Need help please(I may have a virus/adware)

MBGraphics

MBGraphics

VIP Member
Hey there everybody, Just recently I have noticed my computer getting a little slower, so I did a sweep with Spy Sweeper. It caught 32 items overall:eek: One of them being "Adware". So I quarentined everything, restarted, then went back in and deleted it all then restarted again. This did absolutly nothing, I was still laging a LOT. And it was only getting worse. I was getting a few pop-ups but not many. Now there are maybe 1-2 pop-ups (nothing im THAT worried about).

My main concern is that now my internet is COMLETLY down, it wont let me access any websites or anything. I know it's not an internet problem because my dad's computer gets his internet through a router and my computer has the main line, so if I have no internet, he has no internet (but he has internet right now, and I dont, so I know it's somthing to do with thats messing with my computer).

The strange thing is everything else seems to be running pretty normal. Start-ups are horrible though, I had to force shut down (hold the power button) about 8-10 times today before it finaly let me fully boot.

Right now im running in "SafeMode with Networking" and internet works just fine (a bit slow and jumpy, but i think thats due to the safe mode.


Does anybody have any ideas of whats going on or how to fix it?
I can get a HijackThis log if needed.

Thanks in advanced!
-Mike
 
Pls post a hijackthis log, and might be worth Downloading and installing + run Malware bytes, if you do, can you pls post that log.

thanks
 
Ok, here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:37 PM, on 9/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.freewebs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [{88263159-d7ea-a00a-302d-778d20c39157}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\dcftwsccwjivny.dll" DllStub
O4 - HKLM\..\Run: [BMc3f18164] "Rundll32.exe" "C:\WINDOWS\system32\nfxbdohd.dll",s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [c0c2b2f8] rundll32.exe "C:\WINDOWS\system32\efcBtSkI.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: UltraMon.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136011116468
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/install/gtdownls.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O20 - AppInit_DLLs: xwvexa.dll gxnotq.dll dfhnhc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 10034 bytes
 
You mite want to clean up your start up entries as there are a lot. Otherwise I suggest taking a deeper look.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
Respital said:
You mite want to clean up your start up entries as there are a lot. Otherwise I suggest taking a deeper look.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Click to expand...

Yes do this, post the combo fix log and a fresh hijackthis.

Also for the next hijackthis log, can you pls do it in the full mode.

Thanks,
 
Well I just tried doing this, and it's not letting me get to any of those websites while on "Safe Mode with Networking" and whatever is infecting my computer has gotten bad enough to the point where Its literally impossible to boot normaly. Every time it will do one of a few things, freeze on the welcome screen so I have to re-boot, freeze after logging in so I have to re-boot or go to a blue screen.

Any other ideas?
 
Google search and Download Malware Bytes Anti Malware, run it and post the log of that, if it works, and then we can go from there.
 
Locate this one, it's a Trojan downloader and delete it
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe

Valid svchost files only reside in the system32 folder. I don't know enough on how to clean your system but by deleting that file may give you a start.
 
Cohen, I just did a search and im not finding one like that, the title says thats what it is but it trys to make me DL somthing like AVG, Advance Anti Virus and some others. I'm not finding any that are actually called Malware Bytes Anti Malware.

TFT, I just went into HijackThis and checked that and hit "fix selected" so that should be fixed now.

any other ideas?
 
Ok,here is the ComboFix log:

