat
    C:\Documents and Settings\Betty\Application Data\LimeWire\limewire.props
    C:\Documents and Settings\Betty\Application Data\LimeWire\pub1.key
    C:\Documents and Settings\Betty\Application Data\LimeWire\public.key
    C:\Documents and Settings\Betty\Application Data\LimeWire\questions.props
    C:\Documents and Settings\Betty\Application Data\LimeWire\simpp.xml
    C:\Documents and Settings\Betty\Application Data\LimeWire\spam.dat
    C:\Documents and Settings\Betty\Application Data\LimeWire\tables.props
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme.lwtp
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\01_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\02_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\03_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\04_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\05_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\chat.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\dir_closed.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\dir_open.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\forward_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\forward_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\kill.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\kill_on.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\lime.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\logo.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\notsearching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\pause_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\pause_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\play_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\play_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\question.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\rewind_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\searching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\splash.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\stop_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\stop_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\theme.txt
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\black_theme\warning.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme.lwtp
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\01_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\02_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\03_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\04_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\05_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\chat.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\dir_open.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\forward_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\kill.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\logo.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\notsearching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\pause_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\play_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\play_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\question.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\search.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\searching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\splash.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\stop_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\theme.txt
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\classic_theme\warning.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme.lwtp
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\01_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\02_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\03_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\04_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\05_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\chat.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\kill.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\lime.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\logo.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\play_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\question.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\searching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\splash.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\theme.txt
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewire_theme\warning.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme.lwtp
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\01_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\02_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\03_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\04_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\05_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\chat.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\dir_closed.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\dir_open.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\forward_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\forward_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\kill.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\kill_on.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\lime.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\logo.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\notsearching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\pause_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\pause_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\play_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\play_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\question.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\rewind_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\rewind_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\searching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\splash.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\stop_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\stop_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\theme.txt
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\limewirePro_theme\warning.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme.lwtp
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\01_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\02_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\03_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\04_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\05_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\chat.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\forward_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\forward_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\kill.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\kill_on.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\logo.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\notsearching.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\pause_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\pause_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\play_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\play_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\question.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\rewind_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\searching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\splash.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\stop_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\stop_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\theme.txt
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\other_theme\warning.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme.lwtp
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\01_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\02_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\03_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\04_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\05_star.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\chat.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\forward_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\kill.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\kill_on.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\logo.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\notsearching.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\pause_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\play_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\play_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\question.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\searching.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\splash.png
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\stop_up.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\theme.txt
    C:\Documents and Settings\Betty\Application Data\LimeWire\themes\windows_theme\warning.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\ttree.cache
    C:\Documents and Settings\Betty\Application Data\LimeWire\update.xml
    C:\Documents and Settings\Betty\Application Data\LimeWire\version.key
    C:\Documents and Settings\Betty\Application Data\LimeWire\version.xml
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\application.sxml
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\audio.sxml
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\delete_me
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\data\video.sxml
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\application.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\audio.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\document.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\image.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\misc\video.gif
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\application.xsd
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\audio.xsd
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\document.xsd
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\image.xsd
    C:\Documents and Settings\Betty\Application Data\LimeWire\xml\schemas\video.xsd
    C:\Documents and Settings\Betty\Application Data\Personal Address Book.ADR\
    C:\IRCap
    C:\IRCap\Crack\779b31484656d7207ff1d8e2c7a5ac1f896.zip
    C:\IRCap\Crack\keygen.exe
    C:\IRCap\Crack\XBiNX.nfo
    C:\IRCap\mirc62.exe
    C:\Program Files\Common Files\xing shared
    C:\Program Files\Common Files\xing shared\mpeg encode\xmencmp3.dll
    C:\VundoFix Backups
    C:\VundoFix Backups\aacgptld.dll.bad
    C:\VundoFix Backups\dltpgcaa.ini.bad
    C:\VundoFix Backups\mllml.dll.bad
    C:\VundoFix Backups\pmnlj.dll.bad
    C:\VundoFix Backups\ssttt.dll.bad
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\lnnmp.ini
    C:\WINDOWS\system32\lnnmp.ini2
    C:\WINDOWS\system32\pmnnl.dll
    C:\WINDOWS\system32\stutv.ini2
    C:\WINDOWS\system32\wdkcepyq.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
    .

