Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Trojan.W32.looksky Help!
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 07-19-2007, 07:05 PM   #1 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 27
OS: WinXP


Trojan.W32.looksky Help!
Basically I was downloading stuff and then I got a message saying my computer was infected. Then my desktop background changed, but it wasn't really a background because there was an x button on top. But it keeps coming back. I also keep getting messages saying my computer is infected and re-directing me to these download sites for anti-spyware/virus software. I also have this red triangle with a white exclamation point in the middle saying system error! The file name was Trojan.W32.looksky! Please help!

HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:29 PM, on 7/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\avp.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\PrivacyProtector Free\uprpcw.exe
C:\Program Files\Common Files\PrivacyProtector Free\dnse.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
F3 - REG:win.ini: load=C:\WINDOWS\System32\kzubdnef\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\kzubdnef\csrss.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 209.183.131.91 i
O1 - Hosts: 66.35.250.150 s
O1 - Hosts: 216.239.39.99 g
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: MSVPS System - {85E659D3-E110-4CE7-9D99-416FD61A1720} - C:\WINDOWS\soundplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu32.exe 61A847B5BBF72811308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [PrivacyProtector Free] "C:\Program Files\PrivacyProtector Free\UPRP.exe" /min
O4 - HKLM\..\Run: [uprpcw] "C:\Program Files\PrivacyProtector Free\uprpcw.exe" -c
O4 - HKLM\..\Run: [dnse] "C:\Program Files\Common Files\PrivacyProtector Free\dnse.exe" -c
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [EzSSS] "C:\Program Files\!Easy ScreenSaver Station\EzSSStation.exe" -T
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [csrss] (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [EzSSS] "C:\Program Files\!Easy ScreenSaver Station\EzSSStation.exe" -T (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-117609710-1708537768-725345543-1003 Startup: csrss.lnk = ? (User '?')
O4 - S-1-5-21-117609710-1708537768-725345543-1003 Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\user\Local Settings\Temp\{3F75B2A1-417B-498F-B5A4-34C1A0F3B0B8}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe (User '?')
O4 - S-1-5-21-117609710-1708537768-725345543-1003 Startup: ScreenThemes.lnk = C:\Program Files\ScreenThemes\scthemes.exe (User '?')
O4 - S-1-5-21-117609710-1708537768-725345543-1003 Startup: services.lnk = ? (User '?')
O4 - S-1-5-21-117609710-1708537768-725345543-1003 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: csrss.lnk = ?
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\user\Local Settings\Temp\{3F75B2A1-417B-498F-B5A4-34C1A0F3B0B8}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: ScreenThemes.lnk = C:\Program Files\ScreenThemes\scthemes.exe
O4 - Startup: services.lnk = ?
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} (Google Script Object) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Me.../bridge-c3.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.5.107.cab
O16 - DPF: {7B8DF65F-FED6-468D-AFAF-4DC02FAD019C} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9E30754B-29A9-41CE-8892-70E9E07D15DC} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} (OfficeObj Class) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} - http://activex.microsoft.com/objects/ocget.dll
O20 - AppInit_DLLs: 4APPINITSOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs,wbsys.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O21 - SSODL: xvideo - {3C89894F-2EF9-4AD3-8BC0-1C661DEB338F} - C:\WINDOWS\xvideo.dll
O21 - SSODL: sounddrv - {328B4927-2A38-4141-8462-8D6C9BECF930} - C:\WINDOWS\sounddrv.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WMP54GSVC - GEMTEKS - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 19165 bytes
PaulK123 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 07-20-2007, 01:04 AM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,474
OS: N/A


Re: Trojan.W32.looksky Help!
1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-20-2007, 08:40 AM   #3 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 27
OS: WinXP


Re: Trojan.W32.looksky Help!
K, here is the log from the combo fix thing, here goes nothing:

"user" - 2007-07-20 10:31:58 - ComboFix 07-07-20.7 - Service Pack 1 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\picsvr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\picsvr\picsvr.inf
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\picsvr\picsvrsh.inf
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\PrivacyProtector Free
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\PrivacyProtector Free\PrivacyProtector HomePage.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\PrivacyProtector Free\PrivacyProtector Online Manual.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\PrivacyProtector Free\PrivacyProtector Online Support.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\PrivacyProtector Free\PrivacyProtector.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\PrivacyProtector Free\Uninstall PrivacyProtector.lnk
C:\DOCUME~1\user\APPLIC~1.\PrivacyProtector Free
C:\DOCUME~1\user\APPLIC~1.\PrivacyProtector Free\Logs\update.log
C:\DOCUME~1\user\APPLIC~1.\Starware
C:\DOCUME~1\user\APPLIC~1.\Starware\Manager\ManagerOptions.xml
C:\DOCUME~1\user\APPLIC~1.\Starware\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\user\Desktop.\Error Cleaner.url
C:\DOCUME~1\user\Desktop.\Privacy Protector.url
C:\DOCUME~1\user\Desktop.\Spyware&Malware Protection.url
C:\DOCUME~1\user\FAVORI~1.\Error Cleaner.url
C:\DOCUME~1\user\FAVORI~1.\Privacy Protector.url
C:\DOCUME~1\user\FAVORI~1.\Spyware&Malware Protection.url
C:\Documents and Settings\user.\err.log
C:\lswmv.ini
C:\Program Files\Common Files\PrivacyProtector Free
C:\Program Files\Common Files\PrivacyProtector Free\dnse.exe
C:\Program Files\Common Files\uninstall information
C:\Program Files\Common Files\uninstall information\RemoveDisplayUtility.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Cache\01C827B2
C:\Program Files\MyWebSearch\bar\Cache\01C829A6
C:\Program Files\MyWebSearch\bar\Cache\01C82A80.bin
C:\Program Files\MyWebSearch\bar\Cache\01C82C65.bin
C:\Program Files\MyWebSearch\bar\Cache\01C82DAD.bin
C:\Program Files\MyWebSearch\bar\Cache\01C82F43.bin
C:\Program Files\MyWebSearch\bar\Cache\01C83C24.bin
C:\Program Files\MyWebSearch\bar\Cache\01C83CC0.bin
C:\Program Files\MyWebSearch\bar\Cache\01C83D3D.bin
C:\Program Files\MyWebSearch\bar\Cache\01C83DBA
C:\Program Files\MyWebSearch\bar\Cache\01C83E18.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\newdotnet
C:\Program Files\newdotnet\newdotnet7_48.dll
C:\Program Files\newdotnet\readme.html
C:\Program Files\newdotnet\uninstall7_48.exe
C:\Program Files\NewMediaCodec
C:\Program Files\NewMediaCodec\install.ico
C:\Program Files\NewMediaCodec\NewMediaCodec.ocx
C:\Program Files\NewMediaCodec\Uninstall.exe
C:\Program Files\pedevice
C:\Program Files\pedevice\communication.xml
C:\Program Files\pedevice\Domain.Watchlist.txt
C:\Program Files\pedevice\pae-options.xml
C:\Program Files\pedevice\PeDev.dll
C:\Program Files\pedevice\pedevPS.dll
C:\Program Files\pedevice\Preparation.dll
C:\Program Files\pedevice\search.watchlist.txt
C:\Program Files\pedevice\statistic.xml
C:\Program Files\pedevice\tmp\tmp.html
C:\Program Files\PrivacyProtector Free
C:\Program Files\PrivacyProtector Free\Activate.dat
C:\Program Files\PrivacyProtector Free\Appbase\AE_CD_Cr.dat
C:\Program Files\PrivacyProtector Free\Appbase\AReadr4.dat
C:\Program Files\PrivacyProtector Free\Appbase\AReadr5.dat
C:\Program Files\PrivacyProtector Free\Appbase\ASDSEEpv.dat
C:\Program Files\PrivacyProtector Free\Appbase\ASPack.dat
C:\Program Files\PrivacyProtector Free\Appbase\Babylon.dat
C:\Program Files\PrivacyProtector Free\Appbase\BDelphi5.dat
C:\Program Files\PrivacyProtector Free\Appbase\CatchUp.dat
C:\Program Files\PrivacyProtector Free\Appbase\CBuildr5.dat
C:\Program Files\PrivacyProtector Free\Appbase\CCGA.dat
C:\Program Files\PrivacyProtector Free\Appbase\CManager.dat
C:\Program Files\PrivacyProtector Free\Appbase\CuteFTP4.dat
C:\Program Files\PrivacyProtector Free\Appbase\CuteHTML.dat
C:\Program Files\PrivacyProtector Free\Appbase\DAcceler.dat
C:\Program Files\PrivacyProtector Free\Appbase\DiscJug.dat
C:\Program Files\PrivacyProtector Free\Appbase\ECDCreat4.dat
C:\Program Files\PrivacyProtector Free\Appbase\Far.dat
C:\Program Files\PrivacyProtector Free\Appbase\FFTsks.dat
C:\Program Files\PrivacyProtector Free\Appbase\FlashFXP.dat
C:\Program Files\PrivacyProtector Free\Appbase\FrntPage.dat
C:\Program Files\PrivacyProtector Free\Appbase\FrontPEx.dat
C:\Program Files\PrivacyProtector Free\Appbase\FtpEXP.dat
C:\Program Files\PrivacyProtector Free\Appbase\FtpVoya.dat
C:\Program Files\PrivacyProtector Free\Appbase\GetRight.dat
C:\Program Files\PrivacyProtector Free\Appbase\GoZilla.dat
C:\Program Files\PrivacyProtector Free\Appbase\GravMRU.dat
C:\Program Files\PrivacyProtector Free\Appbase\H_TxtPad.dat
C:\Program Files\PrivacyProtector Free\Appbase\HomeSite.dat
C:\Program Files\PrivacyProtector Free\Appbase\HotDogPr.dat
C:\Program Files\PrivacyProtector Free\Appbase\IconExtr.dat
C:\Program Files\PrivacyProtector Free\Appbase\iMesh.dat
C:\Program Files\PrivacyProtector Free\Appbase\ImgReady3.dat
C:\Program Files\PrivacyProtector Free\Appbase\InsShExp.dat
C:\Program Files\PrivacyProtector Free\Appbase\JASC_P_P.dat
C:\Program Files\PrivacyProtector Free\Appbase\KaZaA.dat
C:\Program Files\PrivacyProtector Free\Appbase\LView.dat
C:\Program Files\PrivacyProtector Free\Appbase\MacDir.dat
C:\Program Files\PrivacyProtector Free\Appbase\MacDrWea.dat
C:\Program Files\PrivacyProtector Free\Appbase\MicAng.dat
C:\Program Files\PrivacyProtector Free\Appbase\MicDes.dat
C:\Program Files\PrivacyProtector Free\Appbase\MM_CON.dat
C:\Program Files\PrivacyProtector Free\Appbase\MMUnDisk.dat
C:\Program Files\PrivacyProtector Free\Appbase\Morpheus.dat
C:\Program Files\PrivacyProtector Free\Appbase\MPaint.dat
C:\Program Files\PrivacyProtector Free\Appbase\MPicPub.dat
C:\Program Files\PrivacyProtector Free\Appbase\MPImaGal.dat
C:\Program Files\PrivacyProtector Free\Appbase\MSExplorer.dat
C:\Program Files\PrivacyProtector Free\Appbase\MSoffice.dat
C:\Program Files\PrivacyProtector Free\Appbase\MSRegEdit.dat
C:\Program Files\PrivacyProtector Free\Appbase\MSWMP.dat
C:\Program Files\PrivacyProtector Free\Appbase\MSWordPad.dat
C:\Program Files\PrivacyProtector Free\Appbase\Nero.dat
C:\Program Files\PrivacyProtector Free\Appbase\NetShow.dat
C:\Program Files\PrivacyProtector Free\Appbase\NTBackup.dat
C:\Program Files\PrivacyProtector Free\Appbase\pfilelst.xda
C:\Program Files\PrivacyProtector Free\Appbase\PhotShel.dat
C:\Program Files\PrivacyProtector Free\Appbase\PHPCoder.dat
C:\Program Files\PrivacyProtector Free\Appbase\PowerZIP.dat
C:\Program Files\PrivacyProtector Free\Appbase\RapidBr.dat
C:\Program Files\PrivacyProtector Free\Appbase\RealAuPl.dat
C:\Program Files\PrivacyProtector Free\Appbase\RealDown.dat
C:\Program Files\PrivacyProtector Free\Appbase\SecurCRT.dat
C:\Program Files\PrivacyProtector Free\Appbase\SL_BlWin.dat
C:\Program Files\PrivacyProtector Free\Appbase\SmartClr.dat
C:\Program Files\PrivacyProtector Free\Appbase\Sonique.dat
C:\Program Files\PrivacyProtector Free\Appbase\StuffIt.dat
C:\Program Files\PrivacyProtector Free\Appbase\TelepPro.dat
C:\Program Files\PrivacyProtector Free\Appbase\UGifAnim.dat
C:\Program Files\PrivacyProtector Free\Appbase\UltraEd.dat
C:\Program Files\PrivacyProtector Free\Appbase\UMedStud.dat
C:\Program Files\PrivacyProtector Free\Appbase\UPhImpV.dat
C:\Program Files\PrivacyProtector Free\Appbase\UPhotoEx.dat
C:\Program Files\PrivacyProtector Free\Appbase\UVidStud.dat
C:\Program Files\PrivacyProtector Free\Appbase\VNC.dat
C:\Program Files\PrivacyProtector Free\Appbase\WebFeret.dat
C:\Program Files\PrivacyProtector Free\Appbase\WebReap.dat
C:\Program Files\PrivacyProtector Free\Appbase\WinACE.dat
C:\Program Files\PrivacyProtector Free\Appbase\WinGate.dat
C:\Program Files\PrivacyProtector Free\Appbase\WinRAR.dat
C:\Program Files\PrivacyProtector Free\Appbase\WinZIP.dat
C:\Program Files\PrivacyProtector Free\Appbase\WiseInst.dat
C:\Program Files\PrivacyProtector Free\Appbase\wordslst.xda
C:\Program Files\PrivacyProtector Free\Appbase\YahooPl.dat
C:\Program Files\PrivacyProtector Free\Appbase\ZipMagic.dat
C:\Program Files\PrivacyProtector Free\atl71.dll
C:\Program Files\PrivacyProtector Free\bnlink.dat
C:\Program Files\PrivacyProtector Free\diagnosis.dat
C:\Program Files\PrivacyProtector Free\err.log
C:\Program Files\PrivacyProtector Free\img\button.gif
C:\Program Files\PrivacyProtector Free\img\button2.gif
C:\Program Files\PrivacyProtector Free\img\header.gif
C:\Program Files\PrivacyProtector Free\img\logo.gif
C:\Program Files\PrivacyProtector Free\img\spacer.gif
C:\Program Files\PrivacyProtector Free\img\top_line.gif
C:\Program Files\PrivacyProtector Free\img\top1.jpg
C:\Program Files\PrivacyProtector Free\img\top2.jpg
C:\Program Files\PrivacyProtector Free\InstHelp.exe
C:\Program Files\PrivacyProtector Free\lapv.dat
C:\Program Files\PrivacyProtector Free\license.rtf
C:\Program Files\PrivacyProtector Free\manual.url
C:\Program Files\PrivacyProtector Free\mfc71.dll
C:\Program Files\PrivacyProtector Free\msvcp71.dll
C:\Program Files\PrivacyProtector Free\msvcr71.dll
C:\Program Files\PrivacyProtector Free\pv.dat
C:\Program Files\PrivacyProtector Free\readme.rtf
C:\Program Files\PrivacyProtector Free\ScanReport.dat
C:\Program Files\PrivacyProtector Free\Schedule.dat
C:\Program Files\PrivacyProtector Free\support.url
C:\Program Files\PrivacyProtector Free\unins000.dat
C:\Program Files\PrivacyProtector Free\unins000.exe
C:\Program Files\PrivacyProtector Free\uninstall.ico
C:\Program Files\PrivacyProtector Free\UninstallPage.html
C:\Program Files\PrivacyProtector Free\up.dat
C:\Program Files\PrivacyProtector Free\updater.dat
C:\Program Files\PrivacyProtector Free\UPRP.exe
C:\Program Files\PrivacyProtector Free\UPRP.url
C:\Program Files\PrivacyProtector Free\UPRP.xml
C:\Program Files\PrivacyProtector Free\uprpcw.exe
C:\Program Files\PrivacyProtector Free\UPRPPChk.dll
C:\Program Files\PrivacyProtector Free\vbpv.dat
C:\Program Files\Seekmo Programs
C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTBUninstaller.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\dat.txt
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\ticket.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\career.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\customer.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\endless.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\global.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\powerups.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cook\stove.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\arrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\click.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\click2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\grab.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\open.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\idle.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\idle.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\lower.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\lower.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\upper.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\upper.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\bench.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\bench.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\chair.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\chair.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\radio.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\spill.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\spill.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\stereo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\family.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_noise.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_score.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\playfirstlogo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\entername.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\game.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\help1.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\help2.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\loading.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\ok.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\pause.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\style.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\strings.xml
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\chairflags.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\check.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\checkmark.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\closed.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\coinflip.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\dollar.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\expert.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\jar.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\jar.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\noisering.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\traynumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_base.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\dinerdash2.exe
C:\WINDOWS\DOWNLO~1\UPRP_0001_D22M0806NetInstaller.exe
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\NDNuninstall7_48.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\sounddrv.dll
C:\WINDOWS\soundplugin.dll
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\picsvr
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\wr.txt
C:\WINDOWS\xvideo.dll