ComboFix 08-09-20.05 - chevy 2008-09-20 18:00:08.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2385 [GMT -7:00]
Running from: G:\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\chevy\LOCALS~1\Temp\spwA.tmp
C:\Documents and Settings\chevy\Cookies\[email protected][1].txt
C:\Documents and Settings\chevy\Cookies\chevy@trafficmp[1].txt
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\BMc3f18164.txt
C:\WINDOWS\BMc3f18164.xml
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\_003284_.tmp.dll
C:\WINDOWS\system32\_003285_.tmp.dll
C:\WINDOWS\system32\_003286_.tmp.dll
C:\WINDOWS\system32\_003287_.tmp.dll
C:\WINDOWS\system32\_003292_.tmp.dll
C:\WINDOWS\system32\_003293_.tmp.dll
C:\WINDOWS\system32\_003294_.tmp.dll
C:\WINDOWS\system32\_003295_.tmp.dll
C:\WINDOWS\system32\_003296_.tmp.dll
C:\WINDOWS\system32\_003297_.tmp.dll
C:\WINDOWS\system32\_003298_.tmp.dll
C:\WINDOWS\system32\_003299_.tmp.dll
C:\WINDOWS\system32\_003300_.tmp.dll
C:\WINDOWS\system32\_003301_.tmp.dll
C:\WINDOWS\system32\_003303_.tmp.dll
C:\WINDOWS\system32\_003304_.tmp.dll
C:\WINDOWS\system32\_003306_.tmp.dll
C:\WINDOWS\system32\_003307_.tmp.dll
C:\WINDOWS\system32\_003308_.tmp.dll
C:\WINDOWS\system32\_003310_.tmp.dll
C:\WINDOWS\system32\_003313_.tmp.dll
C:\WINDOWS\system32\_003314_.tmp.dll
C:\WINDOWS\system32\_003316_.tmp.dll
C:\WINDOWS\system32\_003317_.tmp.dll
C:\WINDOWS\system32\_003318_.tmp.dll
C:\WINDOWS\system32\_003319_.tmp.dll
C:\WINDOWS\system32\_003320_.tmp.dll
C:\WINDOWS\system32\_003321_.tmp.dll
C:\WINDOWS\system32\_003323_.tmp.dll
C:\WINDOWS\system32\_003324_.tmp.dll
C:\WINDOWS\system32\_003325_.tmp.dll
C:\WINDOWS\system32\_003326_.tmp.dll
C:\WINDOWS\system32\_003327_.tmp.dll
C:\WINDOWS\system32\_003328_.tmp.dll
C:\WINDOWS\system32\_003329_.tmp.dll
C:\WINDOWS\system32\_003330_.tmp.dll
C:\WINDOWS\system32\_003333_.tmp.dll
C:\WINDOWS\system32\_003334_.tmp.dll
C:\WINDOWS\system32\_003335_.tmp.dll
C:\WINDOWS\system32\_003336_.tmp.dll
C:\WINDOWS\system32\_003337_.tmp.dll
C:\WINDOWS\system32\_003338_.tmp.dll
C:\WINDOWS\system32\_003339_.tmp.dll
C:\WINDOWS\system32\_003341_.tmp.dll
C:\WINDOWS\system32\_003342_.tmp.dll
C:\WINDOWS\system32\_003343_.tmp.dll
C:\WINDOWS\system32\_003344_.tmp.dll
C:\WINDOWS\system32\_003345_.tmp.dll
C:\WINDOWS\system32\_003346_.tmp.dll
C:\WINDOWS\system32\_003348_.tmp.dll
C:\WINDOWS\system32\_003351_.tmp.dll
C:\WINDOWS\system32\_003352_.tmp.dll
C:\WINDOWS\system32\_003356_.tmp.dll
C:\WINDOWS\system32\_003357_.tmp.dll
C:\WINDOWS\system32\_003359_.tmp.dll
C:\WINDOWS\system32\_003362_.tmp.dll
C:\WINDOWS\system32\_003364_.tmp.dll
C:\WINDOWS\system32\_003365_.tmp.dll
C:\WINDOWS\system32\_003366_.tmp.dll
C:\WINDOWS\system32\_003367_.tmp.dll
C:\WINDOWS\system32\_003370_.tmp.dll
C:\WINDOWS\system32\_003371_.tmp.dll
C:\WINDOWS\system32\_003372_.tmp.dll
C:\WINDOWS\system32\_003373_.tmp.dll
C:\WINDOWS\system32\_003374_.tmp.dll
C:\WINDOWS\system32\_003379_.tmp.dll
C:\WINDOWS\system32\_003381_.tmp.dll
C:\WINDOWS\system32\_003382_.tmp.dll
C:\WINDOWS\system32\bhlhbjde.dll
C:\WINDOWS\SYSTEM32\BIRsAJlm.ini
C:\WINDOWS\system32\bmimlplj.dll
C:\WINDOWS\system32\bvtivuaf.dll
C:\WINDOWS\system32\byXnKcBu.dll
C:\WINDOWS\system32\byXPHaWp.dll
C:\WINDOWS\system32\cbXQheEv.dll
C:\WINDOWS\system32\cbXQhGvw.dll
C:\WINDOWS\system32\cgvadhej.dll
C:\WINDOWS\system32\dfhnhc.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\efcBtSkI.dll
C:\WINDOWS\system32\efcYOifF.dll
C:\WINDOWS\system32\fcccyVlL.dll
C:\WINDOWS\system32\fccdaaBU.dll
C:\WINDOWS\system32\fogximhf.dll
C:\WINDOWS\system32\frjjdake.dll
C:\WINDOWS\system32\guknksmh.dll
C:\WINDOWS\system32\gxnotq.dll
C:\WINDOWS\system32\haemdi.dll
C:\WINDOWS\system32\IkStBcfe.ini
C:\WINDOWS\system32\jkkklKDS.dll
C:\WINDOWS\system32\jkkLETNf.dll
C:\WINDOWS\system32\khfFXooN.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJYPhee.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\SYSTEM32\MSrrqtwa.ini
C:\WINDOWS\system32\nnnmnLfd.dll
C:\WINDOWS\system32\otsdyhpk.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnmlkiG.dll
C:\WINDOWS\system32\qaugjc.dll
C:\WINDOWS\system32\rqRJArPh.dll
C:\WINDOWS\system32\rqRKCvTJ.dll
C:\WINDOWS\system32\SDKlkkkj.ini
C:\WINDOWS\SYSTEM32\SDKlkkkj.ini2
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\ttgbjl(2).dll
C:\WINDOWS\system32\twddnsre.dll
C:\WINDOWS\SYSTEM32\uBcKnXyb.ini
C:\WINDOWS\SYSTEM32\uBcKnXyb.ini2
C:\WINDOWS\system32\vtUoPgda.dll
C:\WINDOWS\SYSTEM32\WEKTCJlm.ini
C:\WINDOWS\system32\xwvexa.dll
C:\WINDOWS\system32\yayvTmmL.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-21 to 2008-09-21 )))))))))))))))))))))))))))))))
.

