Jump to content


Help me remove this trojan.vundo.injected

Started by axenia, Jan 08 2008 03:58 PM

  • You cannot reply to this topic
36 replies to this topic

#1 OFFLINE   axenia

    Member

  • Members
  • PipPip
  • 33 posts
  • Gender:Male
  • Location:Malaysia
  • Interests:Computer and Science related things...

Posted 08 January 2008 - 03:58 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32, on 2008-01-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.231.187.4:80
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkjh.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 3433 bytes
Thanks all for helping me getting rid all of these SPYWARE !!

#2 OFFLINE   axenia

    Member

  • Members
  • PipPip
  • 33 posts
  • Gender:Male
  • Location:Malaysia
  • Interests:Computer and Science related things...

Posted 09 January 2008 - 07:40 AM

i felt so bumped......28 ppl saw my post but none replied and help me....

i dont know wat virus is this...

but it always said :


Cannot find pnmll.dll/jkjkl.dll/mllji.dll/jopwroyi.dll/gebca.dll/

or

Cannot find pnmll.exe/jkjkl.exe/mllji.exe/jopwroyi.exe/gebca.exe/

trojan remover cant delete the trojan because its auto regenerate....

how to fix this...i hope someone can help me or i guess i'll juz format my PC....
Thanks all for helping me getting rid all of these SPYWARE !!

#3 OFFLINE   axenia

    Member

  • Members
  • PipPip
  • 33 posts
  • Gender:Male
  • Location:Malaysia
  • Interests:Computer and Science related things...

Posted 14 January 2008 - 11:29 AM

why is it my post is ignored??

if the info that i gave is wrong please tell me...
Thanks all for helping me getting rid all of these SPYWARE !!

#4 OFFLINE   __RiP_ChAiN_

    Advanced Member

  • Members
  • PipPipPip
  • 476 posts
  • Gender:Male
  • Location:U.S.A
  • Interests:Take a guess...

Posted 14 January 2008 - 09:06 PM

Hello axenia :)

Apologies for the delay in getting to your thread, everyone here is very busy at the moment.. :(

You appear to be infected with the newest version of the vundo virus.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop

  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

  • Double click combofix.exe & follow the prompts.

  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log

  • Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

#5 OFFLINE   axenia

    Member

  • Members
  • PipPip
  • 33 posts
  • Gender:Male
  • Location:Malaysia
  • Interests:Computer and Science related things...

Posted 16 January 2008 - 01:01 PM

Thanks For Replying!! :lol:

ACDSee 4.0 PowerPack Suite
Adobe Reader 7.0
Adobe Shockwave Player
Arabic (102) (Jawi Melayu) -- Berbaris (Alt+Ctrl)
AVG Anti-Spyware 7.5
Avira AntiVir PersonalEdition Classic
BlueSoleil
C-Media 3D Audio
C-Media WDM Audio Driver
DAEMON Tools
EasyCleaner
Eye Candy 4000
FLV Player 1.3.3
HijackThis 2.0.2
Hotfix for Windows Media Player 11 (KB939683)
ImageMixer VCD2
Java™ 6 Update 3
Jawi Multikey version 3.0
K-Lite Mega Codec Pack 1.50
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Office FrontPage 2003
Microsoft Office Visio Professional 2003
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NVIDIA Drivers
Pepakura Viewer2
Picture Package
Ragnarok Online
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
SmartSound Quicktracks Plugin
Sony USB Driver
SUPERAntiSpyware Free Edition
Trojan Remover 6.6.5
Tweak UI
Ulead VideoStudio 9.0
Ulead VideoStudio 9.0 (all Languages)
Uniblue RegistryBooster 2
VIA Rhine-Family Fast-Ethernet Adapter
Windows Support Tools
Windows XP Service Pack 3
WinPcap 4.0.2
WinRAR archiver


ComboFix 08-01-07.5 - Admin 2008-01-13 1:59:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.607 [GMT 8:00]
Running from: C:\Documents and Settings\Admin\Desktop\Antivirus Shortcuts\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\ciuaudtl.exe
C:\WINDOWS\system32\dxdiag.com
C:\WINDOWS\system32\hvyxaecg.ini
C:\WINDOWS\system32\jaomvuvi.ini
C:\WINDOWS\system32\jjrvqptp.ini
C:\WINDOWS\system32\jqbenwum.exe
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.ini2
C:\WINDOWS\system32\lwytksxo.ini
C:\WINDOWS\system32\lygqjmmt.exe
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\rrutv.ini2
C:\WINDOWS\system32\setting.ini
C:\WINDOWS\system32\sfsjrxqv.ini
C:\WINDOWS\system32\tujxwruv.ini
C:\WINDOWS\system32\ugmjlnpj.exe
C:\WINDOWS\system32\umvjcnhh.exe
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\vpixmprs.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-13 01:32 . 2007-12-01 00:26 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe.backup
2008-01-12 04:18 . 2008-01-12 04:18 0 --a------ C:\WINDOWS\system32\OH
2008-01-11 13:56 . 2005-06-23 00:33 <DIR> d-a------ C:\VZlimiter
2008-01-11 13:48 . 2008-01-11 13:48 <DIR> d-------- C:\Program Files\Avira
2008-01-11 13:29 . 2008-01-11 13:29 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Bron.tok-24
2008-01-10 14:56 . 2007-05-07 13:28 57,344 -rahs---- C:\WINDOWS\system32\JambanMu.com
2008-01-10 05:21 . 2001-05-24 15:52 144,896 --a------ C:\WINDOWS\system32\msconfig.exe
2008-01-10 04:52 . 2007-12-01 00:26 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2008-01-10 04:52 . 2001-03-18 20:37 5,708 --a------ C:\WINDOWS\system32\k9371937.DLL
2008-01-09 18:48 . 2008-01-09 18:48 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-01-09 17:41 . 2008-01-09 17:41 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-09 17:34 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003204_.tmp
2008-01-09 16:41 . 2006-07-22 23:49 5,376 --a------ C:\WINDOWS\system32\antiwpa.dll
2008-01-09 16:35 . 2001-08-17 13:53 17,792 --a--c--- C:\WINDOWS\system32\dllcache\ppa.sys
2008-01-08 22:53 . 2008-01-09 01:34 78 --a------ C:\WINDOWS\lsoon.ini
2008-01-08 20:58 . 2008-01-12 19:35 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2008-01-08 20:58 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-01-08 20:50 . 2008-01-08 20:51 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Regrun
2008-01-08 20:49 . 2008-01-08 20:49 <DIR> d-------- C:\Program Files\Greatis
2008-01-08 20:37 . 2004-08-04 20:00 59,392 --a--c--- C:\WINDOWS\system32\dllcache\imscinst.exe
2008-01-08 20:36 . 2007-12-01 00:22 102,456 --a--c--- C:\WINDOWS\system32\dllcache\imlang.dll
2008-01-08 20:35 . 2004-08-04 20:00 59,904 --a--c--- C:\WINDOWS\system32\dllcache\imkrinst.exe
2008-01-08 20:34 . 2007-12-01 00:22 274,489 --a--c--- C:\WINDOWS\system32\dllcache\imjputyc.dll
2008-01-08 20:33 . 2007-06-25 18:46 262,200 --a--c--- C:\WINDOWS\system32\dllcache\imjputy.exe
2008-01-08 20:32 . 2004-08-04 20:00 45,109 --a--c--- C:\WINDOWS\system32\dllcache\imjpuex.exe
2008-01-08 20:31 . 2007-06-25 18:46 233,527 --a--c--- C:\WINDOWS\system32\dllcache\imjprw.exe
2008-01-08 20:30 . 2007-06-25 18:46 208,952 --a--c--- C:\WINDOWS\system32\dllcache\imjpmig.exe
2008-01-08 20:29 . 2007-06-25 18:46 196,665 --a--c--- C:\WINDOWS\system32\dllcache\imjpinst.exe
2008-01-08 20:28 . 2007-06-25 18:46 155,705 --a--c--- C:\WINDOWS\system32\dllcache\imjpdsvr.exe
2008-01-08 20:27 . 2004-08-04 20:00 307,257 --a--c--- C:\WINDOWS\system32\dllcache\imjpdct.exe
2008-01-08 20:26 . 2007-12-01 00:22 81,976 --a--c--- C:\WINDOWS\system32\dllcache\imjpdct.dll
2008-01-08 20:25 . 2004-08-04 20:00 57,398 --a--c--- C:\WINDOWS\system32\dllcache\imjpdadm.exe
2008-01-08 20:24 . 2007-12-01 00:22 716,856 --a--c--- C:\WINDOWS\system32\dllcache\imjpcus.dll
2008-01-08 20:23 . 2007-12-01 00:22 368,696 --a--c--- C:\WINDOWS\system32\dllcache\imjpcic.dll
2008-01-08 20:21 . 2007-12-01 00:22 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-01-08 20:19 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-08 20:18 . 2001-08-17 13:28 595,647 --a--c--- C:\WINDOWS\system32\dllcache\es56cvmp.sys
2008-01-08 20:17 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-01-08 20:16 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-08 20:15 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-01-08 20:14 . 2001-08-17 13:28 714,698 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
2008-01-08 20:13 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-08 20:12 . 2004-08-03 22:29 701,440 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-01-08 20:11 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-01-08 20:10 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-01-08 15:19 . 2008-01-11 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-08 11:40 . 2008-01-13 01:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-08 08:01 . 2008-01-08 08:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-08 06:20 . 2008-01-08 07:29 8,024 --ahs---- C:\WINDOWS\system32\rrutv.ini2.vir
2008-01-08 06:20 . 2008-01-08 07:29 8,024 --ahs---- C:\WINDOWS\system32\rrutv.ini.vir
2008-01-08 05:16 . 2008-01-08 05:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-08 05:08 . 2008-01-08 05:08 336,896 --a------ C:\WINDOWS\system32\mljge.dll.vir
2008-01-08 04:40 . 2008-01-08 04:40 1,049,569 --a------ C:\WINDOWS\system32\jvclppbw.ini2.vir
2008-01-08 04:40 . 2008-01-08 04:40 1,045,689 --a------ C:\WINDOWS\system32\jvclppbw.ini.vir
2008-01-08 02:24 . 2008-01-08 05:03 6,556 --a------ C:\WINDOWS\system32\egjlm.ini.vir
2008-01-08 02:24 . 2008-01-08 05:03 319 --a------ C:\WINDOWS\system32\egjlm.ini2.vir
2008-01-08 00:48 . 2005-01-05 15:32 79 --a------ C:\Show Desktop.scf
2008-01-08 00:32 . 2008-01-09 07:40 <DIR> d-------- C:\Program Files\Uniblue
2008-01-07 22:49 . 2008-01-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-07 22:49 . 2008-01-07 22:49 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Grisoft
2008-01-07 22:49 . 2007-05-30 20:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-07 21:54 . 2008-01-07 21:54 84,418 --a------ C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2008-01-07 21:51 . 2008-01-07 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-07 21:51 . 2008-01-08 11:40 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2008-01-07 21:12 . 2008-01-13 01:37 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-07 20:30 . 2008-01-07 20:51 1,055,763 --a------ C:\WINDOWS\system32\iyorwpoj.ini.vir
2008-01-07 17:59 . 2008-01-07 17:59 326,144 --a------ C:\WINDOWS\system32\mllji.dll.vir
2008-01-07 17:59 . 2008-01-07 20:53 319 --a------ C:\WINDOWS\system32\ijllm.ini2.vir
2008-01-07 17:59 . 2008-01-07 20:53 319 --a------ C:\WINDOWS\system32\ijllm.ini.vir
2008-01-07 17:25 . 2008-01-07 17:36 326,144 --a------ C:\WINDOWS\system32\awvvu.dll.vir
2008-01-07 17:22 . 2008-01-07 17:35 10,446 --a------ C:\WINDOWS\system32\uvvwa.ini.vir
2008-01-07 17:22 . 2008-01-07 17:34 9,478 --a------ C:\WINDOWS\system32\uvvwa.ini2.vir
2008-01-07 15:36 . 2008-01-07 16:04 1,043,594 --a------ C:\WINDOWS\system32\uticjmgo.ini.vir
2008-01-07 15:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 13:54 . 2008-01-07 17:08 6,619 --a------ C:\WINDOWS\system32\hjkkj.ini2.vir
2008-01-07 13:54 . 2008-01-07 17:08 6,619 --a------ C:\WINDOWS\system32\hjkkj.ini.vir
2008-01-06 07:06 . 2008-01-07 13:37 7,148 --a------ C:\WINDOWS\system32\acbeg.ini2.vir
2008-01-06 07:06 . 2008-01-07 13:37 7,148 --a------ C:\WINDOWS\system32\acbeg.ini.vir
2008-01-05 18:23 . 2008-01-05 18:23 <DIR> d-------- C:\Program Files\Jawi Multikey
2007-12-31 21:44 . 2007-12-31 21:44 <DIR> d-------- C:\Program Files\Support Tools
2007-12-31 21:39 . 2007-12-31 21:42 1,043,980 --a------ C:\WINDOWS\system32\pufjqhfq.ini.vir
2007-12-31 21:19 . 2008-01-13 01:11 <DIR> d-------- C:\Program Files\Trojan Remover
2007-12-31 21:19 . 2007-12-31 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-12-31 20:50 . 2007-12-31 20:54 328,192 --a------ C:\WINDOWS\system32\ddccy.dll.vir
2007-12-31 20:18 . 2007-12-31 20:54 6,620 --a------ C:\WINDOWS\system32\yccdd.ini2.vir
2007-12-31 20:18 . 2007-12-31 20:54 6,620 --a------ C:\WINDOWS\system32\yccdd.ini.vir
2007-12-31 16:36 . 2007-12-31 16:36 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-31 16:36 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-31 15:51 . 2007-12-31 16:36 <DIR> d-------- C:\Program Files\Java
2007-12-31 15:47 . 2007-12-31 20:10 6,626 --a------ C:\WINDOWS\system32\svvwa.ini2.vir
2007-12-31 15:47 . 2007-12-31 20:10 6,626 --a------ C:\WINDOWS\system32\svvwa.ini.vir
2007-12-31 15:12 . 2007-12-31 15:30 1,043,860 --a------ C:\WINDOWS\system32\eahndtsk.ini.vir
2007-12-31 15:08 . 2007-12-31 15:08 5,120 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-12-31 06:33 . 2007-12-31 06:33 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-31 00:37 . 2008-01-09 15:52 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-30 18:48 . 2007-12-30 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-30 13:59 . 2008-01-06 05:08 10,737 --a------ C:\WINDOWS\system32\llnmp.ini2.vir
2007-12-30 13:59 . 2008-01-06 05:06 10,737 --a------ C:\WINDOWS\system32\llnmp.ini.vir
2007-12-30 13:54 . 2007-12-30 13:54 38,400 --a------ C:\WINDOWS\system32\khffcyw.VIR
2007-12-29 16:51 . 2007-12-29 16:51 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\ImageFox