    2008-03-22 12:44 . 2008-03-22 12:44 <DIR> d-------- C:\_OTMoveIt
    2008-03-21 18:05 . 2008-03-21 18:06 <DIR> d-------- C:\WINDOWS\system32\NtmsData
    2008-03-21 15:16 . 2008-03-22 12:36 1,540,055 ---hs---- C:\WINDOWS\system32\oisjtsab.ini
    2008-03-21 14:20 . 2008-03-22 08:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-03-21 14:20 . 2008-03-21 14:20 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\SUPERAntiSpyware.com
    2008-03-21 14:20 . 2008-03-21 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-03-21 14:19 . 2008-03-21 14:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-21 13:12 . 2008-03-21 13:12 1,539,724 ---hs---- C:\WINDOWS\system32\elmnvfub.ini
    2008-03-20 23:34 . 2008-03-18 23:48 1,526,077 ---hs---- C:\WINDOWS\system32\pbptwjie.ini
    2008-03-20 23:30 . 2008-03-20 23:30 354 ---hs---- C:\WINDOWS\system32\tyslcunr.ini
    2008-03-20 22:23 . 2008-03-20 22:23 294 ---hs---- C:\WINDOWS\system32\vtnigbmw.ini
    2008-03-20 09:41 . 2008-03-20 17:46 1,540,176 ---hs---- C:\WINDOWS\system32\yyclgtte.ini
    2008-03-19 17:12 . 2007-03-19 17:20 1,534,825 ---hs---- C:\WINDOWS\system32\fxwodjpi.ini
    2008-03-19 15:11 . 2008-03-19 15:11 <DIR> d-------- C:\Program Files\Trend Micro
    2008-03-19 15:04 . 2008-03-22 13:44 <DIR> d-------- C:\WINDOWS\Internet Logs
    2008-03-19 15:04 . 2008-03-19 15:04 <DIR> d-------- C:\Program Files\Zone Labs
    2008-03-19 14:46 . 2008-03-19 14:46 <DIR> d-------- C:\Program Files\Windows Defender
    2008-03-19 13:37 . 2008-03-19 14:20 <DIR> d-------- C:\Program Files\NoAdware5.0
    2008-03-19 11:05 . 2007-03-19 11:30 <DIR> d-------- C:\SDFix
    2008-03-19 10:22 . 2008-03-19 10:22 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\RegistrySmart
    2008-03-19 10:21 . 2008-03-19 10:22 <DIR> d-------- C:\Program Files\RegistrySmart
    2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
    2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Sammsoft
    2008-03-19 09:00 . 2007-03-19 11:10 1,525,531 ---hs---- C:\WINDOWS\system32\tkdulbpy.ini
    2008-03-19 08:08 . 2008-03-19 08:57 1,525,099 ---hs---- C:\WINDOWS\system32\uytajghn.ini
    2008-03-19 07:27 . 2008-03-19 08:05 1,524,664 ---hs---- C:\WINDOWS\system32\caabjwjs.ini
    2008-03-18 23:50 . 2007-03-19 07:14 1,526,197 ---hs---- C:\WINDOWS\system32\ostcxxlp.ini
    2008-03-18 16:08 . 2007-03-18 17:59 1,521,492 ---hs---- C:\WINDOWS\system32\xhartsjb.ini
    2008-03-18 12:00 . 2008-03-18 12:00 1,390,596 ---hs---- C:\WINDOWS\system32\bijctraq.ini
    2008-03-17 13:29 . 2008-03-17 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
    2008-03-17 12:45 . 2008-03-17 12:45 <DIR> d-------- C:\Program Files\VSO
    2008-03-17 12:45 . 2008-03-18 11:48 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Vso
    2008-03-17 12:45 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
    2008-03-17 12:45 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
    2008-03-17 12:45 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
    2008-03-17 12:45 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
    2008-03-17 12:45 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
    2008-03-17 12:45 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
    2008-03-17 12:45 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
    2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
    2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.sys
    2008-03-17 12:42 . 2008-03-19 17:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-17 12:42 . 2008-03-17 12:47 37,888 --a------ C:\WINDOWS\system32\rar.exe
    2008-03-17 09:51 . 2007-03-19 12:33 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-03-17 09:08 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
    2008-03-17 09:07 . 2008-03-17 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
    2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\SlySoft
    2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\Elaborate Bytes
    2008-03-16 13:16 . 2008-03-16 22:12 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\BitTorrent
    2008-03-11 11:42 . 2008-03-11 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-03-03 18:38 . 2008-03-03 18:38 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\vlc
    2008-03-03 18:37 . 2008-03-03 18:37 <DIR> d-------- C:\Program Files\VideoLAN