2008-09-20 16:44 . 2008-09-20 16:44 <DIR> d-------- C:\Program Files\Antivirus Protection
2008-09-20 15:03 . 2008-09-20 15:03 65 --a------ C:\WINDOWS\SYSTEM32\c0c2a076
2008-09-20 14:43 . 2008-09-20 14:43 355 --a------ C:\955.bat
2008-09-20 13:13 . 2008-09-20 13:13 71 --a------ C:\Documents and Settings\chevy\1359.bat
2008-09-20 12:35 . 2008-09-20 12:35 71 --a------ C:\Documents and Settings\chevy\4742.bat
2008-09-20 12:26 . 2008-09-20 12:26 355 --a------ C:\421.bat
2008-09-19 16:57 . 2008-09-19 16:57 71 --a------ C:\Documents and Settings\chevy\3480.bat
2008-09-19 16:01 . 2008-09-19 16:01 34,816 --a------ C:\WINDOWS\SYSTEM32\tuvWmJdb.dll
2008-09-19 16:01 . 2008-09-19 16:01 355 --a------ C:\356.bat
2008-09-17 19:49 . 2008-09-17 19:49 1,001,023 --ahs---- C:\WINDOWS\SYSTEM32\WEKTCJlm.tmp
2008-09-17 19:02 . 2008-09-17 19:02 (2) -rahs-ot- C:\WINDOWS\winstart.bat
2008-09-17 19:00 . 2008-09-17 19:49 <DIR> d-------- C:\Program Files\UnHackMe
2008-09-17 16:37 . 2008-09-17 16:37 121 --ahs---- C:\WINDOWS\SYSTEM32\BIRsAJlm.tmp
2008-09-17 16:02 . 2008-09-17 16:02 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2008-09-17 15:59 . 2008-09-17 18:23 <DIR> d--hs---- C:\WINDOWS\Y2hldnk
2008-09-17 15:59 . 2008-09-17 15:59 71,711 --a------ C:\WINDOWS\SYSTEM32\eiytiugwtrfxaxske.exe
2008-09-17 15:58 . 2008-09-17 18:20 <DIR> d-------- C:\WINDOWS\SYSTEM32\wp
2008-09-17 15:58 . 2008-09-17 15:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\RES
2008-09-17 15:58 . 2008-09-17 18:21 <DIR> d-------- C:\WINDOWS\SYSTEM32\np5
2008-09-17 15:58 . 2008-09-17 15:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\mC02
2008-09-17 15:58 . 2008-09-17 15:58 <DIR> d-------- C:\Temp\mtc2
2008-09-17 15:58 . 2008-09-20 18:02 <DIR> d-------- C:\Temp
2008-09-05 17:28 . 2008-09-05 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-08-29 05:11 . 2008-08-29 05:11 166,400 --a------ C:\WINDOWS\SYSTEM32\dcftwsccwjivny.dll
2008-08-27 14:03 . 2008-08-27 14:03 42,320 --a------ C:\WINDOWS\SYSTEM32\xfcodec.dll
2008-08-27 13:35 . 2007-02-28 02:08 2,147,840 --a------ C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-26 23:08 . 2008-08-26 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-08-26 23:07 . 2008-08-26 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2008-08-26 19:50 . 2008-08-27 13:48 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-26 19:45 . 2004-08-10 03:00 71,040 --------- C:\WINDOWS\SYSTEM32\DRIVERS\_003269_.tmp.dll
2008-08-26 19:07 . 2008-04-13 17:11 2,843,136 --a------ C:\WINDOWS\SYSTEM32\SET961.tmp
2008-08-26 18:46 . 2008-08-28 09:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-08-23 19:59 . 2008-08-23 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winferno