((((((((((((((((((((((((( Files Created from 2007-06-20 to 2007-07-20 )))))))))))))))))))))))))))))))


2007-07-20 10:31 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-19 19:44 <DIR> d-------- C:\VundoFix Backups
2007-07-19 17:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-16 20:17 <DIR> d-------- C:\Program Files\ASCII
2007-07-12 17:45 <DIR> d-------- C:\NVIDIA
2007-07-11 21:05 <DIR> d-------- C:\Program Files\!Easy ScreenSaver Station
2007-07-09 13:20 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\Talkback
2007-07-09 13:20 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\BitTorrent
2007-07-09 13:18 786,432 --ah----- C:\DOCUME~1\Michael\NTUSER.DAT
2007-07-09 13:18 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\Teleca
2007-07-09 13:18 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\PCToolsFirewallPlus
2007-07-09 13:18 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\Ideazon
2007-07-07 23:16 36,864 --a------ C:\WINDOWS\system32\lfbmp11n.dll
2007-07-07 23:16 356,864 --a------ C:\WINDOWS\system32\ltkrn11n.dll
2007-07-07 23:16 273,408 --a------ C:\WINDOWS\system32\lfcmp11n.dll
2007-07-07 23:16 244,224 --a------ C:\WINDOWS\system32\ltdis11n.dll
2007-07-07 23:16 226,304 --a------ C:\WINDOWS\system32\ltefx11n.dll
2007-07-07 23:16 126,976 --a------ C:\WINDOWS\system32\ltimg11n.dll
2007-07-07 23:16 111,616 --a------ C:\WINDOWS\system32\ltfil11n.dll
2007-07-07 23:16 <DIR> d-------- C:\Program Files\ScreenThemes
2007-07-06 20:28 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\PCToolsFirewallPlus
2007-07-06 20:08 55,904 --a------ C:\WINDOWS\system32\drivers\pctfw.sys
2007-07-06 20:08 100,448 --a------ C:\WINDOWS\system32\drivers\pctfw1.sys
2007-07-06 20:08 <DIR> d-------- C:\Program Files\PC Tools Firewall Plus
2007-06-22 18:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2007-06-22 18:06 <DIR> d-------- C:\Program Files\Audacity


