Thread: help cleaning up
View Single Post
Old 06-26-2007, 12:31 PM   #6 (permalink)
xdragonx
Registered User
 
Join Date: Nov 2006
Posts: 58
OS: WinXP


Re: help cleaning up
i have submitted the catchme.zip and i encountered no problems at all while performing any of the steps and the computer seems to be working like before..

here is hijack this


Logfile of HijackThis v1.99.1
Scan saved at 11:28, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DHAutoRun] C:\Program Files\LITTLEGIANT\Foxplayer\DHAutoRun.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 플래쉬겟으로 모두 받기 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 플래쉬겟으로 받기 - C:\Program Files\FlashGet\jc_link.htm
O10 - Broken Internet access because of LSP provider 'prxernsp.dll' missing
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} - http://help.rr.com/Foundrysdccommon/...ad/tgctlar.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {21FDDE58-51A6-402A-8040-39DA033DC196} (Pull0PlayerX Control) - http://image.pullbbang.com/newTop/Pull0Control.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://cafe.naver.com/common/activex/nbgm.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://imgcdn.pandora.tv/pan_img/liv.../SVPorsche.cab
O16 - DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} (Imweb Control) - http://activexdown.paran.com/paranac...data/imweb.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} - http://pimg.hanmail.net/tv/cabs_2005...VInstaller.cab
O16 - DPF: {93F79C47-F414-4EEE-95C5-A0F0ACE59A0E} - http://www.altools.co.kr/ALDX.cab
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} - http://www.diodeo.com/DioDeoPlayer.cab
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} - http://live.pdbox.co.kr:8057/WStarter.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A79A1664-9145-4B61-A34B-0139959EE714} - http://www.diodeo.com/DioDeoPlayer.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} - http://www.camtour.co.kr/webeye/wg_webeye.cab
O16 - DPF: {A9A10555-AD70-4A69-A440-9159867E61B9} (muzmvset Class) - http://player.muz.co.kr/package/muzmvset.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} - http://download.soribada.com/down/So...24/SBStart.CAB
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3p...e/pdrtvset.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,1
O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} - http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab
O16 - DPF: {BE81B237-0EE9-40F6-BABB-0CE2C1DA7832} - http://activexdown.paran.com/paranac...a/ImPlayer.cab
O16 - DPF: {C294E262-4EC1-4407-8AB9-787269BC875D} - http://www.findclubbox.co.kr/ax_cb/cb.cab
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://casx.musiccity.co.kr/damoim/dll/p3damoimset.cab
O16 - DPF: {C394A9A2-C51D-4C26-BB2C-6DEB30A890F4} - http://www.diodeo.com/ActiveDiodeoPlayer.cab
O16 - DPF: {C4CD0ED6-5C46-432D-BF4E-3069700DEEBD} (PhotoTVControl Control) - http://www.myphototv.com/Box/Control...oTVControl.cab
O16 - DPF: {D0122112-9444-463A-AE2D-7EF5E2793AEE} - http://update.ad-zero.com/cab/ADZEROCom.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} - http://image.pullbbang.com/images/Pull0Control.ocx
O16 - DPF: {DF472C86-9DD8-46C4-86D3-4A861DE82650} (LiveUpdate Class) - http://imgcdn.pandora.tv/pan_img/liv...iveUpdater.cab
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.pdbox.co.kr:8057/AFCStarter.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/lau...ra_SetUpAX.cab
O16 - DPF: {F9483795-6A21-47A0-949B-77E3E8A41989} (KTHPlayerCtrl Control) - http://mbox.paran.com/mbox/cabinets/KTHPlayerCtrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


here is the kaspersky online results


Tuesday, June 26, 2007 11:14
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/06/2007
Kaspersky Anti-Virus database records: 353503


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases false

Scan Target My Computer
A:\
C:\
D:\
E:\
G:\

Scan Statistics
Total number of scanned objects 112989
Number of viruses found 23
Number of infected objects 74 / 0
Number of suspicious objects 2
Duration of the scan process 02:55:31

Infected Object Name Virus Name Last Action
C:\Documents and Settings\admin\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\Yahoo\Widget Engine\Widgets DB\widgets.db Object is locked skipped