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 23:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-20 05:43 --------- d-----w C:\Documents and Settings\chevy\Application Data\Xfire
2008-09-19 03:41 --------- d-s---w C:\Program Files\Xfire
2008-09-19 01:02 --------- d-----w C:\Documents and Settings\chevy\Application Data\ZoomBrowser EX
2008-09-18 03:00 --------- d-----w C:\Program Files\LimeWire
2008-09-17 22:57 --------- d-----w C:\Documents and Settings\chevy\Application Data\Azureus
2008-09-16 03:35 139,128 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-06 00:54 --------- d-----w C:\Program Files\Canon
2008-09-06 00:26 --------- d-----w C:\Program Files\Common Files\Canon
2008-08-27 21:12 --------- d-----w C:\Program Files\Ascentive
2008-08-27 05:59 --------- d-----w C:\Documents and Settings\chevy\Application Data\gtk-2.0
2008-08-27 03:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-27 03:08 --------- d-----w C:\Program Files\Freeze.com Toolbar
2008-08-24 03:07 --------- d-----w C:\Program Files\Bonjour
2008-08-24 03:03 --------- d-----w C:\Program Files\Speeditup Free
2008-08-24 03:02 --------- d-----w C:\Program Files\MySpace
2008-08-21 05:06 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-08-21 05:06 --------- d-----w C:\Program Files\AWS
2008-08-21 05:06 --------- d-----w C:\Documents and Settings\chevy\Application Data\WeatherBug
2008-08-20 07:49 --------- d-----w C:\Program Files\Flickr Uploadr
2008-08-20 01:02 --------- d-----w C:\Program Files\HD Tune
2008-08-13 21:58 --------- d-----w C:\Documents and Settings\chevy\Application Data\BearShare
2008-08-12 05:50 --------- d-----w C:\Program Files\BearShare Applications
2008-08-12 02:23 32,778 ----a-w C:\WINDOWS\Fonts\thematrix.zip
2008-08-12 02:07 81,312 ----a-w C:\WINDOWS\Fonts\fontz_1120_miltownmatrix.zip
2008-08-11 05:03 --------- d-----w C:\Documents and Settings\chevy\Application Data\Flickr
2008-08-09 23:09 --------- d-----w C:\Program Files\GIMP-2.0
2008-08-04 22:27 --------- d-----w C:\Program Files\UltraMon
2008-08-04 22:27 --------- d-----w C:\Program Files\Common Files\Realtime Soft
2008-08-04 22:27 --------- d-----w C:\Documents and Settings\chevy\Application Data\Realtime Soft
2008-08-04 22:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-08-04 22:15 --------- d-----w C:\Program Files\Common Files\Stardock
2008-07-23 08:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 17:58 22,328 ----a-w C:\Documents and Settings\chevy\Application Data\PnkBstrK.sys
2007-10-06 21:22 1,066,496 -csha-w C:\Program Files\ehthumbs.db
2005-08-06 06:54 211,952 ----a-w C:\Program Files\new.sc3
2005-08-06 03:55 164,538 -c--a-w C:\Program Files\new city.sc3
2005-07-29 22:52 56,192 ----a-w C:\Program Files\New City69.sc3
2005-07-07 23:07 251 ----a-w C:\Program Files\wt3d.ini
2003-05-27 03:08 8,964,958 ----a-w C:\Documents and Settings\chevy\SCXE26Setup.exe
2003-05-05 22:59 436,224 ----a-w C:\Documents and Settings\chevy\SCXEDirectoryFix.exe
2003-04-19 22:34 467,968 ----a-w C:\Documents and Settings\chevy\SCXEUpd.exe
.