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-22 13:44 600,096 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-03-22 13:42 9,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-03-22 13:28 --------- d-----w C:\Program Files\LimeWire
    2008-03-18 16:51 --------- d-----w C:\Program Files\Java
    2008-03-17 13:42 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2008-03-17 13:42 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-03-17 13:42 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-03-17 08:55 --------- d-----w C:\Documents and Settings\Betty\Application Data\Ahead
    2008-02-18 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
    2008-02-18 13:29 --------- d-----w C:\Program Files\Common Files\Logishrd
    2008-02-18 13:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-18 13:28 --------- d-----w C:\Program Files\Common Files\Logitech
    2008-02-18 13:28 --------- d-----w C:\Documents and Settings\Betty\Application Data\InstallShield
    2008-02-14 10:54 --------- d-----w C:\Documents and Settings\Betty\Application Data\Apple Computer
    2008-02-12 12:09 --------- d-----w C:\Program Files\Easy Duplicate Finder
    2008-02-08 14:52 --------- d-----w C:\Program Files\iTunes
    2008-02-08 14:52 --------- d-----w C:\Program Files\iPod
    2008-02-08 14:51 --------- d-----w C:\Program Files\QuickTime
    2008-02-08 14:51 --------- d-----w C:\Program Files\Common Files\Apple
    2008-02-08 14:51 --------- d-----w C:\Program Files\Bonjour
    2008-02-08 14:51 --------- d-----w C:\Program Files\Apple Software Update
    2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-02-08 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
    2008-02-06 12:49 17,920 ----a-w C:\WINDOWS\WebFerretUninstall.exe
    2008-02-06 12:49 --------- d-----w C:\Program Files\WebFerret
    2008-01-31 11:22 --------- d-----w C:\Documents and Settings\Betty\Application Data\Canon
    2008-01-28 14:35 --------- d-----w C:\Program Files\Lavasoft
    2008-01-28 14:35 --------- d-----w C:\Documents and Settings\Betty\Application Data\Lavasoft
    2008-01-28 12:34 --------- d-----w C:\Program Files\eMule
    2008-01-28 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-01-28 10:37 --------- d-----w C:\Program Files\Real
    2008-01-28 10:37 --------- d-----w C:\Program Files\Common Files\Real
    2008-01-27 02:00 --------- d-----w C:\Program Files\MSXML 4.0
    2008-01-27 02:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-26 10:18 --------- d-----w C:\Documents and Settings\Betty\Application Data\Jasc
    2008-01-25 16:09 --------- d-----w C:\Program Files\ScanSoft
    2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
    2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-01-25 16:09 --------- d-----w C:\Documents and Settings\Betty\Application Data\ScanSoft
    2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-01-25 16:00 --------- d-----w C:\Program Files\Canon
    2008-01-25 15:59 --------- d-----w C:\Program Files\Common Files\CANON
    2008-01-25 15:57 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
    2008-01-25 15:56 --------- d--h--w C:\Program Files\CanonBJ
    2008-01-16 02:04 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-21_13.03.21.00 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-03-21 13:20:17 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    + 2008-03-21 13:20:17 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470}]
    C:\WINDOWS\system32\iscmlxap.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 13:00 15360]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 05:00 8523776]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14 919016]
    "4051595e"="C:\WINDOWS\system32\bastjsio.dll" [ ]
    "BM43626ac2"="C:\WINDOWS\system32\bqcxkvkq.dll" [ ]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-18 14:28:55 784912]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4051595e]
    C:\WINDOWS\system32\aacgptld.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    --a------ 2006-01-12 20:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    --a------ 2008-03-17 08:37 454144 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
    --a------ 2007-07-23 09:34 2084480 C:\Program Files\Advanced Registry Optimizer\ARO.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    --a------ 2007-12-04 14:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2006-12-24 03:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM43626ac2]
    --a------ 2007-03-19 17:21 90688 C:\WINDOWS\system32\vopgebir.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    --a------ 2007-04-03 17:50 1603152 C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    --a------ 2007-05-14 17:01 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-02-04 14:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    --a------ 2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    ---hs---- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-13 00:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-11-07 05:00 81920 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
    --a------ 2008-03-14 15:09 4351216 C:\Program Files\RegistrySmart\RegistrySmart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-01-28 11:37 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -u