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-20 14:23:38 -------- d-----w C:\DOCUME~1\user\APPLIC~1\Xfire
2007-07-20 14:23:26 -------- d-----w C:\DOCUME~1\user\APPLIC~1\Skype
2007-07-20 14:23:22 -------- d-s---w C:\Program Files\Xfire
2007-07-20 14:18:57 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-07-12 01:05:24 -------- d-----w C:\Program Files\!Easy ScreenSaver Station
2007-07-04 02:10:41 -------- d-----w C:\Program Files\MSN Messenger
2007-07-03 19:13:57 -------- d-----w C:\DOCUME~1\user\APPLIC~1\BitTorrent
2007-07-03 19:01:05 -------- d-----w C:\Program Files\BitTorrent
2007-06-22 22:14:19 -------- d-----w C:\Program Files\Blaze Media Pro
2007-06-18 22:55:07 -------- d-----w C:\Program Files\Ares
2007-06-18 22:55:01 -------- d-----w C:\Program Files\Apollo 3GP Video Converter
2007-06-18 01:41:07 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-17 23:50:04 -------- d-----w C:\Program Files\EA GAMES
2007-06-17 22:17:01 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-17 19:00:16 928 ----a-w C:\WINDOWS\eReg.dat
2007-06-17 18:59:54 -------- d-----w C:\Program Files\Byteswarm
2007-06-17 18:59:47 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-06-12 20:56:09 -------- d-----w C:\Program Files\Google
2007-05-30 16:01:46 1,224,256 ----a-w C:\WINDOWS\system32\SCRPlayer.scr
2007-05-28 02:25:38 -------- d-----w C:\DOCUME~1\user\APPLIC~1\gtk-2.0
2007-05-28 02:23:25 -------- d-----w C:\Program Files\GIMP-2.0
2007-05-28 01:47:52 -------- d-----w C:\DOCUME~1\user\APPLIC~1\AdobeUM
2007-05-25 02:54:07 -------- d-----w C:\Program Files\Common Files\Stardock
2007-05-25 02:54:06 -------- d-----w C:\Program Files\Stardock
2007-05-03 19:51:07 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2004-11-24 23:23:42 0 --sha-r C:\Program Files\q330994.exe
2004-10-19 05:37:32 17,901 ----a-w C:\Program Files\irunin.ini
2004-10-19 05:37:00 8,134 ----a-w C:\Program Files\irunin.bmp
2004-10-19 05:37:00 15,938 ----a-w C:\Program Files\irunin.lng
2004-10-19 05:37:00 149,841 ----a-w C:\Program Files\irunin.dat
2003-12-15 20:24:16 56,832 --sha-w C:\Program Files\Thumbs.db
2003-12-14 20:34:06 57 ----a-w C:\Program Files\status.js
2003-12-14 20:32:46 1,290,240 ----a-w C:\Program Files\Zuma.exe
2003-12-14 20:32:20 27,587 ----a-w C:\Program Files\theUninstallFile.txt
2003-12-14 20:31:52 38,543 ----a-w C:\Program Files\gameart.jpg
2003-12-14 20:31:52 285 ----a-w C:\Program Files\osd212.osd
2003-12-14 20:31:50 6,561 ----a-w C:\Program Files\racnotinstalled.htm
2003-12-14 20:31:50 333 ----a-w C:\Program Files\wrapper.ini
2003-12-14 20:31:50 287 ----a-w C:\Program Files\launch.ini
2003-12-14 20:31:50 27,957 ----a-w C:\Program Files\readme.html
2003-12-14 20:31:50 224 ----a-w C:\Program Files\feedback.htm
2003-12-14 20:31:50 210 ----a-w C:\Program Files\setup.ini
2003-12-14 20:31:50 14,190 ----a-w C:\Program Files\pregame.htm
2003-12-14 20:31:50 1,285 ----a-w C:\Program Files\contentbox_bottom.gif
2003-12-14 20:31:48 95 ----a-w C:\Program Files\mainimage_top.gif
2003-12-14 20:31:48 91 ----a-w C:\Program Files\mainimage_bottom.gif
2003-12-14 20:31:48 902 ----a-w C:\Program Files\contentbox.gif
2003-12-14 20:31:48 828 ----a-w C:\Program Files\button_center.gif
2003-12-14 20:31:48 741 ----a-w C:\Program Files\mainimage_left.gif
2003-12-14 20:31:48 53 ----a-w C:\Program Files\empty.gif
2003-12-14 20:31:48 49 ----a-w C:\Program Files\spacer.gif
2003-12-14 20:31:48 314 ----a-w C:\Program Files\butt_next_over.gif
2003-12-14 20:31:48 310 ----a-w C:\Program Files\butt_back_over.gif
2003-12-14 20:31:48 279 ----a-w C:\Program Files\meter_bottom.gif
2003-12-14 20:31:48 263 ----a-w C:\Program Files\meter_top.gif
2003-12-14 20:31:48 218 ----a-w C:\Program Files\butt_next.gif
2003-12-14 20:31:48 213 ----a-w C:\Program Files\butt_back.gif
2003-12-14 20:31:48 208 ----a-w C:\Program Files\button_right.gif
2003-12-14 20:31:48 192 ----a-w C:\Program Files\meter_right.gif
2003-12-14 20:31:48 191 ----a-w C:\Program Files\meter_left.gif
2003-12-14 20:31:48 187 ----a-w C:\Program Files\button_left.gif
2003-12-14 20:31:48 150 ----a-w C:\Program Files\horzline.gif
2003-12-14 20:31:48 149 ----a-w C:\Program Files\meter_upperleft.gif
2003-12-14 20:31:48 149 ----a-w C:\Program Files\meter_lowerright.gif
2003-12-14 20:31:48 147 ----a-w C:\Program Files\meter_upperright.gif
2003-12-14 20:31:48 146 ----a-w C:\Program Files\meter_lowerleft.gif
2003-12-14 20:31:48 124 ----a-w C:\Program Files\butt_left.gif
2003-12-14 20:31:48 123 ----a-w C:\Program Files\butt_right.gif
2003-12-14 20:31:48 115 ----a-w C:\Program Files\mainimage_right.gif
2003-12-14 20:31:48 102,196 ----a-w C:\Program Files\bass.dll
2003-12-14 20:31:48 101 ----a-w C:\Program Files\fill.gif
2003-12-14 20:31:48 1,241 ----a-w C:\Program Files\contentbox_top.gif
2003-11-21 20:11:34 49 ---ha-w C:\Program Files\Config.dat
2004-11-24 23:23:42 0 --sha-r C:\WINDOWS\system\system.exe
2004-11-24 23:23:42 0 --sha-r C:\WINDOWS\system\wmscrop.exe
2006-05-03 1054 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2004-11-24 23:23:42 0 --sha-r C:\WINDOWS\system32\jac.dll
2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
2004-11-24 23:23:42 0 --sha-r C:\WINDOWS\system32\system32.dll
2007-02-11 00:00:39 74,752 --sh--r C:\WINDOWS\system32\wpynsvitm\services.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 03:08 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-04-28 08:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-06-20 08:00]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\spydoctor.exe" [2004-08-10 14:08]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-21 17:37]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-06-28 17:38]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 19:57]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-01 19:11]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-02-23 14:55]
"ares"="C:\Program Files\Ares\Ares.exe" []
"EzSSS"="C:\Program Files\!Easy ScreenSaver Station\EzSSStation.exe" [2007-05-30 12:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"ZboardTray"="C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard]
Winlognotif.dll 2003-09-03 07:14 49152 C:\WINDOWS\system32\Winlognotif.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=4APPINITSOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs,wbsys.dll