C:\Documents and Settings\admin\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\admin\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\admin\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip/win19E.tmp.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01440000.VBN/Setup.exe Infected: Worm.Win32.VB.an skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01440000.VBN ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01440000.VBN CryptZ: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01980000.VBN Infected: Backdoor.Win32.Pakes skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A00000.VBN/Setup.exe Infected: P2P-Worm.Win32.SpyBot.gz skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A00000.VBN ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04A00000.VBN CryptZ: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D00000.VBN/setup.exe Infected: not-a-virus:AdWare.Win32.AdvertMen.a skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D00000.VBN ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D00000.VBN CryptZ: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07200000.VBN/Setup.exe Infected: Backdoor.Win32.IRCBot.tk skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07200000.VBN ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07200000.VBN CryptZ: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07740000.VBN/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07740000.VBN ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07740000.VBN CryptZ: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\081C0000.VBN/[CRACKS] Absynth 3 serial numbers and keygen.exe Infected: not-a-virus:AdWare.Win32.180Solutions.as skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\081C0000.VBN ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\081C0000.VBN CryptZ: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09580000.VBN/Setup.exe Infected: Worm.Win32.VB.an skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09580000.VBN ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09580000.VBN CryptZ: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EF00000\4EF8BCBF.VBN Infected: Trojan-Clicker.Win32.Agent.is skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F680000.VBN/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F680000.VBN ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F680000.VBN CryptZ: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0512NAV~.TMP Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0819NAV~.TMP Object is locked skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1162OinAdmin.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\QooBox\Quarantine\C\WINDOWS\avp.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.b skipped

C:\QooBox\Quarantine\C\WINDOWS\smgr.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\driver.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.c skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\nnnnkkk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\phhrpg.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\pmnnlmj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ucewncqg.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped

C:\QooBox\Quarantine\catchme2007-06-25_221724.64.zip/snqubpqs.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\QooBox\Quarantine\catchme2007-06-25_221724.64.zip/klsgyios.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\QooBox\Quarantine\catchme2007-06-25_221724.64.zip/midwtspf.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\QooBox\Quarantine\catchme2007-06-25_221724.64.zip ZIP: infected - 3 skipped

C:\QooBox\Quarantine\curity~1\chkntfs.exe Infected: Trojan-Downloader.Win32.PurityScan.ej skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP438\A0064418.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP438\A0064420.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP438\A0064420.exe/data.rar/crack.exe Infected: Trojan.Win32.Agent.apt skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP438\A0064420.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.qn skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP438\A0064420.exe/data.rar/install.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP438\A0064420.exe/data.rar Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP438\A0064420.exe RarSFX: infected - 5 skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP438\A0064421.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064443.exe Infected: Trojan-Downloader.Win32.Alphabet.c skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064444.exe Infected: Trojan-Downloader.Win32.Alphabet.c skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064445.exe Infected: Trojan-Downloader.Win32.Alphabet.c skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064446.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064448.exe Infected: Trojan-Downloader.Win32.Alphabet.b skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064449.dll Infected: Trojan.Win32.Dialer.qn skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064451.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064452.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064460.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064460.exe/data.rar/crack.exe Infected: Trojan.Win32.Agent.apt skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064460.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.qn skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064460.exe/data.rar/install.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064460.exe/data.rar Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064460.exe RarSFX: infected - 5 skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064575.exe Infected: Trojan-Downloader.Win32.Alphabet.c skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064576.exe Infected: Trojan-Downloader.Win32.Alphabet.c skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064577.exe Infected: Trojan-Downloader.Win32.Alphabet.c skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064578.dll Infected: Trojan.Win32.Dialer.qn skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0064579.exe Infected: Trojan-Downloader.Win32.Alphabet.b skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0065533.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0065580.exe Infected: Trojan-Downloader.Win32.Alphabet.b skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0065581.exe Infected: Trojan-Downloader.Win32.Alphabet.c skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0065582.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0065584.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP440\A0065588.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{9C6D3BBA-122B-4B5E-BB3D-F892C47789C2}\RP442\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

C:\WINDOWS\system32\sysmon32.exe Infected: Trojan-Downloader.Win32.Alphabet.c skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


here is the combofix log


"admin" - 2007-06-25 22:10:19 - ComboFix 07-06-25.2 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\admin\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))