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2006-02-10 16:27 1420560 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Adobe LM Service"=3 (0x3)
    "iPod Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "avast! Web Scanner"=3 (0x3)
    "avast! Mail Scanner"=3 (0x3)
    "avast! Antivirus"=2 (0x2)
    "aswUpdSv"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
    "C:\\Program Files\\WebFerret\\WebFerret.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=


    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-22 02:30:03 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmart
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-22 14:43:47
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    .
    **************************************************************************
    .
    Completion time: 2008-03-22 14:45:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-22 13:45:27
    ComboFix2.txt 2008-03-21 12:03:54
    .
    2008-03-19 08:00:28 --- E O F ---
     
  7. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Hey Tigrita,

    That's good to hear. The ComboFix.txt is looking better now, but we still have malicious files in there. Let's run ComboFix again.

    Please follow my instructions carefully and try not to miss out any step or logs requested.

    Fix with ComboFix

    1. Please open Notepad. (Use ONLY Notepad and no other text editor)

    [*] Click Start , then Run
    [*]Type notepad.exe in the Run Box.

    2. Now copy/paste the entire content of the quotebox below into the Notepad window:


    Note: The above script is specifically for this user, using it on another computer can may cause permanent damage to your system!

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]

    5. Reboot your computer.

    ---------------------------------------------------------------------

    Run an anti-rootkit scan

    Download Sophos Anti-Rootkit & save it to your desktop after filling out the questionaire and reading the EULA.

    Note: You will need to enter your name, e-mail address and location in order to access the download page.
    [*]Double-click sarsfx.exe to extract the files.
    [*]Click the Accept button at the EULA, then Install to the default directory
    [*]At the next prompt, click Yes to start the program
    [*]Make sure the following are checked:

    • [*]Running processes
      [*]Windows Registry
      [*]Local Hard Drives

    • Click the "Start Scan" button.
    • Allow the program to scan your computer - please be patient as it may take some time
    • Once the scan has completed a window will pop-up with the results of the scan - click OK to this
    • In the main window, you will see each of the entries found by the scan (if any)
    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
    • If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
    • To clean up these entries click on the Clean up checked items button
    • If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
    • Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
    • When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now and if any rootkits have been found (please take down the file names of the rootkits found).

      ----------------------------------------------------------------------

      Scan with MalwareByte's Anti-Malware

      Please download Malwarebytes' Anti-Malware from Here or Here

      Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

      Extra Note:
      If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

      ----------------------------------------------------------------------

      In your next reply (please include):

      * Fresh HijackThis Log (after completing everything)
      * ComboFix.txt
      * Report on rootkit scan and computer performance(please tell me the names of all the rootkit files found, if any)
      * MalwareByte's Anti-Malware log


      Go!

      ~Ltangel~
     
  8. Tigrita

    Tigrita Member

    Joined:
    Mar 19, 2008
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    Hi Ltangel,

    1. RUNDLL: Errors loading bastjsio.ddd & bqcxkvkq.dll

    2. Appeared after rebooting (after Combofix)
    3. After running Sophos-Anti-Roothit, there were “no hidden files found by scan”

    Here is the first Hijack this:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:01:39 PM, on 3/22/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Trend Micro\HijackThis\Betty.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: {0741e8a5-e647-d2da-e9b4-4db83ba78a2e} - {e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470} - C:\WINDOWS\system32\iscmlxap.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [4051595e] rundll32.exe "C:\WINDOWS\system32\bastjsio.dll",b
    O4 - HKLM\..\Run: [BM43626ac2] Rundll32.exe "C:\WINDOWS\system32\bqcxkvkq.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200211951812
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL...-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

    --
    End of file - 6904 bytes



    Malwarebytes' Anti-Malware 1.09
    Database version: 521

    Scan type: Quick Scan
    Objects scanned: 29023
    Time elapsed: 1 minute(s), 45 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 6
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 4
    Files Infected: 14

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Sammsoft (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    And the seconf Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:13:16 PM, on 3/22/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Trend Micro\HijackThis\Betty.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: {0741e8a5-e647-d2da-e9b4-4db83ba78a2e} - {e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470} - C:\WINDOWS\system32\iscmlxap.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [4051595e] rundll32.exe "C:\WINDOWS\system32\bastjsio.dll",b
    O4 - HKLM\..\Run: [BM43626ac2] Rundll32.exe "C:\WINDOWS\system32\bqcxkvkq.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200211951812
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL...-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

    --
    End of file - 6904 bytes

     
  9. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Hey,

    You left out ComboFix.txt. Can I have a look at it please?