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 17:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-08 06:01 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2008-01-07 16:30 --------- d-----w C:\Program Files\ScanSpyware v3.8.0.4
2008-01-01 18:12 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys
2007-12-31 07:14 --------- d-----w C:\Program Files\Yahoo!
2007-12-27 13:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 09:26 --------- d-----w C:\Program Files\Macromedia
2007-12-26 09:26 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-12-23 14:30 --------- d-----w C:\Documents and Settings\Admin\Application Data\Simply Super Software
2007-12-16 21:47 --------- d-----w C:\Program Files\Google
2007-11-30 16:27 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2007-11-30 16:27 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2007-11-30 16:27 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2007-11-30 16:27 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2007-11-30 16:26 69,120 ----a-w C:\WINDOWS\notepad.exe
2007-11-30 16:26 50,688 ----a-w C:\WINDOWS\twain_32.dll
2007-11-30 16:26 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2007-11-30 16:26 32,866 ------w C:\WINDOWS\slrundll.exe
2007-11-30 16:26 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2007-11-30 16:26 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2007-11-30 16:26 146,432 ----a-w C:\WINDOWS\regedit.exe
2007-11-30 16:26 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2007-11-30 16:26 10,752 ----a-w C:\WINDOWS\hh.exe
2007-11-30 16:26 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2007-11-30 16:25 450,048 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2007-11-30 16:25 4,255 ------w C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-11-30 16:25 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2007-11-30 16:25 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2007-11-30 16:25 3,967 ------w C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-11-30 16:25 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
2007-11-30 16:25 3,775 ------w C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-11-30 16:25 3,711 ------w C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-11-30 16:25 3,647 ------w C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-11-30 16:25 3,615 ------w C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-11-30 16:25 3,135 ------w C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-11-30 16:25 25,471 ------w C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-11-30 16:25 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2007-11-30 16:25 21,183 ------w C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-11-30 16:25 17,279 ------w C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-11-30 16:25 15,423 ------w C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-11-30 16:25 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2007-11-30 16:25 14,143 ------w C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-11-30 16:25 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2007-11-30 16:25 11,359 ------w C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-11-30 16:25 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2007-11-30 10:26 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2007-11-30 10:19 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2007-11-30 10:18 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2007-11-30 10:18 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2007-11-30 10:18 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2007-11-30 10:18 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-11-30 10:18 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2007-11-30 10:17 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2007-11-30 10:17 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2007-11-30 10:17 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2007-11-30 10:15 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2007-11-30 10:14 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2007-11-30 10:14 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2007-11-30 10:14 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2007-11-30 10:14 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2007-11-30 10:13 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2007-11-30 10:13 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2007-11-30 10:13 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2007-11-30 10:13 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2007-11-30 10:12 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2007-11-30 10:12 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2007-11-30 10:12 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2007-11-30 09:55 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2007-11-30 09:54 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-11-30 09:54 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2007-11-30 09:50 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2007-11-30 09:50 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2007-11-30 09:50 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2007-11-30 09:50 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2007-11-30 09:50 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2007-11-30 09:50 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2007-11-30 09:50 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2007-11-30 09:49 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2007-11-30 09:49 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2007-11-30 09:49 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2007-11-30 09:49 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2007-11-30 09:49 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2007-11-30 09:49 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2007-11-30 09:48 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2007-11-30 09:48 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2007-11-30 09:48 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2007-11-30 09:48 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2007-11-30 09:47 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2007-11-30 09:46 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2007-11-30 09:45 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2007-11-30 09:44 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2007-11-30 09:44 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2007-11-30 09:44 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2007-11-30 09:42 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2007-11-30 09:42 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2007-11-30 09:42 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2007-11-30 09:42 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2007-11-30 09:42 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2007-11-30 09:39 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2007-11-30 09:32 85,248 ----a-w C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-05-07 05:28 57,344 --sha-r C:\WINDOWS\system32\JambanMu.com
.
<pre>
----a-w		   411,648 2007-12-30 09:52:22  C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w		   132,496 2007-12-31 09:01:48  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w		 1,318,912 2008-01-08 11:54:19  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w		   735,824 2008-01-07 05:48:55  C:\Program Files\Trojan Remover\Trjscan .exe
----a-w			15,360 2008-01-09 07:52:44  C:\WINDOWS\system32\ctfmon .exe
----a-w		   131,072 2007-12-31 02:54:44  C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBHP .EXE
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2007-12-01 00:26 389120]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoShellSearchButto"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 2006-07-22 23:49 5376 C:\WINDOWS\system32\antiwpa.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageFox.lnk]
backup=C:\WINDOWS\pss\ImageFox.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2008-01-07 22:53 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cc590ea5]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2007-12-01 00:26 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-23 04:22 7700480 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-01 00:26 33280 C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-23 04:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regrun2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows MSN]
C:\Program Files\Common Files\Microsoft Shared\DAO\MSN.msn

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TlntSvr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-01-02 02:12]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-07 04:22]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-12 19:35]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-16 14:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bbd2478-b265-11dc-b8dc-00142a1274e9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - Flash.10.Setup.exe
\Shell\Open\command - Flash.10.Setup.exe
\Shell\Scan for Viruses\command - Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{266a7a26-b483-11dc-b8e7-00142a1274e9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - H:\Flash.10.Setup.exe
\Shell\Open\command - H:\Flash.10.Setup.exe
\Shell\Scan for Viruses\command - H:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26fdde55-6036-11d9-b888-00142a1274e9}]
\Shell\Auto\command - N:\MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f4b9b55-aeca-11dc-b8d1-00142a1274e9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - H:\Flash.10.Setup.exe
\Shell\Open\command - H:\Flash.10.Setup.exe
\Shell\Scan for Viruses\command - H:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f4b9b56-aeca-11dc-b8d1-00142a1274e9}]
\Shell\AutoRun\command - ntdelect.com
\Shell\explore\Command - ntdelect.com
\Shell\open\Command - ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{702d1569-6333-11d9-b895-00142a1274e9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - H:\Flash.10.Setup.exe
\Shell\Open\command - H:\Flash.10.Setup.exe
\Shell\Scan for Viruses\command - H:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88ef855e-6153-11d9-b88f-00142a1274e9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - H:\Flash.10.Setup.exe
\Shell\Open\command - H:\Flash.10.Setup.exe
\Shell\Scan for Viruses\command - H:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{899c2ab3-b690-11dc-b8f3-00142a1274e9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - H:\Flash.10.Setup.exe
\Shell\Open\command - H:\Flash.10.Setup.exe
\Shell\Scan for Viruses\command - H:\Scanner.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-25 08:02:53 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 02:09:22
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 2:12:38 - machine was rebooted [Admin]
ComboFix-quarantined-files.txt 2008-01-12 18:12:32
.
2008-01-11 18:56:28 --- E O F ---


Thanks again for replying !! :rolleyes:
And one more thing....my CPU Usage is always 100% and my PC completely slow....
Thanks all for helping me getting rid all of these SPYWARE !!

#6 OFFLINE   __RiP_ChAiN_

    Advanced Member

  • Members
  • PipPipPip
  • 476 posts
  • Gender:Male
  • Location:U.S.A
  • Interests:Take a guess...

Posted 16 January 2008 - 07:03 PM

Hello axenia :)

I am working on a fix for you as we speak, and will probably be ready to post it within an hour. I must first warn you though, your computer is extremely infected, and even if everything is properly cleaned off of it, there is no way to be certain everything will be removed.