023 - aeaudio - system32\drivers\aeaudio.sys
023 - bcm43xx - System32\DRIVERS\bcmwl5.sys
023 - gtndis5 - \??\C:\WINDOWS\System32\GTNDIS5.SYS
023 - ndisip - System32\DRIVERS\NdisIP.sys
023 - npkcrypt - \??\C:\Program Files\NEXON\MapleStory\npkcrypt.sys
023 - npkcusb - \??\C:\Program Files\NEXON\MapleStory\npkcusb.sys
023 - nvata - System32\DRIVERS\nvata.sys
023 - omnidrv - System32\DRIVERS\OmniDrv.sys
023 - omniusb - System32\DRIVERS\OmniUsb.sys
023 - omniusbl - System32\DRIVERS\OmniUsbl.sys
023 - pctfw1 - \??\C:\WINDOWS\System32\drivers\pctfw1.sys
023 - pctoolsfirewallplus - C:\Program Files\PC Tools Firewall Plus\FWService.exe
023 - pid_0928 - System32\DRIVERS\LV561AV.SYS
023 - saruen - \??\C:\Documents and Settings\user\Desktop\Hacks\saruengang101of\saruen.sys
023 - ser2pl - System32\DRIVERS\ser2pl.sys
023 - sfilter - System32\DRIVERS\pctfw.sys
023 - sis315 - System32\DRIVERS\sisgrp.sys
023 - siside - System32\DRIVERS\siside.sys
023 - sisidex - system32\drivers\sisidex.sys
023 - siskp - system32\drivers\srvkp.sys
023 - sisnic - System32\DRIVERS\sisnic.sys
023 - sisperf - system32\drivers\sisperf.sys
023 - slip - System32\DRIVERS\SLIP.sys
023 - smwdm - system32\drivers\smwdm.sys
023 - uploadmgr - %SystemRoot%\System32\svchost.exe -k netsvcs - %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
023 - w810bus - System32\DRIVERS\w810bus.sys
023 - w810mdfl - System32\DRIVERS\w810mdfl.sys
023 - w810mdm - System32\DRIVERS\w810mdm.sys
023 - w810mgmt - System32\DRIVERS\w810mgmt.sys
023 - w810obex - System32\DRIVERS\w810obex.sys
023 - winachcf - System32\DRIVERS\winachcf.sys
023 - wmp54gsvc - "C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe"
023 - wpdusb - System32\Drivers\wpdusb.sys
023 - xtrapd12 - \??\C:\WINDOWS\System32\XTrapD12.sys
023 - zenos1 - \??\C:\Documents and Settings\user\Desktop\Hacks\myzenos\zenos.sys


Contents of the 'Scheduled Tasks' folder
2007-01-01 23:31:39 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-20 10:36:05
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\\35\4>\0042\4>\4A\4B\48\4]
"Order"=hex:08,00,00,00,02,00,00,00,60,01,00,00,01,00,00,00,02,00,00,00,6a,..

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-20 10:36:42
C:\ComboFix-quarantined-files.txt ... 2007-07-20 10:36

--- E O F ---
PaulK123 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-20-2007, 09:00 AM   #4 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,474
OS: N/A


Re: Trojan.W32.looksky Help!
Where's the Hijackthis log?
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-20-2007, 11:25 AM   #5 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 27
OS: WinXP


Re: Trojan.W32.looksky Help!
Sorry! Here Is The HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:26:44 PM, on 7/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 209.183.131.91 i
O1 - Hosts: 66.35.250.150 s
O1 - Hosts: 216.239.39.99 g
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [EzSSS] "C:\Program Files\!Easy ScreenSaver Station\EzSSStation.exe" -T
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [EzSSS] "C:\Program Files\!Easy ScreenSaver Station\EzSSStation.exe" -T (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-117609710-1708537768-725345543-1003 Startup: csrss.lnk = ? (User '?')
O4 - S-1-5-21-117609710-1708537768-725345543-1003 Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\user\Local Settings\Temp\{3F75B2A1-417B-498F-B5A4-34C1A0F3B0B8}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe (User '?')
O4 - S-1-5-21-117609710-1708537768-725345543-1003 Startup: ScreenThemes.lnk = C:\Program Files\ScreenThemes\scthemes.exe (User '?')
O4 - S-1-5-21-117609710-1708537768-725345543-1003 Startup: services.lnk = ? (User '?')
O4 - S-1-5-21-117609710-1708537768-725345543-1003 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: csrss.lnk = ?
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\user\Local Settings\Temp\{3F75B2A1-417B-498F-B5A4-34C1A0F3B0B8}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: ScreenThemes.lnk = C:\Program Files\ScreenThemes\scthemes.exe
O4 - Startup: services.lnk = ?
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} (Google Script Object) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Me.../bridge-c3.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.5.107.cab
O16 - DPF: {7B8DF65F-FED6-468D-AFAF-4DC02FAD019C} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9E30754B-29A9-41CE-8892-70E9E07D15DC} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} (OfficeObj Class) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} - http://activex.microsoft.com/objects/ocget.dll
O20 - AppInit_DLLs: 4APPINITSOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs,wbsys.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WMP54GSVC - GEMTEKS - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 17014 bytes
PaulK123 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-20-2007, 11:33 AM   #6 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,474
OS: N/A


Re: Trojan.W32.looksky Help!
Do a HijackThis scan & place a check next to these items and select "Fix checked":

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - S-1-5-21-117609710-1708537768-725345543-1003 Startup: csrss.lnk = ? (User '?')
O4 - S-1-5-21-117609710-1708537768-725345543-1003 Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\user\Local Settings\Temp\{3F75B2A1-417B-498F-B5A4-34C1A0F3B0B8}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe (User '?')
O4 - S-1-5-21-117609710-1708537768-725345543-1003 Startup: services.lnk = ? (User '?')
O4 - Startup: csrss.lnk = ?
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\user\Local Settings\Temp\{3F75B2A1-417B-498F-B5A4-34C1A0F3B0B8}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: services.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZS
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Me.../bridge-c3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.5.107.cab
O16 - DPF: {7B8DF65F-FED6-468D-AFAF-4DC02FAD019C} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {9E30754B-29A9-41CE-8892-70E9E07D15DC} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} (OfficeObj Class) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} - http://activex.microsoft.com/objects/ocget.dll
O20 - AppInit_DLLs: 4APPINITSOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs,wbsys.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
C:\Program Files\q330994.exe
C:\WINDOWS\system\system.exe
C:\WINDOWS\system\wmscrop.exe
C:\WINDOWS\system32\jac.dll
C:\WINDOWS\system32\system32.dll
C:\WINDOWS\system32\drivers\hosts
c:\ied_s7m.cab
c:\x.cab
Folder::
C:\VundoFix Backups
C:\WINDOWS\system32\wpynsvitm
Registry::
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.


---------------


Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. We only require a report from it.
    It does not provide an option to clean/disinfect.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
* If you're downloading torrents in the background, please disconnect all of them.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


---------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
  3. ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

Question - what have you done for the community today?
Last edited by sUBs; 07-20-2007 at 11:43 AM.
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-20-2007, 01:39 PM   #7 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 27
OS: WinXP


Re: Trojan.W32.looksky Help!
Online Scan


KASPERSKY ONLINE SCANNER REPORT
Friday, July 20, 2007 3:11:22 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 20/07/2007
Kaspersky Anti-Virus database records: 365918
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 57639
Number of viruses found 61
Number of infected objects 193 / 0
Number of suspicious objects 0
Duration of the scan process 00:58:57