    Thanks. :)

    Edit: Please hurry, I need to go soon. ComboFix.txt is located in C:\.
     
    Last edited: Mar 22, 2008
  10. Tigrita

    Tigrita Member

    Joined:
    Mar 19, 2008
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    ComboFix 08-03-20.5 - Betty 2008-03-22 15:43:01.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1629 [GMT 1:00]
    Running from: C:\Documents and Settings\Betty\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Betty\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    C:\WINDOWS\system32\bijctraq.ini
    C:\WINDOWS\system32\caabjwjs.ini
    C:\WINDOWS\system32\elmnvfub.ini
    C:\WINDOWS\system32\fxwodjpi.ini
    C:\WINDOWS\system32\msxml3a.dll
    C:\WINDOWS\system32\oisjtsab.ini
    C:\WINDOWS\system32\ostcxxlp.ini
    C:\WINDOWS\system32\pbptwjie.ini
    C:\WINDOWS\system32\tkdulbpy.ini
    C:\WINDOWS\system32\tyslcunr.ini
    C:\WINDOWS\system32\uytajghn.ini
    C:\WINDOWS\system32\vtnigbmw.ini
    C:\WINDOWS\system32\xhartsjb.ini
    C:\WINDOWS\system32\yyclgtte.ini
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Betty\Application Data\BitTorrent
    C:\Documents and Settings\Betty\Application Data\BitTorrent\dht.dat
    C:\Documents and Settings\Betty\Application Data\BitTorrent\Plato DVD Creator 3.75 + Key [App][English][www.zonatorrent.com].rar.torrent
    C:\Documents and Settings\Betty\Application Data\BitTorrent\resume.dat
    C:\Documents and Settings\Betty\Application Data\BitTorrent\resume.dat.old
    C:\Documents and Settings\Betty\Application Data\BitTorrent\settings.dat
    C:\Documents and Settings\Betty\Application Data\BitTorrent\settings.dat.old
    C:\Program Files\LimeWire
    C:\Program Files\LimeWire\log.txt
    C:\SDFix
    C:\SDFix\apps\assosfix.reg
    C:\SDFix\apps\cliptext.exe
    C:\SDFix\apps\download.exe
    C:\SDFix\apps\dummy.sys
    C:\SDFix\apps\Enable_Command_Prompt.reg
    C:\SDFix\apps\ERDNTDOS.LOC
    C:\SDFix\apps\ERDNTWIN.LOC
    C:\SDFix\apps\ERUNT.EXE
    C:\SDFix\apps\ERUNT.LOC
    C:\SDFix\apps\fix.reg
    C:\SDFix\apps\FixBH.reg
    C:\SDFix\apps\FixComponents.reg
    C:\SDFix\apps\FIXCU.reg
    C:\SDFix\apps\FIXLM.reg
    C:\SDFix\apps\FixPath.exe
    C:\SDFix\apps\FixRedir.reg
    C:\SDFix\apps\FixSchedule.reg
    C:\SDFix\apps\FixWebCheck.reg
    C:\SDFix\apps\fixXP.reg
    C:\SDFix\apps\FixXPsp2.reg
    C:\SDFix\apps\grep.exe
    C:\SDFix\apps\HPFix.reg
    C:\SDFix\apps\HPFix2.reg
    C:\SDFix\apps\HPFix3.reg
    C:\SDFix\apps\HPFix4.reg
    C:\SDFix\apps\HPFix5.reg
    C:\SDFix\apps\HPFix6.reg
    C:\SDFix\apps\HPFix7.reg
    C:\SDFix\apps\isadmin.exe
    C:\SDFix\apps\leg2.txt
    C:\SDFix\apps\legacy.txt
    C:\SDFix\apps\legacybk.txt
    C:\SDFix\apps\locate.com
    C:\SDFix\apps\LS.exe
    C:\SDFix\apps\MD5File.exe
    C:\SDFix\apps\MyGcpvFix.reg
    C:\SDFix\apps\MyGkFix2.reg
    C:\SDFix\apps\Process.exe
    C:\SDFix\apps\procs.exe
    C:\SDFix\apps\psservice.exe
    C:\SDFix\apps\Rem.txt
    C:\SDFix\apps\Rem2.txt
    C:\SDFix\apps\Replace\regedit.exe
    C:\SDFix\apps\Replace\W2K.exe
    C:\SDFix\apps\Replace\w2k\beep.sys
    C:\SDFix\apps\Replace\w2k\null.sys
    C:\SDFix\apps\Replace\XP.exe
    C:\SDFix\apps\Replace\xp\beep.sys
    C:\SDFix\apps\Replace\xp\null.sys
    C:\SDFix\apps\Reset_AppInit_DLLs.reg
    C:\SDFix\apps\RestartIt!.exe
    C:\SDFix\apps\Restore_SecurityCenter.reg
    C:\SDFix\apps\Restore_SharedAccess.reg
    C:\SDFix\apps\sc.exe
    C:\SDFix\apps\sed.exe
    C:\SDFix\apps\SF.exe
    C:\SDFix\apps\shutdown.exe
    C:\SDFix\apps\srv2.txt
    C:\SDFix\apps\srv2bk.txt
    C:\SDFix\apps\svc.txt
    C:\SDFix\apps\svcbk.txt
    C:\SDFix\apps\swreg.exe
    C:\SDFix\apps\swsc.exe
    C:\SDFix\apps\unzip.exe
    C:\SDFix\apps\vfind.exe
    C:\SDFix\apps\WINMSG.EXE
    C:\SDFix\apps\winsec.reg
    C:\SDFix\apps\zip.exe
    C:\SDFix\backups\backupreg.zip
    C:\SDFix\backups\backups.zip
    C:\SDFix\backups\catchme.log
    C:\SDFix\backups\HOSTS
    C:\SDFix\catchme.exe
    C:\SDFix\dummy.sys
    C:\SDFix\Report.txt
    C:\SDFix\RunThis.bat
    C:\SDFix\SDFIX_ReadMe_Online.url
    C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    C:\WINDOWS\system32\bijctraq.ini
    C:\WINDOWS\system32\caabjwjs.ini
    C:\WINDOWS\system32\elmnvfub.ini
    C:\WINDOWS\system32\fxwodjpi.ini
    C:\WINDOWS\system32\msxml3a.dll
    C:\WINDOWS\system32\oisjtsab.ini
    C:\WINDOWS\system32\ostcxxlp.ini
    C:\WINDOWS\system32\pbptwjie.ini
    C:\WINDOWS\system32\tkdulbpy.ini
    C:\WINDOWS\system32\tyslcunr.ini
    C:\WINDOWS\system32\uytajghn.ini
    C:\WINDOWS\system32\vtnigbmw.ini
    C:\WINDOWS\system32\xhartsjb.ini
    C:\WINDOWS\system32\yyclgtte.ini