2007-06-24 16:00 122,944 --a------ C:\WINDOWS\system32\snqubpqs.exe
2007-06-24 15:23 122,944 --a------ C:\WINDOWS\system32\klsgyios.exe
2007-06-24 10:58 122,944 --a------ C:\WINDOWS\system32\midwtspf.exe
2007-06-23 20:01 28,160 --a------ C:\WINDOWS\system32\sysmon32.exe
2007-06-23 17:48 <DIR> d-------- C:\Program Files\GNU
2007-06-23 16:39 236,747 --a------ C:\Program Files\FLVSPLITTER.exe
2007-06-22 19:16 <DIR> d-------- C:\Program Files\PictureProject In Touch Downloader
2007-06-22 19:15 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2007-06-22 19:15 76,800 -ra------ C:\WINDOWS\system32\RedEye.dll
2007-06-22 19:15 5,709,824 -ra------ C:\WINDOWS\system32\NkNEFPlugin.dll
2007-06-22 19:15 495,616 -ra------ C:\WINDOWS\system32\DRAGNKL1.dll
2007-06-22 19:15 48,128 -ra------ C:\WINDOWS\system32\picn20.dll
2007-06-22 19:15 180,224 -ra------ C:\WINDOWS\system32\Strato4.dll
2007-06-22 19:15 180,224 -ra------ C:\WINDOWS\system32\picn1120.dll
2007-06-22 19:15 155,648 -ra------ C:\WINDOWS\system32\picn1020.dll
2007-06-22 19:15 110,592 -ra------ C:\WINDOWS\system32\RCSigProc.dll
2007-06-22 19:15 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2007-06-22 19:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nikon
2007-06-22 19:15 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\Nikon
2007-06-22 19:14 20 ---h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PKP_DLds.DAT
2007-06-22 19:14 <DIR> d-------- C:\Program Files\Nikon
2007-06-22 19:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15
2007-06-22 19:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp
2007-06-22 19:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Applause and Laugher
2007-06-22 19:11 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-06-22 19:11 <DIR> d-------- C:\Program Files\ArcSoft
2007-06-22 19:10 <DIR> d-------- C:\Program Files\Common Files\Nikon
2007-06-22 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-06-22 10:13 <DIR> d-------- C:\Program Files\DivXLand
2007-06-22 10:11 1,783,574 --a------ C:\Program Files\DivXLand_MediaSub_205.exe
2007-06-17 18:33 <DIR> d-------- C:\Program Files\KONAMI
2007-06-17 16:29 23,220,928 --a------ C:\Program Files\JAD7_BASIC.exe
2007-06-09 11:05 <DIR> d-------- C:\Program Files\DkZ Studio
2007-06-09 11:03 <DIR> d-------- C:\Program Files\dkz
2007-06-01 23:23 <DIR> d-------- C:\Program Files\afreeca
2007-06-01 23:10 53,248 --a------ C:\WINDOWS\system32\PrxerNsp.dll
2007-06-01 23:10 53,248 --a------ C:\WINDOWS\system32\PrxerDrv.dll
2007-06-01 23:10 <DIR> d-------- C:\Program Files\Proxifier
2007-06-01 23:09 701,713 --a------ C:\Program Files\ProxifierSetup.exe
2007-06-01 18:10 <DIR> d-------- C:\Program Files\COWON
2007-06-01 15:20 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2007-06-01 15:20 45,056 --a------ C:\WINDOWS\system32\ogg.dll
2007-06-01 15:20 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2007-06-01 15:20 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2007-06-01 15:11 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\COWON
2007-06-01 15:06 <DIR> d-------- C:\Program Files\JetAudio
2007-06-01 15:06 <DIR> d-------- C:\Program Files\Common Files\COWON
2007-05-30 20:51 26,057 --a------ C:\subafsfile0.bin