------- Sigcheck -------

2005-03-01 17:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 09:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 02:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-03 20:59 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 17:34 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 05:55 2015744 bbb2322eb14ad9ad55b1024ffd4d88bf C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 01:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
2008-04-13 11:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
2007-02-28 01:38 2027520 54a8b9806027049f8b19f1274a63c7b4 C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2007-02-28 01:38 2015744 a58ac1c6199ef34228abee7fc057ae09 C:\WINDOWS\SYSTEM32\VITrans\ntkrnlpa.exe

2005-03-01 18:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 09:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 02:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-03 21:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 17:57 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 07:15 2136064 8318ed54797f3e513fd5817a1d4bbd18 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 02:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
2008-04-13 12:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
2007-02-28 02:08 2147840 5fb20cabc9a81baaabbe63f30ffc5284 C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2007-02-28 02:08 2136064 1220faf071dea8653ee21de7dcda8bfd C:\WINDOWS\SYSTEM32\VITrans\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18a44c72-d267-d443-1461-db8338bae54e}]
2008-08-29 05:11 166400 --a------ C:\WINDOWS\system32\dcftwsccwjivny.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-12-30 1365504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-17 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 90112]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-04 187496]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"{88263159-d7ea-a00a-302d-778d20c39157}"="C:\WINDOWS\system32\dcftwsccwjivny.dll" [2008-08-29 166400]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 5361464]
"CTHelper"="CTHELPER.EXE" [2004-03-11 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]

C:\Documents and Settings\chevy\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe [2006-12-14 214520]
PowerReg Scheduler V3.exe [2005-08-09 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
UltraMon.lnk - C:\WINDOWS\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2008-08-04 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xwvexa.dll gxnotq.dll dfhnhc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk
backup=C:\WINDOWS\pss\ImageMixer for HDD Camcorder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^chevy^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\chevy\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^chevy^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\chevy\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 03:00 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 10:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 10:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 14:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 14:56 64512 C:\WINDOWS\EHOME\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 17:24 50760 C:\Program Files\Common Files\AOL\1154645544\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
--------- 2002-05-29 01:23 258118 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 2004-09-20 02:27 65536 C:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-06-28 21:51 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2007-07-19 22:54 5361464 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 04:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
--a------ 2007-11-19 14:01 163840 C:\Program Files\ViOrb\ViOrb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
--a------ 2007-11-20 14:51 524288 C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
--a------ 2007-11-26 20:27 593920 C:\Program Files\ViStart\ViStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 20280]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
S1 agp4400;agp4400;C:\WINDOWS\system32\drivers\agp4400.sys [ ]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{26D81645-7E48-45C2-B063-9CB1E02045CB} - C:\WINDOWS\system32\jkkklKDS.dll
BHO-{5667B8CF-EB62-48DD-9155-6EB5D985388B} - C:\WINDOWS\system32\byXnKcBu.dll
BHO-{7186704C-C78F-425D-80DC-17A8E83F246F} - C:\WINDOWS\system32\yayvTmmL.dll
HKLM-Run-BMc3f18164 - C:\WINDOWS\system32\nfxbdohd.dll
HKLM-Run-c0c2b2f8 - C:\WINDOWS\system32\efcBtSkI.dll
ShellExecuteHooks-{07846E47-47CE-4C7C-989A-9A8380F3BD91} - (no file)
ShellExecuteHooks-{DA2E0515-F0D5-4773-8191-400CCD50783B} - (no file)
ShellExecuteHooks-{7186704C-C78F-425D-80DC-17A8E83F246F} - C:\WINDOWS\system32\yayvTmmL.dll
Notify-dimsntfy - (no file)
MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-MySpaceIM - C:\Program Files\MySpace\IM\MySpaceIM.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\chevy\Application Data\Mozilla\Firefox\Profiles\0l1uaqr4.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://us.f825.mail.yahoo.com/dc/launch?.rand=4euaucs69t81s
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npampx3.0.84.2.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 18:20:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\WINDOWS\EHOME\ehrecvr.exe
C:\WINDOWS\EHOME\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
C:\WINDOWS\SYSTEM32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\WINDOWS\EHOME\mcrdsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SYSTEM32\dllhost.exe
C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\WINDOWS\SYSTEM32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-09-20 18:43:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-21 01:43:05
ComboFix2.txt 2008-02-14 23:15:33
ComboFix3.txt 2008-02-14 02:37:11

Pre-Run: 181,409,173,504 bytes free
Post-Run: 181,386,924,032 bytes free

449 --- E O F --- 2008-09-10 22:01:21
 
Buzz1927 said:
Please wait for Cohen to give his standard bullshit reply :D
Click to expand...

I laughed so hard but since he isn't online... i'll do the honors. :P
Buzz why don't you just simply give him a ComboFix script anyways? You are able to aren't you? :confused:

Run A Kaspersky Online Scan
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
 
Buzz1927 said:
Yes, but I won't while he's still around :)
Click to expand...

Oh then maybe i could lend him my toy which only he is allowed to touch. :P
10-atom-bomb-casing.jpg
Cohen, only you are allowed to touch this. :)
 
You must log in or register to reply here.
Back
Top