    .
    ((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
    .

    2008-03-22 12:44 . 2008-03-22 12:44 <DIR> d-------- C:\_OTMoveIt
    2008-03-21 18:05 . 2008-03-21 18:06 <DIR> d-------- C:\WINDOWS\system32\NtmsData
    2008-03-21 14:20 . 2008-03-22 08:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-03-21 14:20 . 2008-03-21 14:20 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\SUPERAntiSpyware.com
    2008-03-21 14:20 . 2008-03-21 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-03-21 14:19 . 2008-03-21 14:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-19 15:11 . 2008-03-19 15:11 <DIR> d-------- C:\Program Files\Trend Micro
    2008-03-19 15:04 . 2008-03-22 14:50 <DIR> d-------- C:\WINDOWS\Internet Logs
    2008-03-19 15:04 . 2008-03-19 15:04 <DIR> d-------- C:\Program Files\Zone Labs
    2008-03-19 14:46 . 2008-03-19 14:46 <DIR> d-------- C:\Program Files\Windows Defender
    2008-03-19 13:37 . 2008-03-19 14:20 <DIR> d-------- C:\Program Files\NoAdware5.0
    2008-03-19 10:22 . 2008-03-19 10:22 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\RegistrySmart
    2008-03-19 10:21 . 2008-03-19 10:22 <DIR> d-------- C:\Program Files\RegistrySmart
    2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
    2008-03-19 09:31 . 2008-03-19 09:31 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Sammsoft
    2008-03-17 13:29 . 2008-03-17 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
    2008-03-17 12:45 . 2008-03-17 12:45 <DIR> d-------- C:\Program Files\VSO
    2008-03-17 12:45 . 2008-03-18 11:48 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Vso
    2008-03-17 12:45 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
    2008-03-17 12:45 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
    2008-03-17 12:45 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
    2008-03-17 12:45 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
    2008-03-17 12:45 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
    2008-03-17 12:45 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
    2008-03-17 12:45 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
    2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
    2008-03-17 12:45 . 2008-03-17 12:45 47,360 --a------ C:\Documents and Settings\Betty\Application Data\pcouffin.sys
    2008-03-17 12:42 . 2008-03-19 17:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-17 12:42 . 2008-03-17 12:47 37,888 --a------ C:\WINDOWS\system32\rar.exe
    2008-03-17 09:51 . 2007-03-19 12:33 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-03-17 09:07 . 2008-03-17 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
    2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\SlySoft
    2008-03-17 08:36 . 2008-03-17 08:36 <DIR> d-------- C:\Program Files\Elaborate Bytes
    2008-03-11 11:42 . 2008-03-11 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-03-03 18:38 . 2008-03-03 18:38 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\vlc
    2008-03-03 18:37 . 2008-03-03 18:37 <DIR> d-------- C:\Program Files\VideoLAN