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-25 02:14:00 -------- d-----w C:\Program Files\Minilyrics
2007-06-24 23:34:30 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-06-24 23:09:56 -------- d-----w C:\Program Files\FlashGet
2007-06-24 18:02:45 -------- d-----w C:\Program Files\CCleaner
2007-06-23 02:15:03 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-20 05:03:36 -------- d-----w C:\Program Files\NetFolder
2007-06-13 01:54:56 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\LimeWire
2007-06-13 00:16:43 -------- d-----w C:\Program Files\GRETECH
2007-06-13 00:16:43 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\GRETECH
2007-06-10 02:02:24 -------- d-----w C:\Program Files\TVAnts
2007-06-10 02:01:17 2,838,136 ----a-w C:\Program Files\TvantsSetup.EXE
2007-06-09 18:37:58 -------- d-----w C:\Program Files\Game Graphic Studio
2007-06-09 18:04:06 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-06-09 05:19:41 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\Fileguri
2007-05-31 04:21:56 54,304 ----a-w C:\bin0.bin
2007-05-29 2142 565,248 ----a-w C:\WINDOWS\system32\IdiskLauncherEx.exe
2007-05-28 02:46:08 -------- d-----w C:\Program Files\Nowcom
2007-05-26 05:56:47 -------- d-----w C:\Program Files\StepMania
2007-05-24 21:26:19 8,224 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-05-24 11:10:23 -------- d-----w C:\Program Files\Microsoft Works
2007-05-24 11:07:20 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-24 10:22:13 -------- d-----w C:\Program Files\backups
2007-05-24 07:53:50 -------- d-----w C:\Program Files\Winamp
2007-05-24 03:08:45 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\SmartDraw
2007-05-22 02:26:26 12,302,384 ----a-w C:\Program Files\widgetsus.exe
2007-05-21 01:13:46 -------- d-----w C:\Program Files\DivX
2007-05-21 01:02:03 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\dvdcss
2007-05-20 22:44:40 6,221,304 ----a-w C:\Program Files\winamp535_full_emusic-7plus.exe
2007-05-20 20:50:38 2,719,216 ----a-w C:\Program Files\ccsetup140.exe
2007-05-19 00:25:57 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\ESTsoft
2007-05-19 00:24:44 -------- d-----w C:\Program Files\ESTsoft
2007-05-19 00:22:13 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\U3
2007-05-18 04:33:11 -------- d-----w C:\Program Files\FT8D91
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 01:43:24 1 ----a-w C:\mcheck_dio.dat
2007-05-08 09:56:27 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\MusicIP
2007-05-05 22:30:35 -------- d-----w C:\Program Files\MiniLyrics.v4.5.2266.Incl.Crack-iNViSiBLE
2007-05-05 22:29:35 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\uTorrent
2007-04-27 03:11:29 1,053,184 ----a-w C:\WINDOWS\system32\mfc71u.dll
2007-04-27 03:11:08 2,801,756 ----a-w C:\WINDOWS\system32\libmmd.dll
2007-04-27 02:48:48 1,700,352 ----a-w C:\WINDOWS\system32\gdiplus.dll
2007-04-26 01:42:33 -------- d-----w C:\Program Files\AC3Filter
2007-04-26 01:40:47 2,139,213 ----a-w C:\Program Files\ac3filter_1_30b.exe
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-21 01:49:44 2,714,784 ----a-w C:\Program Files\ccsetup139.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 05:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-15 05:26:44 19,994,184 ----a-w C:\Program Files\QuickTimeInstaller.exe
2007-04-11 04:37:19 3,374,720 ----a-w C:\Program Files\EasyLink_Connect.exe
2007-04-09 00:24:43 794,624 ----a-w C:\WINDOWS\system32\pdrtvctl.dll
2007-04-09 00:24:43 204,800 ----a-w C:\WINDOWS\system32\pdrtvsvr.exe
2007-04-09 00:24:43 204,800 ----a-w C:\WINDOWS\system32\pdrtvf2.dll
2007-04-09 00:24:43 147,456 ----a-w C:\WINDOWS\system32\pdrtvf1.dll
2007-04-09 00:24:43 1,091,584 ----a-w C:\WINDOWS\system32\pavc.dll
2007-03-31 23:20:11 6,006,832 ----a-w C:\Program Files\Firefox Setup 2.0.0.3.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 15:19]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 05:00]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
"DHAutoRun"="C:\Program Files\LITTLEGIANT\Foxplayer\DHAutoRun.exe" [2007-01-25 15:37]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-07-29 19:34]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 11:31]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\admin\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DHAutoRun]
C:\Program Files\LITTLEGIANT\Foxplayer\DHAutoRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fileguri]
"C:\Program Files\Freechal\Fileguri\Fileguri.exe" PathFileguri /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{047efda1-059e-11dc-bab6-0016171b4a49}]
AutoRun\command- F:\LaunchU3.exe -a


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-25 22:17:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-25 22:18:26
C:\ComboFix-quarantined-files.txt ... 2007-06-25 22:18
C:\ComboFix2.txt ... 2007-06-24 16:35

--- E O F ---
xdragonx is offline