#7 OFFLINE   __RiP_ChAiN_

    Advanced Member

  • Members
  • PipPipPip
  • 476 posts
  • Gender:Male
  • Location:U.S.A
  • Interests:Take a guess...

Posted 16 January 2008 - 07:28 PM

Here we go :)

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
File::
C:\WINDOWS3204_.tmp
C:\WINDOWS\system32\antiwpa.dll
C:\WINDOWS\lsoon.ini
C:\WINDOWS\(2) C:\ComboFix\winstart.bat
C:\WINDOWS\system32\rrutv.ini2.vir
C:\WINDOWS\system32\rrutv.ini.vir
C:\WINDOWS\system32\mljge.dll.vir
C:\WINDOWS\system32\jvclppbw.ini2.vir
C:\WINDOWS\system32\jvclppbw.ini.vir
C:\WINDOWS\system32\egjlm.ini.vir
C:\WINDOWS\system32\egjlm.ini2.vir
C:\WINDOWS\system32\iyorwpoj.ini.vir
C:\WINDOWS\system32\mllji.dll.vir
C:\WINDOWS\system32\ijllm.ini2.vir
C:\WINDOWS\system32\ijllm.ini.vir
C:\WINDOWS\system32\awvvu.dll.vir
C:\WINDOWS\system32\uvvwa.ini.vir
C:\WINDOWS\system32\uvvwa.ini2.vir
C:\WINDOWS\system32\uticjmgo.ini.vir
C:\WINDOWS\system32\hjkkj.ini2.vir
C:\WINDOWS\system32\hjkkj.ini.vir
C:\WINDOWS\system32\acbeg.ini2.vir
C:\WINDOWS\system32\acbeg.ini.vir
C:\WINDOWS\system32\pufjqhfq.ini.vir
C:\WINDOWS\system32\ddccy.dll.vir
C:\WINDOWS\system32\yccdd.ini2.vir
C:\WINDOWS\system32\yccdd.ini.vir
C:\WINDOWS\system32\svvwa.ini2.vir
C:\WINDOWS\system32\svvwa.ini.vir
C:\WINDOWS\system32\eahndtsk.ini.vir
C:\WINDOWS\system32\llnmp.ini2.vir
C:\WINDOWS\system32\llnmp.ini.vir
C:\WINDOWS\system32\khffcyw.VIR
C:\WINDOWS\IFinst27.exe

Folder::
C:\Documents and Settings\Admin\Application Data\Bron.tok-24

DirLook::
C:\WINDOWS\system32\OH

RenV::
----a-w		   411,648 2007-12-30 09:52:22  C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w		   132,496 2007-12-31 09:01:48  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w		 1,318,912 2008-01-08 11:54:19  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w		   735,824 2008-01-07 05:48:55  C:\Program Files\Trojan Remover\Trjscan .exe
----a-w			15,360 2008-01-09 07:52:44  C:\WINDOWS\system32\ctfmon .exe
----a-w		   131,072 2007-12-31 02:54:44  C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBHP .EXE

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cc590ea5]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bbd2478-b265-11dc-b8dc-00142a1274e9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{266a7a26-b483-11dc-b8e7-00142a1274e9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26fdde55-6036-11d9-b888-00142a1274e9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f4b9b55-aeca-11dc-b8d1-00142a1274e9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f4b9b56-aeca-11dc-b8d1-00142a1274e9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{702d1569-6333-11d9-b895-00142a1274e9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88ef855e-6153-11d9-b88f-00142a1274e9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{899c2ab3-b690-11dc-b8f3-00142a1274e9}]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
  • Combofix.txt
  • A new HijackThis log.
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

#8 OFFLINE   axenia

    Member

  • Members
  • PipPip
  • 33 posts
  • Gender:Male
  • Location:Malaysia
  • Interests:Computer and Science related things...

Posted 25 January 2008 - 07:07 AM

alrite here it is...sry for the delay i have problem with my internet....

ComboFix 08-01-23.1C - Admin 2008-01-23 20:40:15.4 - NTFSx86
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\(2) C:\ComboFix\winstart.bat
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\lsoon.ini
C:\WINDOWS\system32\acbeg.ini.vir
C:\WINDOWS\system32\acbeg.ini2.vir
C:\WINDOWS\system32\awvvu.dll.vir
C:\WINDOWS\system32\ddccy.dll.vir
C:\WINDOWS\system32\eahndtsk.ini.vir
C:\WINDOWS\system32\egjlm.ini.vir
C:\WINDOWS\system32\egjlm.ini2.vir
C:\WINDOWS\system32\hjkkj.ini.vir
C:\WINDOWS\system32\hjkkj.ini2.vir
C:\WINDOWS\system32\ijllm.ini.vir
C:\WINDOWS\system32\ijllm.ini2.vir
C:\WINDOWS\system32\iyorwpoj.ini.vir
C:\WINDOWS\system32\jvclppbw.ini.vir
C:\WINDOWS\system32\jvclppbw.ini2.vir
C:\WINDOWS\system32\khffcyw.VIR
C:\WINDOWS\system32\llnmp.ini.vir
C:\WINDOWS\system32\llnmp.ini2.vir
C:\WINDOWS\system32\mljge.dll.vir
C:\WINDOWS\system32\mllji.dll.vir
C:\WINDOWS\system32\pufjqhfq.ini.vir
C:\WINDOWS\system32\rrutv.ini.vir
C:\WINDOWS\system32\rrutv.ini2.vir
C:\WINDOWS\system32\svvwa.ini.vir
C:\WINDOWS\system32\svvwa.ini2.vir
C:\WINDOWS\system32\uticjmgo.ini.vir
C:\WINDOWS\system32\uvvwa.ini.vir
C:\WINDOWS\system32\uvvwa.ini2.vir
C:\WINDOWS\system32\yccdd.ini.vir
C:\WINDOWS\system32\yccdd.ini2.vir
C:\WINDOWS3204_.tmp
.

((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-19 20:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-19 12:36 . 2008-01-19 12:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-19 12:36 . 2008-01-19 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 21:47 . 2008-01-16 21:47 <DIR> d-------- C:\Program Files\Rockstar Games
2008-01-16 21:47 . 2003-05-23 13:28 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-01-16 19:31 . 2008-01-16 21:44 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-14 13:33 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-01-14 13:33 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-01-14 07:13 . 2008-01-14 07:14 <DIR> d-------- C:\MyAssignment
2008-01-14 06:27 . 2008-01-14 06:27 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-14 03:34 . 2004-08-04 20:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-14 03:33 . 2004-08-04 20:00 78,336 --a--c--- C:\WINDOWS\system32\dllcache\chajei.ime
2008-01-14 03:13 . 2004-08-04 20:00 78,848 --a------ C:\WINDOWS\system32\dllcache\dayi.ime
2008-01-14 03:12 . 2007-06-25 18:46 57,399 --a--c--- C:\WINDOWS\system32\dllcache\cplexe.exe
2008-01-13 13:53 . 2004-08-04 20:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\ftpsapi2.dll
2008-01-13 10:17 . 2004-08-04 20:00 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe.backup
2008-01-13 07:46 . 2008-01-13 07:46 0 --a------ C:\WINDOWS\PowerReg.dat
2008-01-13 07:37 . 2008-01-13 07:37 <DIR> d-------- C:\Program Files\Ubi Soft
2008-01-13 07:21 . 2008-01-13 07:21 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-01-13 06:13 . 2004-07-22 17:17 42,496 --a------ C:\WINDOWS\system32\drivers\fetnd5b.sys
2008-01-13 06:09 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-01-13 06:09 . 2003-08-04 15:29 11,392 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-01-13 06:09 . 2003-08-04 15:29 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-01-13 05:43 . 2003-07-17 16:10 7,040 --a------ C:\WINDOWS\system32\ntsim.sys
2008-01-12 04:18 . 2008-01-12 04:18 0 --a------ C:\WINDOWS\system32\OH
2008-01-11 13:56 . 2005-06-23 00:33 <DIR> d-a------ C:\VZlimiter
2008-01-10 14:56 . 2007-05-07 13:28 57,344 -rahs---- C:\WINDOWS\system32\JambanMu.com
2008-01-10 05:21 . 2001-05-24 15:52 144,896 --a------ C:\WINDOWS\system32\msconfig.exe
2008-01-10 04:52 . 2007-12-01 00:26 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2008-01-10 04:52 . 2001-03-18 20:37 5,708 --a------ C:\WINDOWS\system32\k9371937.DLL
2008-01-09 18:48 . 2008-01-09 18:48 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-01-09 17:44 . 2008-01-14 02:48 <DIR> d-------- C:\WINDOWS\system32\en
2008-01-09 17:44 . 2008-01-14 02:48 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-09 17:44 . 2004-08-04 20:00 290,816 --a--c--- C:\WINDOWS\system32\dllcache\adsiis51.dll
2008-01-09 17:44 . 2004-08-04 20:00 275,968 --a--c--- C:\WINDOWS\system32\dllcache\certwiz.ocx
2008-01-09 17:44 . 2004-08-04 20:00 76,288 --a--c--- C:\WINDOWS\system32\dllcache\cnfgprts.ocx
2008-01-09 17:44 . 2004-08-04 20:00 46,592 --a--c--- C:\WINDOWS\system32\dllcache\coadmin.dll
2008-01-09 17:44 . 2004-08-04 20:00 43,520 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll
2008-01-09 17:31 . 2007-10-26 11:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-01-09 16:35 . 2001-08-17 13:53 17,792 --a--c--- C:\WINDOWS\system32\dllcache\ppa.sys
2008-01-08 20:58 . 2008-01-12 19:35 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2008-01-08 20:58 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-01-08 20:49 . 2008-01-08 20:49 <DIR> d-------- C:\Program Files\Greatis
2008-01-08 20:37 . 2004-08-04 20:00 59,392 --a--c--- C:\WINDOWS\system32\dllcache\imscinst.exe
2008-01-08 20:36 . 2004-08-04 20:00 102,456 --a------ C:\WINDOWS\system32\dllcache\imlang.dll
2008-01-08 20:35 . 2004-08-04 20:00 59,904 --a--c--- C:\WINDOWS\system32\dllcache\imkrinst.exe
2008-01-08 20:34 . 2007-06-25 18:46 274,489 --a------ C:\WINDOWS\system32\dllcache\imjputyc.dll
2008-01-08 20:33 . 2007-06-25 18:46 262,200 --a--c--- C:\WINDOWS\system32\dllcache\imjputy.exe
2008-01-08 20:32 . 2004-08-04 20:00 45,109 --a--c--- C:\WINDOWS\system32\dllcache\imjpuex.exe
2008-01-08 20:31 . 2007-06-25 18:46 233,527 --a--c--- C:\WINDOWS\system32\dllcache\imjprw.exe
2008-01-08 20:30 . 2007-06-25 18:46 208,952 --a--c--- C:\WINDOWS\system32\dllcache\imjpmig.exe
2008-01-08 20:29 . 2007-06-25 18:46 196,665 --a--c--- C:\WINDOWS\system32\dllcache\imjpinst.exe
2008-01-08 20:28 . 2007-06-25 18:46 155,705 --a--c--- C:\WINDOWS\system32\dllcache\imjpdsvr.exe
2008-01-08 20:27 . 2004-08-04 20:00 307,257 --a--c--- C:\WINDOWS\system32\dllcache\imjpdct.exe
2008-01-08 20:26 . 2007-06-25 18:46 81,976 --a------ C:\WINDOWS\system32\dllcache\imjpdct.dll
2008-01-08 20:25 . 2004-08-04 20:00 57,398 --a--c--- C:\WINDOWS\system32\dllcache\imjpdadm.exe
2008-01-08 20:24 . 2007-06-25 18:46 716,856 --a------ C:\WINDOWS\system32\dllcache\imjpcus.dll
2008-01-08 20:23 . 2007-06-25 18:46 368,696 --a------ C:\WINDOWS\system32\dllcache\imjpcic.dll
2008-01-08 20:21 . 2007-06-25 18:46 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-01-08 20:19 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-08 20:18 . 2001-08-17 13:28 595,647 --a--c--- C:\WINDOWS\system32\dllcache\es56cvmp.sys
2008-01-08 20:17 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-01-08 20:16 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-08 20:15 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-01-08 20:14 . 2001-08-17 13:28 714,698 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
2008-01-08 20:13 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-08 20:12 . 2004-08-03 22:29 701,440 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-01-08 20:11 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-01-08 20:10 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-01-08 11:40 . 2008-01-19 20:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-08 08:01 . 2008-01-08 08:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-08 00:48 . 2005-01-05 15:32 79 --a------ C:\Show Desktop.scf
2008-01-08 00:32 . 2008-01-09 07:40 <DIR> d-------- C:\Program Files\Uniblue
2008-01-07 21:12 . 2008-01-13 01:37 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-05 18:23 . 2008-01-05 18:23 <DIR> d-------- C:\Program Files\Jawi Multikey
2007-12-31 21:19 . 2008-01-19 20:16 <DIR> d-------- C:\Program Files\Trojan Remover
2007-12-31 15:08 . 2007-12-31 15:08 5,120 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-12-31 06:33 . 2007-12-31 06:33 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-31 00:37 . 2008-01-09 15:52 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2007-12-31 00:37 . 2008-01-09 15:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-29 15:49 . 2007-12-29 15:50 <DIR> d-------- C:\Program Files\ACD Systems
2007-12-28 17:18 . 2007-12-28 17:18 <DIR> d-------- C:\WINDOWS\Performance
2007-12-27 05:53 . 2007-04-18 01:20 566,624 --a------ C:\WINDOWS\system32\d3d10.dll
2007-12-27 05:53 . 2007-04-19 01:59 519,912 --a------ C:\WINDOWS\system32\d3dx10d_33.dll
2007-12-27 05:53 . 2007-04-19 01:59 519,912 --a------ C:\WINDOWS\system32\d3dx10d.dll
2007-12-27 05:53 . 2007-04-19 01:59 519,912 --a------ C:\WINDOWS\system32\d3dx10.dll
2007-12-27 05:53 . 2007-04-18 01:13 494,557 --a------ C:\WINDOWS\system32\dxgi.dll
2007-12-27 05:53 . 2007-04-18 01:13 25,037 --a------ C:\WINDOWS\system32\Nucleus.dll
2007-12-25 15:32 . 2007-12-25 15:32 <DIR> d--h----- C:\WINDOWS\Icons
2007-12-25 15:30 . 2007-12-26 02:46 2,321,792 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-12-25 15:11 . 2008-01-14 02:40 1,374 --a------ C:\WINDOWS\imsins.BAK
2007-12-24 23:50 . 2008-01-06 06:08 <DIR> d-------- C:\Program Files\RocketDock
2007-12-24 20:22 . 2007-12-24 20:23 858 --a------ C:\WINDOWS\ARPR.INI
2007-12-24 11:22 . 2007-12-24 11:22 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-12-24 11:17 . 2007-12-24 11:17 <DIR> d-------- C:\Program Files\IVT Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-07 16:30 --------- d-----w C:\Program Files\ScanSpyware v3.8.0.4
2007-12-31 07:14 --------- d-----w C:\Program Files\Yahoo!
2007-12-26 09:26 --------- d-----w C:\Program Files\Macromedia
2007-12-26 09:26 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-12-16 21:47 --------- d-----w C:\Program Files\Google
2007-12-16 11:04 --------- d-----w C:\Program Files\MSXML 6.0
2007-12-16 11:02 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-30 16:26 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
2007-11-30 10:17 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2007-11-30 09:31 49,280 ----a-w C:\WINDOWS\system32\drivers\stream.sys
2007-11-30 09:30 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
2007-11-21 18:47 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-07 09:50 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 02:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-05-07 05:28 57,344 --sha-r C:\WINDOWS\system32\JambanMu.com
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\OH ----