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-22 14:44 634,912 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-03-22 13:42 9,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-03-18 16:51 --------- d-----w C:\Program Files\Java
    2008-03-17 13:42 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2008-03-17 13:42 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-03-17 13:42 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-03-17 13:42 158,456 ------w C:\WINDOWS\system32\pxwma.dll
    2008-03-17 08:55 --------- d-----w C:\Documents and Settings\Betty\Application Data\Ahead
    2008-02-18 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
    2008-02-18 13:29 --------- d-----w C:\Program Files\Common Files\Logishrd
    2008-02-18 13:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-18 13:28 --------- d-----w C:\Program Files\Common Files\Logitech
    2008-02-18 13:28 --------- d-----w C:\Documents and Settings\Betty\Application Data\InstallShield
    2008-02-14 10:54 --------- d-----w C:\Documents and Settings\Betty\Application Data\Apple Computer
    2008-02-12 12:09 --------- d-----w C:\Program Files\Easy Duplicate Finder
    2008-02-08 14:52 --------- d-----w C:\Program Files\iTunes
    2008-02-08 14:52 --------- d-----w C:\Program Files\iPod
    2008-02-08 14:51 --------- d-----w C:\Program Files\QuickTime
    2008-02-08 14:51 --------- d-----w C:\Program Files\Common Files\Apple
    2008-02-08 14:51 --------- d-----w C:\Program Files\Bonjour
    2008-02-08 14:51 --------- d-----w C:\Program Files\Apple Software Update
    2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-02-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-02-08 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
    2008-02-06 12:49 8,192 ----a-w C:\WINDOWS\system32\NetFerret.dll
    2008-02-06 12:49 17,920 ----a-w C:\WINDOWS\WebFerretUninstall.exe
    2008-02-06 12:49 --------- d-----w C:\Program Files\WebFerret
    2008-02-04 17:23 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
    2008-01-31 11:22 --------- d-----w C:\Documents and Settings\Betty\Application Data\Canon
    2008-01-28 14:35 --------- d-----w C:\Program Files\Lavasoft
    2008-01-28 14:35 --------- d-----w C:\Documents and Settings\Betty\Application Data\Lavasoft
    2008-01-28 12:34 --------- d-----w C:\Program Files\eMule
    2008-01-28 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-01-28 10:37 --------- d-----w C:\Program Files\Real
    2008-01-28 10:37 --------- d-----w C:\Program Files\Common Files\Real
    2008-01-27 02:00 --------- d-----w C:\Program Files\MSXML 4.0
    2008-01-27 02:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-26 10:18 --------- d-----w C:\Documents and Settings\Betty\Application Data\Jasc
    2008-01-25 16:09 --------- d-----w C:\Program Files\ScanSoft
    2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
    2008-01-25 16:09 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-01-25 16:09 --------- d-----w C:\Documents and Settings\Betty\Application Data\ScanSoft
    2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-01-25 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-01-25 16:00 --------- d-----w C:\Program Files\Canon
    2008-01-25 15:59 --------- d-----w C:\Program Files\Common Files\CANON
    2008-01-25 15:57 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
    2008-01-25 15:56 --------- d--h--w C:\Program Files\CanonBJ
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2a87ab3-8bd4-4b9e-ad2d-746e5a8e1470}]
    C:\WINDOWS\system32\iscmlxap.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 13:00 15360]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 05:00 8523776]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14 919016]
    "4051595e"="C:\WINDOWS\system32\bastjsio.dll" [ ]
    "BM43626ac2"="C:\WINDOWS\system32\bqcxkvkq.dll" [ ]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-18 14:28:55 784912]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4051595e]
    C:\WINDOWS\system32\aacgptld.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    --a------ 2006-01-12 20:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    --a------ 2008-03-17 08:37 454144 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
    --a------ 2007-07-23 09:34 2084480 C:\Program Files\Advanced Registry Optimizer\ARO.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    --a------ 2007-12-04 14:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2006-12-24 03:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM43626ac2]
    --a------ 2007-03-19 17:21 90688 C:\WINDOWS\system32\vopgebir.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    --a------ 2007-04-03 17:50 1603152 C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    --a------ 2007-05-14 17:01 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-02-04 14:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    --a------ 2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    ---hs---- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-13 00:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-11-07 05:00 81920 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
    --a------ 2008-03-14 15:09 4351216 C:\Program Files\RegistrySmart\RegistrySmart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-01-28 11:37 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -u