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00A80000.VBN Infected: Exploit.Win32.IMG-WMF.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00E80000.VBN Infected: Trojan.Java.ClassLoader.f skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00E80001.VBN Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00E80002.VBN Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01280000.VBN Infected: Trojan.Win32.Dialer.fy skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01280001.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01280002.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01280003.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01280004.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01480000.VBN Infected: IM-Worm.Win32.VB.at skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01480001.VBN Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\021C0000.VBN/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\021C0000.VBN/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\021C0000.VBN/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\021C0000.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\021C0000.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\021C0001.VBN/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\021C0001.VBN/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\021C0001.VBN/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\021C0001.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\021C0001.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\022C0000.VBN Infected: Exploit.HTML.VML.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\036C0000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03700000.VBN Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03A00000.VBN Infected: Trojan-Dropper.Win32.WinAD.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03A00001.VBN Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03C00000.VBN Infected: Trojan-Dropper.Win32.WinAD.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03D40000.VBN Infected: Trojan.Win32.DNSChanger.as skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03D40001.VBN Infected: Trojan.Win32.DNSChanger.as skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03D40002.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04540000.VBN Infected: Trojan-Downloader.Win32.Small.amb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05B40000.VBN Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05DC0000.VBN Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05DC0001.VBN Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05DC0002.VBN Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\064C0000.VBN Infected: Trojan-Clicker.Win32.Agent.ac skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06EC0000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06EC0001.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07000000.VBN Infected: Trojan-Downloader.Win32.Femad.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07A00000.VBN Infected: Trojan-Proxy.Win32.Agent.db skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07A00001.VBN Infected: Trojan-Proxy.Win32.Agent.db skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07A00002.VBN Infected: Trojan.Java.ClassLoader.f skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07A00003.VBN Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07A00004.VBN Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07A00005.VBN Infected: Trojan.Java.ClassLoader.f skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07A00006.VBN Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07A00007.VBN Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07F80000.VBN Infected: Exploit.Win32.IMG-WMF.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07F80001.VBN Infected: Exploit.Win32.IMG-WMF.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07F80002.VBN Infected: Exploit.Win32.IMG-WMF.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08440000.VBN Infected: Exploit.Win32.IMG-WMF.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08700000.VBN Infected: Exploit.HTML.VML.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08BC0000.VBN Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A780000.VBN Infected: Exploit.HTML.VML.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF40000.VBN Infected: Trojan-Downloader.JS.Agent.bi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C500000.VBN Infected: Exploit.HTML.VML.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C840000.VBN Infected: Exploit.HTML.VML.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D100000.VBN Infected: Exploit.HTML.VML.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D5C0000.VBN Infected: Exploit.HTML.VML.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E140000.VBN Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E140001.VBN/data.rar/wr-1.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E140001.VBN/data.rar Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E140001.VBN RarSFX: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E140001.VBN CryptZ: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E140002.VBN Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E140004.VBN/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E140004.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E140004.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F740000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F740001.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F740001.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F740001.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F740001.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F740001.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Application Data\PCToolsFirewallPlus\FirewallGUI.txt Object is locked skipped
C:\Documents and Settings\user\Application Data\PCToolsFirewallPlus\FWPlugin.txt Object is locked skipped
C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Contacts\goleafs_33@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Contacts\goleafs_33@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012007072020070721\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DF114B.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DFAFC5.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DFAFD0.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DFCDCC.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DFCDDC.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\My Documents\1\Hacking programs with Tutorials.rar/Hacking programs/Memory Scanners/Best Hacking Programs/Wpe Pro 0.9a/WPE PRO 0.9a.exe Infected: Sniffer.Win32.WpePro.a skipped
C:\Documents and Settings\user\My Documents\1\Hacking programs with Tutorials.rar/Hacking programs/Memory Scanners/Best Hacking Programs/Wpe Pro 0.9a/Wpespy.dll Infected: Sniffer.Win32.WpePro.a skipped
C:\Documents and Settings\user\My Documents\1\Hacking programs with Tutorials.rar RAR: infected - 2 skipped
C:\Documents and Settings\user\My Documents\1\Install-100-DP.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\user\My Documents\1\Install-100-DP.exe/stream/data0108 Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
C:\Documents and Settings\user\My Documents\1\Install-100-DP.exe/stream Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
C:\Documents and Settings\user\My Documents\1\Install-100-DP.exe NSIS: infected - 3 skipped
C:\Documents and Settings\user\My Documents\1\Install-Funny-Pack.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\user\My Documents\1\Install-Funny-Pack.exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\Documents and Settings\user\My Documents\1\Install-Funny-Pack.exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\user\My Documents\1\Install-Funny-Pack.exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\user\My Documents\1\Install-Funny-Pack.exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\user\My Documents\1\Install-Funny-Pack.exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\user\My Documents\1\Install-Funny-Pack.exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\user\My Documents\1\Install-Funny-Pack.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\user\My Documents\1\Install-Funny-Pack.exe/stream/data0003 Infected: not-a-virus:AdTool.Win32.WinAD.bv skipped
C:\Documents and Settings\user\My Documents\1\Install-Funny-Pack.exe/stream Infected: not-a-virus:AdTool.Win32.WinAD.bv skipped
C:\Documents and Settings\user\My Documents\1\Install-Funny-Pack.exe NSIS: infected - 10 skipped
C:\Documents and Settings\user\My Documents\1\regular_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Documents and Settings\user\My Documents\1\sinstaller.exe/data0002 Infected: not-a-virus:AdWare.Win32.Comet.c skipped
C:\Documents and Settings\user\My Documents\1\sinstaller.exe NSIS: infected - 1 skipped
C:\Documents and Settings\user\My Documents\1\waterfalls1awad728free.exe/WISE0047.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\user\My Documents\1\waterfalls1awad728free.exe/WISE0048.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\user\My Documents\1\waterfalls1awad728free.exe/WISE0049.BIN/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\Documents and Settings\user\My Documents\1\waterfalls1awad728free.exe/WISE0049.BIN/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\Documents and Settings\user\My Documents\1\waterfalls1awad728free.exe/WISE0049.BIN/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\user\My Documents\1\waterfalls1awad728free.exe/WISE0049.BIN/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.370 skipped
C:\Documents and Settings\user\My Documents\1\waterfalls1awad728free.exe/WISE0049.BIN/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\user\My Documents\1\waterfalls1awad728free.exe/WISE0049.BIN/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\user\My Documents\1\waterfalls1awad728free.exe/WISE0049.BIN Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\user\My Documents\1\waterfalls1awad728free.exe/WISE0050.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
C:\Documents and Settings\user\My Documents\1\waterfalls1awad728free.exe WiseSFX: infected - 10 skipped
C:\Documents and Settings\user\My Documents\1\waterfalls1awad728free.exe WiseSFX Dropper: infected - 10 skipped
C:\Documents and Settings\user\My Documents\1\wwetripleh1024.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\user\My Documents\1\wwetripleh1024.exe/WISE0014.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\user\My Documents\1\wwetripleh1024.exe WiseSFX: infected - 2 skipped
C:\Documents and Settings\user\My Documents\1\wwetripleh1024.exe WiseSFX Dropper: infected - 2 skipped
C:\Documents and Settings\user\My Documents\1\ZangoInstaller.exe Infected: not-a-virus:AdWare.Win32.180Solutions.am skipped
C:\Documents and Settings\user\My Documents\Mall2DeluxeSetup-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.a skipped
C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\Program Files\filesubmit\triplehwp004.zip\VVSNInst.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\filesubmit\wwetripleh1024.zip\SetupInst.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\PC Tools Firewall Plus\FirewallWrapper.txt Object is locked skipped
C:\Program Files\PC Tools Firewall Plus\FWAA Object is locked skipped
C:\Program Files\PC Tools Firewall Plus\FWService.txt Object is locked skipped
C:\Program Files\Valve\Steam\Steam.log Object is locked skipped
C:\Program Files\Valve\Steam\SteamApps\winui.gcf Object is locked skipped
C:\Program Files\Valve\Steam\SteamLogs\SteamStats.log Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe.vir Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.v skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Infected: not-a-virus:AdWare.Win32.MyWebSearch.w skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ab skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\QooBox\Quarantine\C\Program Files\NewDotNet\newdotnet7_48.dll.vir Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\QooBox\Quarantine\C\Program Files\NewDotNet\uninstall7_48.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\QooBox\Quarantine\C\Program Files\PeDevice\PeDev.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.ad skipped
C:\QooBox\Quarantine\C\Program Files\PrivacyProtector Free\uprpcw.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\QooBox\Quarantine\C\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.c skipped
C:\QooBox\Quarantine\C\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTBUninstaller.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.c skipped
C:\QooBox\Quarantine\C\WINDOWS\avp.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.i skipped
C:\QooBox\Quarantine\C\WINDOWS\mgrs.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.m skipped
C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall7_22.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall7_48.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000008.exe Infected: Trojan-Downloader.Win32.Alphabet.m skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000032.exe Infected: Trojan-Downloader.Win32.Alphabet.m skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000040.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000041.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000042.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.v skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000043.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000044.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000045.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000046.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000047.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000049.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.w skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000050.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000052.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000053.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000054.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000057.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000058.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ab skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000059.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000060.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000062.dll Infected: not-a-virus:AdWare.Win32.Agent.c skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000063.exe Infected: not-a-virus:AdWare.Win32.Agent.c skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000081.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000085.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000086.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000087.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000088.dll Infected: not-a-virus:AdWare.Win32.BHO.ad skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000094.exe Infected: Trojan-Downloader.Win32.Alphabet.i skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\A0000098.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgCA10.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgCA333.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\sea10.exe Infected: not-a-virus:Porn-Dialer.Win32.Juicy skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\rdgCA10.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\rdgCA333.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\sea10.exe Infected: not-a-virus:Porn-Dialer.Win32.Juicy skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\rdgCA10.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\rdgCA333.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\sea10.exe Infected: not-a-virus:Porn-Dialer.Win32.Juicy skipped
C:\WINDOWS\Downloaded Program Files\m67m.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.a skipped
C:\WINDOWS\Downloaded Program Files\rdgCA10.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Downloaded Program Files\rdgCA333.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\WINDOWS\Downloaded Program Files\sea10.exe Infected: not-a-virus:Porn-Dialer.Win32.Juicy skipped
C:\WINDOWS\msxmidi.exe Infected: Trojan-Downloader.Win32.Apher.gen skipped
C:\WINDOWS\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.ep skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\dktibs.exe Infected: Trojan-Downloader.Win32.Delf.dg skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\rkinstaller.exe Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
C:\WINDOWS\system32\winlogon32.dll Infected: Trojan-Downloader.Win32.Small.ald skipped
C:\WINDOWS\thin-143-1-x-x.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.a skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\xpehbamnow.exe Infected: Trojan-Downloader.Win32.Apher.gen skipped
E:\System Volume Information\_restore{74907908-3FD7-498E-BCA7-91F5A764F88B}\RP1\change.log Object is locked skipped
Scan process completed.