C:\WINDOWS\system32\OH\


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-10-23 04:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"Cmaudio"="cmicnfg.cpl" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoShellSearchButto"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoUserNameInStartMenu"= 00000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^(Empty).empty]
backup=C:\WINDOWS\pss\(Empty).emptyCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\(Empty).empty

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageFox.lnk]
backup=C:\WINDOWS\pss\ImageFox.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cc590ea5]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regrun2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows MSN]
C:\Program Files\Common Files\Microsoft Shared\DAO\MSN.msn

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bbd2478-b265-11dc-b8dc-00142a1274e9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - Flash.10.Setup.exe
\Shell\Open\command - Flash.10.Setup.exe
\Shell\Scan for Viruses\command - Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{266a7a26-b483-11dc-b8e7-00142a1274e9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - H:\Flash.10.Setup.exe
\Shell\Open\command - H:\Flash.10.Setup.exe
\Shell\Scan for Viruses\command - H:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26fdde55-6036-11d9-b888-00142a1274e9}]
\Shell\Auto\command - N:\MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f4b9b55-aeca-11dc-b8d1-00142a1274e9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - O:\Flash.10.Setup.exe
\Shell\Open\command - O:\Flash.10.Setup.exe
\Shell\Scan for Viruses\command - O:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f4b9b56-aeca-11dc-b8d1-00142a1274e9}]
\Shell\AutoRun\command - ntdelect.com
\Shell\explore\Command - ntdelect.com
\Shell\open\Command - ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{702d1569-6333-11d9-b895-00142a1274e9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - H:\Flash.10.Setup.exe
\Shell\Open\command - H:\Flash.10.Setup.exe
\Shell\Scan for Viruses\command - H:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88ef855e-6153-11d9-b88f-00142a1274e9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - Flash.10.Setup.exe
\Shell\Open\command - Flash.10.Setup.exe
\Shell\Scan for Viruses\command - Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{899c2ab3-b690-11dc-b8f3-00142a1274e9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - H:\Flash.10.Setup.exe
\Shell\Open\command - H:\Flash.10.Setup.exe
\Shell\Scan for Viruses\command - H:\Scanner.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-25 08:02:53 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 20:44:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-23 20:46:00
.
2008-01-23 12:23:32 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:50 AM, on 1/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O17 - HKLM\System\CCS\Services\Tcpip\..\{1548EE1A-1FAB-4C55-B89A-36E917388F3D}: NameServer = 202.188.0.133 202.188.1.5
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - (no file)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 2182 bytes

my cpu usage is always 100% usage....is it some kind of worm?
Thanks all for helping me getting rid all of these SPYWARE !!

#9 OFFLINE   axenia

    Member

  • Members
  • PipPip
  • 33 posts
  • Gender:Male
  • Location:Malaysia
  • Interests:Computer and Science related things...

Posted 27 January 2008 - 06:48 AM

er....hello guys.... :mellow: :mellow:
Thanks all for helping me getting rid all of these SPYWARE !!

#10 OFFLINE   __RiP_ChAiN_

    Advanced Member

  • Members
  • PipPipPip
  • 476 posts
  • Gender:Male
  • Location:U.S.A
  • Interests:Take a guess...

Posted 29 January 2008 - 08:52 AM

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for the Operating System## Important ##
As we do not know the name of the file that's downloaded, you have to save the file as RC.exe to the root of SystemDrive e.g. C:\RC.exe


Please, download the latest copy of ComboFix.exe => http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Now, close any open browsers.
  • Open notepad and copy/paste the text in the quotebox below into it:
RecoveryConsole::
C:\RC.EXE
IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Save this as CFScript.txt, in the same location as ComboFix.exe
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\CF-RC.txt. Post that log in your next reply.
Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall

## Important ##
This is a precautionary measure. Please do not reboot the machine until we have reviewed the log & responded to you.

#11 OFFLINE   axenia

    Member

  • Members
  • PipPip
  • 33 posts
  • Gender:Male
  • Location:Malaysia
  • Interests:Computer and Science related things...

Posted 30 January 2008 - 04:54 AM

is it my pc very2 badly infected??
Thanks all for helping me getting rid all of these SPYWARE !!

#12 OFFLINE   __RiP_ChAiN_

    Advanced Member

  • Members
  • PipPipPip
  • 476 posts
  • Gender:Male
  • Location:U.S.A
  • Interests:Take a guess...

Posted 31 January 2008 - 09:27 PM

I don't quite understand what your trying to say there, are you asking if your PC is heavily infected? If so, the answer would be somewhat infected. Did you run the previous instructions?

#13 OFFLINE   axenia

    Member

  • Members
  • PipPip
  • 33 posts
  • Gender:Male
  • Location:Malaysia
  • Interests:Computer and Science related things...

Posted 01 February 2008 - 12:13 AM

er....sry im kind od dizzy.... :unsure:

RC.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=8JMTT8
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:57 AM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RavMonE.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.231.187.4:80
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - (no file)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 2209 bytes
Thanks all for helping me getting rid all of these SPYWARE !!

#14 OFFLINE   __RiP_ChAiN_

    Advanced Member

  • Members
  • PipPipPip
  • 476 posts
  • Gender:Male
  • Location:U.S.A
  • Interests:Take a guess...

Posted 01 February 2008 - 03:45 AM

Hello axenia :)

Alright, let's get a fresh CF log and go from there :)

Please delete your current copy of combofix.exe and do the following:

Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop

  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

  • Double click combofix.exe & follow the prompts.

  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log

  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

#15 OFFLINE   axenia

    Member

  • Members
  • PipPip
  • 33 posts
  • Gender:Male
  • Location:Malaysia
  • Interests:Computer and Science related things...

Posted 02 February 2008 - 06:01 AM

alrite...here the newest log...

ComboFix 08-02.01.5 - Admin 2008-02-02 13:55:05.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.615 [GMT 8:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
* Created a new restore point

.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.