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2006-02-10 16:27 1420560 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Adobe LM Service"=3 (0x3)
    "iPod Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "avast! Web Scanner"=3 (0x3)
    "avast! Mail Scanner"=3 (0x3)
    "avast! Antivirus"=2 (0x2)
    "aswUpdSv"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
    "C:\\Program Files\\WebFerret\\WebFerret.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=


    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-22 02:30:03 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmart
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-22 15:44:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-03-22 15:44:22
    ComboFix-quarantined-files.txt 2008-03-22 14:44:21
    ComboFix2.txt 2008-03-22 13:45:31
    ComboFix3.txt 2008-03-21 12:03:54
    .
    2008-03-19 08:00:28 --- E O F ---
     
  11. Tigrita

    Tigrita Member

    Joined:
    Mar 19, 2008
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    Dear Ltangel,

    First of all I would like to wish you and your loved ones a very happy Easter.

    I am sorry we didn't get to finish fixing my computer. I hope you will be available to help me again when I return on the 6th of April. I am also sorry I made you spend so much of your time with me, you are truly a wonderful person.

    All the best and warm regards,

    Tigrita
     
  12. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Hey Tigrita,

    Thanks for your compliments. I'll bump your topic constantly and think of a fix for you when you return. Happy easter to you too. :)

    ~Ltangel~
     
  13. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Bumped for original poster.

     
  14. Tigrita

    Tigrita Member

    Joined:
    Mar 19, 2008
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    Dear Ltangel,
    I am back and ready to continue, whenever you have time of course :)))
    Have a wonderful day!!!
     
  15. peterpeck

    peterpeck Member

    Joined:
    May 29, 2004
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    so sorry about your problems but i would suggest a complete reinstall of your operating system i only use AVG free version and would you believe i have no problems with any viruses . also i use win xp system restore my operating system is WIN XP PRO.. regards win restore i disable at least twice per week but imediately start it up again then do a clean restore point ; if you are not careful system restore restore will keep re- installing any viruses you may have on youe system peterpeck
     
  16. Tigrita

    Tigrita Member

    Joined:
    Mar 19, 2008
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    Dear Peterpeck,
    Thank you for your suggestions, I am sure they are good. However, I have been following Ltangel's instructions from the beginning and all the way he/she has been absolutely wonderful to me. I know I have to follow the instructions to the end; his/her help has been absolutely great!!
     
  17. thor999

    thor999 Regular member

    Joined:
    Jan 20, 2004
    Messages:
    227
    Likes Received:
    0
    Trophy Points:
    26
    hell yeah they were great wow man, I wished i knew everything you did! are you self-taught? I mean, I know how to do this stuff onsite but, you take it to a whole new level!
     
  18. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Hey Tigrita,

    Welcome back! :)

    Sorry, I've been really busy these days. Could you please post a fresh HijackThis log?

    Thanks. :)
     
  19. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Hey thor999,

    I have gone through proper training from malware removal experts, and have been doing this for quite a while. :) If you want to learn about malware removal, please PM me.
     
  20. Tigrita

    Tigrita Member

    Joined:
    Mar 19, 2008
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    Dear LTangel,

    Thank you so much for all your help through my crisis, you were very supportive. I understand you were very busy but I needed my PC and couldn't wait any longer so I took it to a professional who did the fixing for me. (I hope he did!!)
    Thanks again for being there for me.
    I wish you all the best.
    Tigrita
     

Share This Page