Combo Fix Log
"user" - 2007-07-20 13:45:50 - ComboFix 07-07-20.7 - Service Pack 1 NTFS
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\q330994.exe
C:\WINDOWS\system\system.exe
C:\WINDOWS\system\wmscrop.exe
C:\WINDOWS\system32\jac.dll
C:\WINDOWS\system32\system32.dll
C:\WINDOWS\system32\wpynsvitm
C:\WINDOWS\system32\wpynsvitm\services.exe
C:\WINDOWS\system32\wpynsvitm\services.ini


((((((((((((((((((((((((( Files Created from 2007-06-20 to 2007-07-20 )))))))))))))))))))))))))))))))


2007-07-20 10:31 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-19 19:44 <DIR> d-------- C:\VundoFix Backups
2007-07-19 17:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-16 20:17 <DIR> d-------- C:\Program Files\ASCII
2007-07-12 17:45 <DIR> d-------- C:\NVIDIA
2007-07-11 21:05 <DIR> d-------- C:\Program Files\!Easy ScreenSaver Station
2007-07-09 13:20 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\Talkback
2007-07-09 13:20 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\BitTorrent
2007-07-09 13:18 786,432 --ah----- C:\DOCUME~1\Michael\NTUSER.DAT
2007-07-09 13:18 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\Teleca
2007-07-09 13:18 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\PCToolsFirewallPlus
2007-07-09 13:18 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\Ideazon
2007-07-07 23:16 36,864 --a------ C:\WINDOWS\system32\lfbmp11n.dll
2007-07-07 23:16 356,864 --a------ C:\WINDOWS\system32\ltkrn11n.dll
2007-07-07 23:16 273,408 --a------ C:\WINDOWS\system32\lfcmp11n.dll
2007-07-07 23:16 244,224 --a------ C:\WINDOWS\system32\ltdis11n.dll
2007-07-07 23:16 226,304 --a------ C:\WINDOWS\system32\ltefx11n.dll
2007-07-07 23:16 126,976 --a------ C:\WINDOWS\system32\ltimg11n.dll
2007-07-07 23:16 111,616 --a------ C:\WINDOWS\system32\ltfil11n.dll
2007-07-07 23:16 <DIR> d-------- C:\Program Files\ScreenThemes
2007-07-06 20:28 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\PCToolsFirewallPlus
2007-07-06 20:08 55,904 --a------ C:\WINDOWS\system32\drivers\pctfw.sys
2007-07-06 20:08 100,448 --a------ C:\WINDOWS\system32\drivers\pctfw1.sys
2007-07-06 20:08 <DIR> d-------- C:\Program Files\PC Tools Firewall Plus
2007-06-22 18:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2007-06-22 18:06 <DIR> d-------- C:\Program Files\Audacity