C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\ravmone.exe

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.com

.
((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-02-01 21:02 . 2008-02-01 21:02 14 --a------ C:\WINDOWS\popcinfo.dat
2008-02-01 19:13 . 2008-02-01 19:13 <DIR> d-------- C:\WINDOWS\APW_DATA
2008-02-01 19:13 . 2008-02-01 19:13 <DIR> d-------- C:\Documents and Settings\Admin\WINDOWS
2008-02-01 19:05 . 2008-02-01 19:05 25 --a------ C:\WINDOWS\GECKOS.INI
2008-02-01 15:47 . 2008-01-09 15:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe.backup
2008-02-01 14:02 . 2008-02-01 14:02 54 --a------ C:\WINDOWS\mmates.ini
2008-02-01 11:39 . 2008-02-01 11:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-01 11:39 . 2008-02-01 11:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-01 08:11 . 2008-02-01 08:11 <DIR> d-------- C:\WINDOWS\cmdcons
2008-02-01 08:11 . 2008-01-17 14:22 224 --a------ C:\WINDOWS\Boot.bak
2008-01-27 16:23 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-27 16:23 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-27 16:23 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-27 16:23 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-25 19:05 . 2008-01-25 19:05 <DIR> d-------- C:\Program Files\CCleaner
2008-01-25 02:05 . 2008-01-25 02:10 83 --a------ C:\WINDOWS\WINTOYS.INI
2008-01-16 21:47 . 2008-01-16 21:47 <DIR> d-------- C:\Program Files\Rockstar Games
2008-01-16 21:47 . 2003-05-23 13:28 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-01-16 19:31 . 2008-01-16 21:44 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-16 16:52 . 2008-01-16 16:52 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Alien Skin
2008-01-14 13:33 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-01-14 13:33 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-01-14 07:13 . 2008-01-14 07:14 <DIR> d-------- C:\MyAssignment
2008-01-14 06:32 . 2008-01-14 06:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-01-14 06:29 . 2008-01-14 06:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-14 06:27 . 2008-01-14 06:27 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-14 03:34 . 2004-08-04 20:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-14 03:33 . 2004-08-04 20:00 78,336 --a--c--- C:\WINDOWS\system32\dllcache\chajei.ime
2008-01-14 03:13 . 2004-08-04 20:00 78,848 --a------ C:\WINDOWS\system32\dllcache\dayi.ime
2008-01-14 03:12 . 2007-06-25 18:46 57,399 --a--c--- C:\WINDOWS\system32\dllcache\cplexe.exe
2008-01-13 13:53 . 2004-08-04 20:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\ftpsapi2.dll
2008-01-13 10:17 . 2008-01-09 15:52 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe.backup
2008-01-13 07:46 . 2008-01-13 07:46 0 --a------ C:\WINDOWS\PowerReg.dat
2008-01-13 07:37 . 2008-01-13 07:37 <DIR> d-------- C:\Program Files\Ubi Soft
2008-01-13 07:21 . 2008-01-13 07:21 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-01-13 06:13 . 2004-07-22 17:17 42,496 --a------ C:\WINDOWS\system32\drivers\fetnd5b.sys
2008-01-13 06:09 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-01-13 06:09 . 2003-08-04 15:29 11,392 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-01-13 06:09 . 2003-08-04 15:29 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-01-13 05:43 . 2003-07-17 16:10 7,040 --a------ C:\WINDOWS\system32\ntsim.sys
2008-01-12 04:18 . 2008-01-12 04:18 0 --a------ C:\WINDOWS\system32\OH
2008-01-10 14:56 . 2007-05-07 13:28 57,344 -rahs---- C:\WINDOWS\system32\JambanMu.com
2008-01-10 05:21 . 2001-05-24 15:52 144,896 --a------ C:\WINDOWS\system32\msconfig.exe
2008-01-10 04:52 . 2007-12-01 00:26 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2008-01-10 04:52 . 2001-03-18 20:37 5,708 --a------ C:\WINDOWS\system32\k9371937.DLL
2008-01-09 18:48 . 2008-01-09 18:48 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-01-09 17:44 . 2008-01-14 02:48 <DIR> d-------- C:\WINDOWS\system32\en
2008-01-09 17:44 . 2008-01-14 02:48 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-09 17:44 . 2004-08-04 20:00 290,816 --a--c--- C:\WINDOWS\system32\dllcache\adsiis51.dll
2008-01-09 17:44 . 2004-08-04 20:00 275,968 --a--c--- C:\WINDOWS\system32\dllcache\certwiz.ocx
2008-01-09 17:44 . 2004-08-04 20:00 76,288 --a--c--- C:\WINDOWS\system32\dllcache\cnfgprts.ocx
2008-01-09 17:44 . 2004-08-04 20:00 46,592 --a--c--- C:\WINDOWS\system32\dllcache\coadmin.dll
2008-01-09 17:44 . 2004-08-04 20:00 43,520 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll
2008-01-09 17:31 . 2007-10-26 11:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-01-09 16:35 . 2001-08-17 13:53 17,792 --a--c--- C:\WINDOWS\system32\dllcache\ppa.sys
2008-01-08 20:58 . 2008-01-12 19:35 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2008-01-08 20:58 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-01-08 20:50 . 2008-01-08 20:51 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Regrun
2008-01-08 20:49 . 2008-01-08 20:49 <DIR> d-------- C:\Program Files\Greatis
2008-01-08 20:37 . 2004-08-04 20:00 59,392 --a--c--- C:\WINDOWS\system32\dllcache\imscinst.exe
2008-01-08 20:36 . 2004-08-04 20:00 102,456 --a------ C:\WINDOWS\system32\dllcache\imlang.dll
2008-01-08 20:35 . 2004-08-04 20:00 59,904 --a--c--- C:\WINDOWS\system32\dllcache\imkrinst.exe
2008-01-08 20:34 . 2007-06-25 18:46 274,489 --a------ C:\WINDOWS\system32\dllcache\imjputyc.dll
2008-01-08 20:33 . 2007-06-25 18:46 262,200 --a--c--- C:\WINDOWS\system32\dllcache\imjputy.exe
2008-01-08 20:32 . 2004-08-04 20:00 45,109 --a--c--- C:\WINDOWS\system32\dllcache\imjpuex.exe
2008-01-08 20:31 . 2007-06-25 18:46 233,527 --a--c--- C:\WINDOWS\system32\dllcache\imjprw.exe
2008-01-08 20:30 . 2007-06-25 18:46 208,952 --a--c--- C:\WINDOWS\system32\dllcache\imjpmig.exe
2008-01-08 20:29 . 2007-06-25 18:46 196,665 --a--c--- C:\WINDOWS\system32\dllcache\imjpinst.exe
2008-01-08 20:28 . 2007-06-25 18:46 155,705 --a--c--- C:\WINDOWS\system32\dllcache\imjpdsvr.exe
2008-01-08 20:27 . 2004-08-04 20:00 307,257 --a--c--- C:\WINDOWS\system32\dllcache\imjpdct.exe
2008-01-08 20:26 . 2007-06-25 18:46 81,976 --a------ C:\WINDOWS\system32\dllcache\imjpdct.dll
2008-01-08 20:25 . 2004-08-04 20:00 57,398 --a--c--- C:\WINDOWS\system32\dllcache\imjpdadm.exe
2008-01-08 20:24 . 2007-06-25 18:46 716,856 --a------ C:\WINDOWS\system32\dllcache\imjpcus.dll
2008-01-08 20:23 . 2007-06-25 18:46 368,696 --a------ C:\WINDOWS\system32\dllcache\imjpcic.dll
2008-01-08 20:21 . 2007-06-25 18:46 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-01-08 20:19 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-08 20:18 . 2001-08-17 13:28 595,647 --a--c--- C:\WINDOWS\system32\dllcache\es56cvmp.sys
2008-01-08 20:17 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-01-08 20:16 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-08 20:15 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-01-08 20:14 . 2001-08-17 13:28 714,698 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
2008-01-08 20:13 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-08 20:12 . 2004-08-03 22:29 701,440 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-01-08 20:11 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-01-08 20:10 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-01-08 15:19 . 2008-01-13 08:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-08 11:40 . 2008-01-27 18:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-08 08:01 . 2008-01-08 08:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-08 05:16 . 2008-01-08 05:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-08 00:48 . 2005-01-05 15:32 79 --a------ C:\Show Desktop.scf
2008-01-08 00:32 . 2008-01-09 07:40 <DIR> d-------- C:\Program Files\Uniblue
2008-01-07 22:49 . 2008-01-07 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-07 21:54 . 2008-01-07 21:54 84,418 --a------ C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2008-01-07 21:51 . 2008-01-07 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-07 21:51 . 2008-01-08 11:40 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2008-01-07 21:12 . 2008-01-13 01:37 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-05 18:23 . 2008-01-05 18:23 <DIR> d-------- C:\Program Files\Jawi Multikey

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 07:47 23,552 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-27 10:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-23 14:03 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-01-19 12:16 --------- d-----w C:\Program Files\Trojan Remover
2008-01-16 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-16 08:36 --------- d-----w C:\Documents and Settings\Admin\Application Data\ACD Systems
2008-01-07 17:31 --------- d-----w C:\Documents and Settings\Admin\Application Data\Uniblue
2008-01-07 16:30 --------- d-----w C:\Program Files\ScanSpyware v3.8.0.4
2008-01-05 22:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-05 22:08 --------- d-----w C:\Program Files\RocketDock
2007-12-31 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-12-31 07:14 --------- d-----w C:\Program Files\Yahoo!
2007-12-30 22:33 --------- d-----w C:\Program Files\Trend Micro
2007-12-30 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-29 08:51 --------- d-----w C:\Documents and Settings\Admin\Application Data\ImageFox
2007-12-29 07:50 --------- d-----w C:\Program Files\ACD Systems
2007-12-29 07:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2007-12-28 09:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-12-27 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2007-12-26 09:26 --------- d-----w C:\Program Files\Macromedia
2007-12-26 09:26 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-12-25 18:46 2,321,792 ----a-w C:\WINDOWS\system32\TUKernel.exe
2007-12-25 07:06 --------- d-----w C:\Documents and Settings\Admin\Application Data\TuneUp Software
2007-12-24 03:22 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2007-12-24 03:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-12-24 03:17 --------- d-----w C:\Program Files\IVT Corporation
2007-12-23 14:30 --------- d-----w C:\Documents and Settings\Admin\Application Data\Simply Super Software
2007-12-22 05:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metacafe
2007-12-20 10:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-18 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-12-16 21:47 --------- d-----w C:\Program Files\Google
2007-12-16 11:04 --------- d-----w C:\Program Files\MSXML 6.0
2007-12-16 11:02 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-30 16:26 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
2007-11-21 18:47 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-07 09:50 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2005-01-15 05:33 560 ----a-w C:\Documents and Settings\Admin\Application Data\ViewerApp.dat
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-05-07 05:28 57,344 --sha-r C:\WINDOWS\system32\JambanMu.com
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoShellSearchButto"= 0 (0x0)
"NoUserNameInStartMenu"= 00000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^(Empty).empty]
backup=C:\WINDOWS\pss\(Empty).emptyCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\(Empty).empty

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageFox.lnk]
backup=C:\WINDOWS\pss\ImageFox.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regrun2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows MSN]
C:\Program Files\Common Files\Microsoft Shared\DAO\MSN.msn

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-17 05:36]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-12 19:35]
S3 Slnt7554;USB Soft Modem Driver;C:\WINDOWS\system32\DRIVERS\slnt7554.sys [2004-08-03 22:41]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-16 14:41]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-25 08:02:53 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 13:57:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-02 13:58:28
ComboFix-quarantined-files.txt 2008-02-02 05:58:10
.
2008-01-23 12:23:32 --- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:10 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.231.187.4:80
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - (no file)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 2058 bytes
Thanks all for helping me getting rid all of these SPYWARE !!

#16 OFFLINE   axenia

    Member

  • Members
  • PipPip
  • 33 posts
  • Gender:Male
  • Location:Malaysia
  • Interests:Computer and Science related things...

Posted 04 February 2008 - 06:52 AM

is there any problem with my current CF?
Thanks all for helping me getting rid all of these SPYWARE !!

#17 OFFLINE   __RiP_ChAiN_

    Advanced Member

  • Members
  • PipPipPip
  • 476 posts
  • Gender:Male
  • Location:U.S.A
  • Interests:Take a guess...

Posted 04 February 2008 - 07:08 AM

View Postaxenia, on Feb 4 2008, 01:52 AM, said:

is there any problem with my current CF?
Not that I'm aware of, are you having issues with it?

#18 OFFLINE   __RiP_ChAiN_

    Advanced Member

  • Members
  • PipPipPip
  • 476 posts
  • Gender:Male
  • Location:U.S.A
  • Interests:Take a guess...

Posted 04 February 2008 - 07:25 AM

Hello axenia :)

Jotti File Submission:
  • Please go to Jotti's malware scan

  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\system32\ctfmon.exe.backup

  • Click on the submit button

  • Please post the results in your next reply.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

Quote

Suspect::[40]
C:\WINDOWS\GECKOS.INI
C:\WINDOWS\mmates.ini
C:\WINDOWS\WINTOYS.INI

DirLook::
C:\WINDOWS\APW_DATA
C:\Documents and Settings\Admin\WINDOWS
C:\WINDOWS\cmdcons
C:\WINDOWS\system32\OH

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
  • Combofix.txt
  • The Jotti Results.
  • A new HijackThis log.
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

#19 OFFLINE   axenia

    Member

  • Members
  • PipPip
  • 33 posts
  • Gender:Male
  • Location:Malaysia
  • Interests:Computer and Science related things...

Posted 05 February 2008 - 11:36 AM

There's nothing i can say. This forum is the best and you too. A large community of Computer Issues Assist... :rolleyes:

ComboFix 08-02.01.5 - Admin 2008-02-05 19:27:08.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.613 [GMT 8:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt
* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.

2008-02-03 21:06 . 2008-02-03 21:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-03 21:06 . 2008-02-03 21:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-03 20:08 . 2008-02-03 20:08 <DIR> d-------- C:\Program Files\inKline Global
2008-02-03 17:09 . 2008-02-03 17:13 1,218,381 --a------ C:\SDFix.exe
2008-02-02 21:18 . 2008-02-02 21:18 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Canon
2008-02-02 21:01 . 2002-04-12 20:17 339,968 --a------ C:\WINDOWS\system32\N067UFW.DLL
2008-02-02 21:01 . 2002-04-26 18:37 32,768 --a------ C:\WINDOWS\system32\CNQU70.DLL
2008-02-02 20:55 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-02 20:55 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-02 20:54 . 2001-04-11 02:10 327,740 --a------ C:\WINDOWS\system32\UCS32P.DLL
2008-02-02 20:53 . 2008-02-02 21:07 <DIR> d-------- C:\Temp\LiDE20_CSUv7010
2008-02-02 20:53 . 2008-02-02 21:07 <DIR> d-------- C:\Temp\Deldrv_v1209
2008-02-02 20:53 . 2008-02-02 21:07 <DIR> d-------- C:\Temp\CanoScan_LiDE20_CSUv7010
2008-02-02 20:53 . 2008-02-02 20:53 <DIR> d-------- C:\Temp
2008-02-01 21:02 . 2008-02-01 21:02 14 --a------ C:\WINDOWS\popcinfo.dat
2008-02-01 19:13 . 2008-02-01 19:13 <DIR> d-------- C:\WINDOWS\APW_DATA
2008-02-01 19:13 . 2008-02-01 19:13 <DIR> d-------- C:\Documents and Settings\Admin\WINDOWS
2008-02-01 19:05 . 2008-02-01 19:05 25 --a------ C:\WINDOWS\GECKOS.INI
2008-02-01 15:47 . 2008-01-09 15:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe.backup
2008-02-01 14:02 . 2008-02-01 14:02 54 --a------ C:\WINDOWS\mmates.ini
2008-02-01 08:11 . 2008-02-01 08:11 <DIR> d-------- C:\WINDOWS\cmdcons
2008-01-27 16:23 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-27 16:23 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-27 16:23 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-27 16:23 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-25 19:05 . 2008-01-25 19:05 <DIR> d-------- C:\Program Files\CCleaner
2008-01-25 02:05 . 2008-01-25 02:10 83 --a------ C:\WINDOWS\WINTOYS.INI
2008-01-16 21:47 . 2008-01-16 21:47 <DIR> d-------- C:\Program Files\Rockstar Games
2008-01-16 21:47 . 2003-05-23 13:28 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-01-16 19:31 . 2008-01-16 21:44 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-16 16:52 . 2008-01-16 16:52 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Alien Skin
2008-01-14 13:33 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-01-14 13:33 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-01-14 07:13 . 2008-01-14 07:14 <DIR> d-------- C:\MyAssignment
2008-01-14 06:32 . 2008-01-14 06:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-01-14 06:29 . 2008-01-14 06:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-14 06:27 . 2008-01-14 06:27 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-14 03:34 . 2004-08-04 20:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-14 03:33 . 2004-08-04 20:00 78,336 --a--c--- C:\WINDOWS\system32\dllcache\chajei.ime
2008-01-14 03:13 . 2004-08-04 20:00 78,848 --a------ C:\WINDOWS\system32\dllcache\dayi.ime
2008-01-14 03:12 . 2007-06-25 18:46 57,399 --a--c--- C:\WINDOWS\system32\dllcache\cplexe.exe
2008-01-13 13:53 . 2004-08-04 20:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\ftpsapi2.dll
2008-01-13 10:17 . 2008-01-09 15:52 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe.backup
2008-01-13 07:46 . 2008-01-13 07:46 0 --a------ C:\WINDOWS\PowerReg.dat
2008-01-13 07:37 . 2008-01-13 07:37 <DIR> d-------- C:\Program Files\Ubi Soft
2008-01-13 07:21 . 2008-01-13 07:21 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-01-13 06:13 . 2004-07-22 17:17 42,496 --a------ C:\WINDOWS\system32\drivers\fetnd5b.sys
2008-01-13 06:09 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-01-13 06:09 . 2003-08-04 15:29 11,392 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-01-13 06:09 . 2003-08-04 15:29 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-01-13 05:43 . 2003-07-17 16:10 7,040 --a------ C:\WINDOWS\system32\ntsim.sys
2008-01-12 04:18 . 2008-01-12 04:18 0 --a------ C:\WINDOWS\system32\OH
2008-01-10 14:56 . 2007-05-07 13:28 57,344 -rahs---- C:\WINDOWS\system32\JambanMu.com
2008-01-10 05:21 . 2001-05-24 15:52 144,896 --a------ C:\WINDOWS\system32\msconfig.exe
2008-01-10 04:52 . 2007-12-01 00:26 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2008-01-10 04:52 . 2001-03-18 20:37 5,708 --a------ C:\WINDOWS\system32\k9371937.DLL
2008-01-09 18:48 . 2008-01-09 18:48 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-01-09 17:44 . 2008-01-14 02:48 <DIR> d-------- C:\WINDOWS\system32\en
2008-01-09 17:44 . 2008-01-14 02:48 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-09 17:44 . 2004-08-04 20:00 290,816 --a--c--- C:\WINDOWS\system32\dllcache\adsiis51.dll
2008-01-09 17:44 . 2004-08-04 20:00 275,968 --a--c--- C:\WINDOWS\system32\dllcache\certwiz.ocx
2008-01-09 17:44 . 2004-08-04 20:00 76,288 --a--c--- C:\WINDOWS\system32\dllcache\cnfgprts.ocx
2008-01-09 17:44 . 2004-08-04 20:00 46,592 --a--c--- C:\WINDOWS\system32\dllcache\coadmin.dll
2008-01-09 17:44 . 2004-08-04 20:00 43,520 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll
2008-01-09 17:31 . 2007-10-26 11:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-01-09 16:35 . 2001-08-17 13:53 17,792 --a--c--- C:\WINDOWS\system32\dllcache\ppa.sys
2008-01-08 20:58 . 2008-01-12 19:35 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2008-01-08 20:58 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-01-08 20:50 . 2008-01-08 20:51 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Regrun
2008-01-08 20:49 . 2008-01-08 20:49 <DIR> d-------- C:\Program Files\Greatis
2008-01-08 20:37 . 2004-08-04 20:00 59,392 --a--c--- C:\WINDOWS\system32\dllcache\imscinst.exe
2008-01-08 20:36 . 2004-08-04 20:00 102,456 --a------ C:\WINDOWS\system32\dllcache\imlang.dll
2008-01-08 20:35 . 2004-08-04 20:00 59,904 --a--c--- C:\WINDOWS\system32\dllcache\imkrinst.exe
2008-01-08 20:34 . 2007-06-25 18:46 274,489 --a------ C:\WINDOWS\system32\dllcache\imjputyc.dll
2008-01-08 20:33 . 2007-06-25 18:46 262,200 --a--c--- C:\WINDOWS\system32\dllcache\imjputy.exe
2008-01-08 20:32 . 2004-08-04 20:00 45,109 --a--c--- C:\WINDOWS\system32\dllcache\imjpuex.exe
2008-01-08 20:31 . 2007-06-25 18:46 233,527 --a--c--- C:\WINDOWS\system32\dllcache\imjprw.exe
2008-01-08 20:30 . 2007-06-25 18:46 208,952 --a--c--- C:\WINDOWS\system32\dllcache\imjpmig.exe
2008-01-08 20:29 . 2007-06-25 18:46 196,665 --a--c--- C:\WINDOWS\system32\dllcache\imjpinst.exe
2008-01-08 20:28 . 2007-06-25 18:46 155,705 --a--c--- C:\WINDOWS\system32\dllcache\imjpdsvr.exe
2008-01-08 20:27 . 2004-08-04 20:00 307,257 --a--c--- C:\WINDOWS\system32\dllcache\imjpdct.exe
2008-01-08 20:26 . 2007-06-25 18:46 81,976 --a------ C:\WINDOWS\system32\dllcache\imjpdct.dll
2008-01-08 20:25 . 2004-08-04 20:00 57,398 --a--c--- C:\WINDOWS\system32\dllcache\imjpdadm.exe
2008-01-08 20:24 . 2007-06-25 18:46 716,856 --a------ C:\WINDOWS\system32\dllcache\imjpcus.dll
2008-01-08 20:23 . 2007-06-25 18:46 368,696 --a------ C:\WINDOWS\system32\dllcache\imjpcic.dll
2008-01-08 20:21 . 2007-06-25 18:46 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-01-08 20:19 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-08 20:18 . 2001-08-17 13:28 595,647 --a--c--- C:\WINDOWS\system32\dllcache\es56cvmp.sys
2008-01-08 20:17 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-01-08 20:16 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-08 20:15 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-01-08 20:14 . 2001-08-17 13:28 714,698 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
2008-01-08 20:13 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-08 20:12 . 2004-08-03 22:29 701,440 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-01-08 20:11 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-01-08 20:10 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-01-08 15:19 . 2008-01-13 08:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-08 11:40 . 2008-02-03 18:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-08 08:01 . 2008-01-08 08:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-08 05:16 . 2008-01-08 05:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 09:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-02 12:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 07:47 23,552 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-23 14:03 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-01-19 12:16 --------- d-----w C:\Program Files\Trojan Remover
2008-01-16 08:36 --------- d-----w C:\Documents and Settings\Admin\Application Data\ACD Systems
2008-01-07 17:31 --------- d-----w C:\Documents and Settings\Admin\Application Data\Uniblue
2008-01-07 16:30 --------- d-----w C:\Program Files\ScanSpyware v3.8.0.4
2008-01-05 22:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-05 22:08 --------- d-----w C:\Program Files\RocketDock
2007-12-31 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-12-31 07:14 --------- d-----w C:\Program Files\Yahoo!
2007-12-30 22:33 --------- d-----w C:\Program Files\Trend Micro
2007-12-30 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-29 08:51 --------- d-----w C:\Documents and Settings\Admin\Application Data\ImageFox
2007-12-29 07:50 --------- d-----w C:\Program Files\ACD Systems
2007-12-29 07:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2007-12-28 09:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-12-27 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2007-12-26 09:26 --------- d-----w C:\Program Files\Macromedia
2007-12-26 09:26 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-12-25 18:46 2,321,792 ----a-w C:\WINDOWS\system32\TUKernel.exe
2007-12-25 07:06 --------- d-----w C:\Documents and Settings\Admin\Application Data\TuneUp Software
2007-12-24 03:22 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2007-12-24 03:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-12-24 03:17 --------- d-----w C:\Program Files\IVT Corporation
2007-12-23 14:30 --------- d-----w C:\Documents and Settings\Admin\Application Data\Simply Super Software
2007-12-22 05:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metacafe
2007-12-20 10:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-18 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-12-16 21:47 --------- d-----w C:\Program Files\Google
2007-12-16 11:04 --------- d-----w C:\Program Files\MSXML 6.0
2007-12-16 11:02 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-30 16:26 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
2007-11-21 18:47 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-07 09:50 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2005-01-15 05:33 560 ----a-w C:\Documents and Settings\Admin\Application Data\ViewerApp.dat
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-05-07 05:28 57,344 --sha-r C:\WINDOWS\system32\JambanMu.com
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\Admin\WINDOWS ----


---- Directory of C:\WINDOWS\APW_DATA ----


---- Directory of C:\WINDOWS\cmdcons ----

2008-02-01 08:11 8192 --a------ C:\WINDOWS\cmdcons\bootsect.dat
2008-02-01 08:11 438 --a------ C:\WINDOWS\cmdcons\winnt.sif
2008-02-01 08:11 23554 --a------ C:\WINDOWS\cmdcons\migrate.inf
2004-08-04 20:00 588800 --a------ C:\WINDOWS\cmdcons\autochk.exe
2004-08-04 20:00 580608 --a------ C:\WINDOWS\cmdcons\autofmt.exe
2004-08-04 02:42 2 --a------ C:\WINDOWS\cmdcons\DISK106
2004-08-04 02:42 2 --a------ C:\WINDOWS\cmdcons\DISK105
2004-08-04 02:42 2 --a------ C:\WINDOWS\cmdcons\DISK104
2004-08-04 02:42 2 --a------ C:\WINDOWS\cmdcons\DISK103
2004-08-04 02:42 2 --a------ C:\WINDOWS\cmdcons\DISK102
2004-08-04 02:42 2 --a------ C:\WINDOWS\cmdcons\DISK101
2004-08-04 01:44 472007 --a------ C:\WINDOWS\cmdcons\txtsetup.sif
2004-08-04 01:02 9424 --a------ C:\WINDOWS\cmdcons\DRVMAIN.SDB
2004-08-04 00:56 708096 --a------ C:\WINDOWS\cmdcons\SYSTEM32\NTDLL.DLL
2004-08-04 00:56 152576 --a------ C:\WINDOWS\cmdcons\SYSTEM32\SMSS.EXE
2004-08-03 23:18 1038205 --a------ C:\WINDOWS\cmdcons\NTKRNLMP.EX_
2004-08-03 23:15 574592 --a------ C:\WINDOWS\cmdcons\NTFS.SYS
2004-08-03 23:15 30067 --a------ C:\WINDOWS\cmdcons\SERIAL.SY_
2004-08-03 23:14 72696 --a------ C:\WINDOWS\cmdcons\FASTFAT.SY_
2004-08-03 23:14 33703 --a------ C:\WINDOWS\cmdcons\CDFS.SY_
2004-08-03 23:14 27951 --a------ C:\WINDOWS\cmdcons\CLASSPNP.SY_
2004-08-03 23:14 26025 --a------ C:\WINDOWS\cmdcons\I8042PRT.SY_
2004-08-03 23:10 6863 --a------ C:\WINDOWS\cmdcons\STREAMIP.SY_
2004-08-03 23:10 5597 --a------ C:\WINDOWS\cmdcons\SLIP.SY_
2004-08-03 23:10 38047 --a------ C:\WINDOWS\cmdcons\OHCI1394.SY_
2004-08-03 23:10 29992 --a------ C:\WINDOWS\cmdcons\1394BUS.SY_
2004-08-03 23:08 9350 --a------ C:\WINDOWS\cmdcons\USBOHCI.SY_
2004-08-03 23:08 61918 --a------ C:\WINDOWS\cmdcons\USBPORT.SY_
2004-08-03 23:08 30383 --a------ C:\WINDOWS\cmdcons\USBHUB.SY_
2004-08-03 23:08 20061 --a------ C:\WINDOWS\cmdcons\HIDCLASS.SY_
2004-08-03 23:08 15034 --a------ C:\WINDOWS\cmdcons\USBEHCI.SY_
2004-08-03 23:08 14618 --a------ C:\WINDOWS\cmdcons\USBSTOR.SY_
2004-08-03 23:08 14592 --a------ C:\WINDOWS\cmdcons\USBCCGP.SY_
2004-08-03 23:08 12727 --a------ C:\WINDOWS\cmdcons\HIDPARSE.SY_
2004-08-03 23:08 11188 --a------ C:\WINDOWS\cmdcons\USBUHCI.SY_
2004-08-03 23:07 91947 --a------ C:\WINDOWS\cmdcons\ACPI.SY_
2004-08-03 23:07 70281 --a------ C:\WINDOWS\cmdcons\DMIO.SY_
2004-08-03 23:07 54681 --a------ C:\WINDOWS\cmdcons\PCMCIA.SY_
2004-08-03 23:07 38449 --a------ C:\WINDOWS\cmdcons\VIDEOPRT.SY_
2004-08-03 23:07 37184 --a------ C:\WINDOWS\cmdcons\PCI.SY_
2004-08-03 23:07 125135 --a------ C:\WINDOWS\cmdcons\DMBOOT.SY_
2004-08-03 23:07 10544 --a------ C:\WINDOWS\cmdcons\VGA.SY_
2004-08-03 23:05 232832 --a------ C:\WINDOWS\cmdcons\SPCMDCON.SYS
2004-08-03 23:05 205502 --a------ C:\WINDOWS\cmdcons\SETUPDD.SY_
2004-08-03 23:00 68787 --a------ C:\WINDOWS\cmdcons\TFFSPORT.SY_
2004-08-03 23:00 4064 --a------ C:\WINDOWS\cmdcons\I2OMGMT.SY_
2004-08-03 23:00 260272 --a------ C:\WINDOWS\cmdcons\SETUPLDR.BIN
2004-08-03 23:00 12010 --a------ C:\WINDOWS\cmdcons\RAMDISK.SY_
2004-08-03 23:00 10324 --a------ C:\WINDOWS\cmdcons\I2OMP.SY_
2004-08-03 22:59 92032 --a------ C:\WINDOWS\cmdcons\KSECDD.SYS
2004-08-03 22:59 8420 --a------ C:\WINDOWS\cmdcons\SERENUM.SY_
2004-08-03 22:59 6310 --a------ C:\WINDOWS\cmdcons\SFLOPPY.SY_
2004-08-03 22:59 53234 --a------ C:\WINDOWS\cmdcons\HAL.DL_
2004-08-03 22:59 52583 --a------ C:\WINDOWS\cmdcons\HALMPS.DL_
2004-08-03 22:59 52069 --a------ C:\WINDOWS\cmdcons\SCSIPORT.SY_
2004-08-03 22:59 51352 --a------ C:\WINDOWS\cmdcons\HALAPIC.DL_
2004-08-03 22:59 49558 --a------ C:\WINDOWS\cmdcons\ATAPI.SY_
2004-08-03 22:59 48507 --a------ C:\WINDOWS\cmdcons\HALMACPI.DL_
2004-08-03 22:59 47111 --a------ C:\WINDOWS\cmdcons\HALAACPI.DL_
2004-08-03 22:59 40176 --a------ C:\WINDOWS\cmdcons\HALACPI.DL_
2004-08-03 22:59 3985 --a------ C:\WINDOWS\cmdcons\KD1394.DL_
2004-08-03 22:59 37788 --a------ C:\WINDOWS\cmdcons\HALSP.DL_
2004-08-03 22:59 2943 --a------ C:\WINDOWS\cmdcons\VIAIDE.SY_
2004-08-03 22:59 2897 --a------ C:\WINDOWS\cmdcons\INTELIDE.SY_
2004-08-03 22:59 24812 --a------ C:\WINDOWS\cmdcons\CDROM.SY_
2004-08-03 22:59 23453 --a------ C:\WINDOWS\cmdcons\SBP2PORT.SY_
2004-08-03 22:59 19989 --a------ C:\WINDOWS\cmdcons\DISK.SY_
2004-08-03 22:59 15204 --a------ C:\WINDOWS\cmdcons\FDC.SY_
2004-08-03 22:59 14614 --a------ C:\WINDOWS\cmdcons\LBRTFDC.SY_
2004-08-03 22:59 13610 --a------ C:\WINDOWS\cmdcons\PCIIDEX.SY_
2004-08-03 22:59 11325 --a------ C:\WINDOWS\cmdcons\FLPYDISK.SY_
2004-08-03 22:58 7921 --a------ C:\WINDOWS\cmdcons\KBDHID.SY_
2004-08-03 22:58 20981 --a------ C:\WINDOWS\cmdcons\MOUNTMGR.SY_
2004-08-03 22:58 12223 --a------ C:\WINDOWS\cmdcons\KBDCLASS.SY_
2004-08-03 22:38 47564 --a------ C:\WINDOWS\cmdcons\NTDETECT.COM
2004-08-03 22:05 48044 --a------ C:\WINDOWS\cmdcons\BIOSINFO.INF
2004-08-03 22:01 262144 --a------ C:\WINDOWS\cmdcons\SETUPREG.HIV
2001-08-17 22:34 6144 --a------ C:\WINDOWS\cmdcons\KBDTH3.DLL
2001-08-17 22:34 6144 --a------ C:\WINDOWS\cmdcons\KBDTH2.DLL
2001-08-17 22:34 6144 --a------ C:\WINDOWS\cmdcons\KBDINPUN.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDURDU.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDTH1.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDTH0.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDSYR2.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDSYR1.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDMON.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDKYR.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDINTEL.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDINTAM.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDINMAR.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDINKAN.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDINHIN.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDINGUJ.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDINDEV.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDHEB.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDFA.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDDIV2.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDDIV1.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDA3.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDA2.DLL
2001-08-17 22:34 5632 --a------ C:\WINDOWS\cmdcons\KBDA1.DLL
2001-08-17 22:24 10256 --a------ C:\WINDOWS\cmdcons\PARTMGR.SY_
2001-08-17 14:55 8192 --a------ C:\WINDOWS\cmdcons\KBDHEPT.DLL
2001-08-17 14:55 7168 --a------ C:\WINDOWS\cmdcons\KBDNEC.DLL
2001-08-17 14:55 7168 --a------ C:\WINDOWS\cmdcons\KBDCZ.DLL
2001-08-17 14:55 6656 --a------ C:\WINDOWS\cmdcons\KBDYCL.DLL
2001-08-17 14:55 6656 --a------ C:\WINDOWS\cmdcons\KBDSL1.DLL
2001-08-17 14:55 6656 --a------ C:\WINDOWS\cmdcons\KBDSL.DLL
2001-08-17 14:55 6656 --a------ C:\WINDOWS\cmdcons\KBDSG.DLL
2001-08-17 14:55 6656 --a------ C:\WINDOWS\cmdcons\KBDPL.DLL
2001-08-17 14:55 6656 --a------ C:\WINDOWS\cmdcons\KBDLA.DLL
2001-08-17 14:55 6656 --a------ C:\WINDOWS\cmdcons\KBDHU.DLL
2001-08-17 14:55 6656 --a------ C:\WINDOWS\cmdcons\KBDHELA3.DLL
2001-08-17 14:55 6656 --a------ C:\WINDOWS\cmdcons\KBDCZ2.DLL
2001-08-17 14:55 6656 --a------ C:\WINDOWS\cmdcons\KBDCZ1.DLL
2001-08-17 14:55 6656 --a------ C:\WINDOWS\cmdcons\KBDCR.DLL
2001-08-17 14:55 6656 --a------ C:\WINDOWS\cmdcons\KBDAL.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDUSX.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDUSR.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDUSL.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDTUQ.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDTUF.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDSW.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDSP.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDSF.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDPO.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDNO.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDNE.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDLV1.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDLV.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDIC.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDHELA2.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDGR1.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDGR.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDGKL.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDFR.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDFI.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDFC.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDEST.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDES.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDDA.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDCA.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDBR.DLL
2001-08-17 14:55 6144 --a------ C:\WINDOWS\cmdcons\KBDBE.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDYCC.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDVNTC.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDUZB.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDUS.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDUR.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDUK.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDTAT.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDRU1.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDRU.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDRO.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDPL1.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDLT1.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDLT.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDKAZ.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDIT142.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDIT.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDIR.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDHU1.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDHE319.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDHE220.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDHE.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDGAE.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDBU.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDBLR.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDAZEL.DLL
2001-08-17 14:55 5632 --a------ C:\WINDOWS\cmdcons\KBDAZE.DLL
2001-08-17 14:55 5120 --a------ C:\WINDOWS\cmdcons\KBDGEO.DLL
2001-08-17 14:55 5120 --a------ C:\WINDOWS\cmdcons\KBDDV.DLL
2001-08-17 14:55 5120 --a------ C:\WINDOWS\cmdcons\KBDARMW.DLL
2001-08-17 14:55 5120 --a------ C:\WINDOWS\cmdcons\KBDARME.DLL
2001-08-17 14:07 8352 --a------ C:\WINDOWS\cmdcons\SYMC810.SY_
2001-08-17 14:07 50331 --a------ C:\WINDOWS\cmdcons\ADPU160M.SY_
2001-08-17 14:07 3363 --a------ C:\WINDOWS\cmdcons\PERC2HIB.SY_
2001-08-17 14:07 30488 --a------ C:\WINDOWS\cmdcons\AIC78XX.SY_
2001-08-17 14:07 29912 --a------ C:\WINDOWS\cmdcons\AIC78U2.SY_
2001-08-17 14:07 2509 --a------ C:\WINDOWS\cmdcons\WMILIB.SY_
2001-08-17 14:07 18304 --a------ C:\WINDOWS\cmdcons\SYMC8XX.SY_
2001-08-17 14:07 17923 --a------ C:\WINDOWS\cmdcons\SYM_U3.SY_
2001-08-17 14:07 16761 --a------ C:\WINDOWS\cmdcons\SYM_HI.SY_
2001-08-17 14:07 16328 --a------ C:\WINDOWS\cmdcons\PERC2.SY_
2001-08-17 14:07 15648 --a------ C:\WINDOWS\cmdcons\HPN.SY_
2001-08-17 14:07 11098 --a------ C:\WINDOWS\cmdcons\SPARROW.SY_
2001-08-17 14:07 10997 --a------ C:\WINDOWS\cmdcons\DPTI2O.SY_
2001-08-17 14:06 6259 --a------ C:\WINDOWS\cmdcons\1394VDBG.SY_
2001-08-17 14:03 2495 --a------ C:\WINDOWS\cmdcons\USBD.SY_
2001-08-17 14:02 5265 --a------ C:\WINDOWS\cmdcons\HIDUSB.SY_
2001-08-17 13:58 2859 --a------ C:\WINDOWS\cmdcons\DMLOAD.SY_
2001-08-17 13:58 20351 --a------ C:\WINDOWS\cmdcons\ISAPNP.SY_
2001-08-17 13:57 6449 --a------ C:\WINDOWS\cmdcons\ACPIEC.SY_
2001-08-17 13:57 1629 --a------ C:\WINDOWS\cmdcons\OPRGHDLR.SY_
2001-08-17 13:56 1599 --a------ C:\WINDOWS\cmdcons\SPDDLANG.SY_
2001-08-17 13:52 9785 --a------ C:\WINDOWS\cmdcons\MRAID35X.SY_
2001-08-17 13:52 8560 --a------ C:\WINDOWS\cmdcons\INI910U.SY_
2001-08-17 13:52 8537 --a------ C:\WINDOWS\cmdcons\CPQARRAY.SY_
2001-08-17 13:52 8038 --a------ C:\WINDOWS\cmdcons\AHA154X.SY_
2001-08-17 13:52 8001 --a------ C:\WINDOWS\cmdcons\DAC960NT.SY_
2001-08-17 13:52 7630 --a------ C:\WINDOWS\cmdcons\CBIDF2K.SY_
2001-08-17 13:52 7277 --a------ C:\WINDOWS\cmdcons\AMSINT.SY_
2001-08-17 13:52 60791 --a------ C:\WINDOWS\cmdcons\FTDISK.SY_
2001-08-17 13:52 3975 --a------ C:\WINDOWS\cmdcons\CD20XRNT.SY_
2001-08-17 13:52 29302 --a------ C:\WINDOWS\cmdcons\DAC2W2K.SY_
2001-08-17 13:52 27359 --a------ C:\WINDOWS\cmdcons\QL1280.SY_
2001-08-17 13:52 25938 --a------ C:\WINDOWS\cmdcons\QL12160.SY_
2001-08-17 13:52 22855 --a------ C:\WINDOWS\cmdcons\QL1240.SY_
2001-08-17 13:52 22761 --a------ C:\WINDOWS\cmdcons\QL1080.SY_
2001-08-17 13:52 18888 --a------ C:\WINDOWS\cmdcons\QL10WNT.SY_
2001-08-17 13:52 15864 --a------ C:\WINDOWS\cmdcons\ULTRA.SY_
2001-08-17 13:52 15258 --a------ C:\WINDOWS\cmdcons\ASC.SY_
2001-08-17 13:52 13699 --a------ C:\WINDOWS\cmdcons\ABP480N5.SY_
2001-08-17 13:52 13211 --a------ C:\WINDOWS\cmdcons\ASC3350P.SY_
2001-08-17 13:51 8936 --a------ C:\WINDOWS\cmdcons\ASC3550.SY_
2001-08-17 13:51 3671 --a------ C:\WINDOWS\cmdcons\CMDIDE.SY_
2001-08-17 13:51 2839 --a------ C:\WINDOWS\cmdcons\ALIIDE.SY_
2001-08-17 13:51 2629 --a------ C:\WINDOWS\cmdcons\TOSIDE.SY_
2001-08-17 13:51 1695 --a------ C:\WINDOWS\cmdcons\PCIIDE.SY_
2001-08-17 13:49 6232 --a------ C:\WINDOWS\cmdcons\BOOTVID.DL_
2001-08-17 13:49 4184 --a------ C:\WINDOWS\cmdcons\KDCOM.DL_
2001-07-21 14:40 2437 --a------ C:\WINDOWS\cmdcons\VGAOEM.FO_
2001-07-21 14:20 847 --a------ C:\WINDOWS\cmdcons\L_INTL.NL_
2001-07-21 14:20 1642 --a------ C:\WINDOWS\cmdcons\C_437.NL_
2001-07-21 14:20 1479 --a------ C:\WINDOWS\cmdcons\C_1252.NL_

---- Directory of C:\WINDOWS\system32\OH ----

C:\WINDOWS\system32\OH\


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Modem Booster"="C:\Program Files\inKline Global\Modem Booster\ModemBtr.exe" [2003-10-10 12:53 3911680]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoShellSearchButto"= 0 (0x0)
"NoUserNameInStartMenu"= 00000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^(Empty).empty]
backup=C:\WINDOWS\pss\(Empty).emptyCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\(Empty).empty

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageFox.lnk]
backup=C:\WINDOWS\pss\ImageFox.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regrun2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows MSN]
C:\Program Files\Common Files\Microsoft Shared\DAO\MSN.msn

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-17 05:36]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-12 19:35]
S3 Slnt7554;USB Soft Modem Driver;C:\WINDOWS\system32\DRIVERS\slnt7554.sys [2004-08-03 22:41]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-16 14:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{266a7a26-b483-11dc-b8e7-00142a1274e9}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd2fbbc6-d2ee-11dc-b9c7-00142a1274e9}]
\Shell\AutoRun\command - L:\lg.cmd
\Shell\explore\Command - L:\lg.cmd
\Shell\open\Command - L:\lg.cmd

.
Contents of the 'Scheduled Tasks' folder
"2007-12-25 08:02:53 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 19:30:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-05 19:31:58
ComboFix-quarantined-files.txt 2008-02-05 11:31:35
ComboFix2.txt 2008-02-02 05:58:29
.
2008-01-23 12:23:32 --- E O F ---



Scan taken on 05 Feb 2008 09:38:01 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:40 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\inKline Global\Modem Booster\modembtr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.231.187.4:80
O4 - HKLM\..\Run: [Modem Booster] C:\Program Files\inKline Global\Modem Booster\ModemBtr.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - (no file)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 2266 bytes
Thanks all for helping me getting rid all of these SPYWARE !!

#20 OFFLINE   axenia

    Member

  • Members
  • PipPip
  • 33 posts
  • Gender:Male
  • Location:Malaysia
  • Interests:Computer and Science related things...

Posted 07 February 2008 - 02:40 PM

erk...maybe more viruses is coming.... :(
Thanks all for helping me getting rid all of these SPYWARE !!
Back to Spyware Hell


  1. Piriform Community Forums
  2. Computer Help and Discussion
  3. Spyware Hell