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-20 17:43:45 -------- d-----w C:\Program Files\Download Manager
2007-07-20 16:04:41 -------- d-----w C:\DOCUME~1\user\APPLIC~1\Xfire
2007-07-20 16:04:21 -------- d-s---w C:\Program Files\Xfire
2007-07-20 16:04:10 -------- d-----w C:\DOCUME~1\user\APPLIC~1\Skype
2007-07-20 16:03:40 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-07-12 01:05:24 -------- d-----w C:\Program Files\!Easy ScreenSaver Station
2007-07-04 02:10:41 -------- d-----w C:\Program Files\MSN Messenger
2007-07-03 19:13:57 -------- d-----w C:\DOCUME~1\user\APPLIC~1\BitTorrent
2007-07-03 19:01:05 -------- d-----w C:\Program Files\BitTorrent
2007-06-22 22:14:19 -------- d-----w C:\Program Files\Blaze Media Pro
2007-06-18 22:55:07 -------- d-----w C:\Program Files\Ares
2007-06-18 22:55:01 -------- d-----w C:\Program Files\Apollo 3GP Video Converter
2007-06-18 01:41:07 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-17 23:50:04 -------- d-----w C:\Program Files\EA GAMES
2007-06-17 22:17:01 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-17 19:00:16 928 ----a-w C:\WINDOWS\eReg.dat
2007-06-17 18:59:54 -------- d-----w C:\Program Files\Byteswarm
2007-06-17 18:59:47 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-06-12 20:56:09 -------- d-----w C:\Program Files\Google
2007-05-30 16:01:46 1,224,256 ----a-w C:\WINDOWS\system32\SCRPlayer.scr
2007-05-28 02:25:38 -------- d-----w C:\DOCUME~1\user\APPLIC~1\gtk-2.0
2007-05-28 02:23:25 -------- d-----w C:\Program Files\GIMP-2.0
2007-05-28 01:47:52 -------- d-----w C:\DOCUME~1\user\APPLIC~1\AdobeUM
2007-05-25 02:54:07 -------- d-----w C:\Program Files\Common Files\Stardock
2007-05-25 02:54:06 -------- d-----w C:\Program Files\Stardock
2007-05-03 19:51:07 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2004-10-19 05:37:32 17,901 ----a-w C:\Program Files\irunin.ini
2004-10-19 05:37:00 8,134 ----a-w C:\Program Files\irunin.bmp
2004-10-19 05:37:00 15,938 ----a-w C:\Program Files\irunin.lng
2004-10-19 05:37:00 149,841 ----a-w C:\Program Files\irunin.dat
2003-12-15 20:24:16 56,832 --sha-w C:\Program Files\Thumbs.db
2003-12-14 20:34:06 57 ----a-w C:\Program Files\status.js
2003-12-14 20:32:46 1,290,240 ----a-w C:\Program Files\Zuma.exe
2003-12-14 20:32:20 27,587 ----a-w C:\Program Files\theUninstallFile.txt
2003-12-14 20:31:52 38,543 ----a-w C:\Program Files\gameart.jpg
2003-12-14 20:31:52 285 ----a-w C:\Program Files\osd212.osd
2003-12-14 20:31:50 6,561 ----a-w C:\Program Files\racnotinstalled.htm
2003-12-14 20:31:50 333 ----a-w C:\Program Files\wrapper.ini
2003-12-14 20:31:50 287 ----a-w C:\Program Files\launch.ini
2003-12-14 20:31:50 27,957 ----a-w C:\Program Files\readme.html
2003-12-14 20:31:50 224 ----a-w C:\Program Files\feedback.htm
2003-12-14 20:31:50 210 ----a-w C:\Program Files\setup.ini
2003-12-14 20:31:50 14,190 ----a-w C:\Program Files\pregame.htm
2003-12-14 20:31:50 1,285 ----a-w C:\Program Files\contentbox_bottom.gif
2003-12-14 20:31:48 95 ----a-w C:\Program Files\mainimage_top.gif
2003-12-14 20:31:48 91 ----a-w C:\Program Files\mainimage_bottom.gif
2003-12-14 20:31:48 902 ----a-w C:\Program Files\contentbox.gif
2003-12-14 20:31:48 828 ----a-w C:\Program Files\button_center.gif
2003-12-14 20:31:48 741 ----a-w C:\Program Files\mainimage_left.gif
2003-12-14 20:31:48 53 ----a-w C:\Program Files\empty.gif
2003-12-14 20:31:48 49 ----a-w C:\Program Files\spacer.gif
2003-12-14 20:31:48 314 ----a-w C:\Program Files\butt_next_over.gif
2003-12-14 20:31:48 310 ----a-w C:\Program Files\butt_back_over.gif
2003-12-14 20:31:48 279 ----a-w C:\Program Files\meter_bottom.gif
2003-12-14 20:31:48 263 ----a-w C:\Program Files\meter_top.gif
2003-12-14 20:31:48 218 ----a-w C:\Program Files\butt_next.gif
2003-12-14 20:31:48 213 ----a-w C:\Program Files\butt_back.gif
2003-12-14 20:31:48 208 ----a-w C:\Program Files\button_right.gif
2003-12-14 20:31:48 192 ----a-w C:\Program Files\meter_right.gif
2003-12-14 20:31:48 191 ----a-w C:\Program Files\meter_left.gif
2003-12-14 20:31:48 187 ----a-w C:\Program Files\button_left.gif
2003-12-14 20:31:48 150 ----a-w C:\Program Files\horzline.gif
2003-12-14 20:31:48 149 ----a-w C:\Program Files\meter_upperleft.gif
2003-12-14 20:31:48 149 ----a-w C:\Program Files\meter_lowerright.gif
2003-12-14 20:31:48 147 ----a-w C:\Program Files\meter_upperright.gif
2003-12-14 20:31:48 146 ----a-w C:\Program Files\meter_lowerleft.gif
2003-12-14 20:31:48 124 ----a-w C:\Program Files\butt_left.gif
2003-12-14 20:31:48 123 ----a-w C:\Program Files\butt_right.gif
2003-12-14 20:31:48 115 ----a-w C:\Program Files\mainimage_right.gif
2003-12-14 20:31:48 102,196 ----a-w C:\Program Files\bass.dll
2003-12-14 20:31:48 101 ----a-w C:\Program Files\fill.gif
2003-12-14 20:31:48 1,241 ----a-w C:\Program Files\contentbox_top.gif
2003-11-21 20:11:34 49 ---ha-w C:\Program Files\Config.dat
2006-05-03 1054 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 03:08 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-04-28 08:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-06-20 08:00]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\spydoctor.exe" [2004-08-10 14:08]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-21 17:37]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-06-28 17:38]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 19:57]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-01 19:11]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-02-23 14:55]
"ares"="C:\Program Files\Ares\Ares.exe" []
"EzSSS"="C:\Program Files\!Easy ScreenSaver Station\EzSSStation.exe" [2007-05-30 12:01]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
ScreenThemes.lnk - C:\Program Files\ScreenThemes\scthemes.exe [2007-07-07 23:16:25]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-05-30 19:23:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 08:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"ZboardTray"="C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard]
Winlognotif.dll 2003-09-03 07:14 49152 C:\WINDOWS\system32\Winlognotif.dll

023 - aeaudio - system32\drivers\aeaudio.sys
023 - bcm43xx - System32\DRIVERS\bcmwl5.sys
023 - gtndis5 - \??\C:\WINDOWS\System32\GTNDIS5.SYS
023 - ndisip - System32\DRIVERS\NdisIP.sys
023 - npkcrypt - \??\C:\Program Files\NEXON\MapleStory\npkcrypt.sys
023 - npkcusb - \??\C:\Program Files\NEXON\MapleStory\npkcusb.sys
023 - nvata - System32\DRIVERS\nvata.sys
023 - omnidrv - System32\DRIVERS\OmniDrv.sys
023 - omniusb - System32\DRIVERS\OmniUsb.sys
023 - omniusbl - System32\DRIVERS\OmniUsbl.sys
023 - pctfw1 - \??\C:\WINDOWS\System32\drivers\pctfw1.sys
023 - pctoolsfirewallplus - C:\Program Files\PC Tools Firewall Plus\FWService.exe
023 - pid_0928 - System32\DRIVERS\LV561AV.SYS
023 - saruen - \??\C:\Documents and Settings\user\Desktop\Hacks\saruengang101of\saruen.sys
023 - ser2pl - System32\DRIVERS\ser2pl.sys
023 - sfilter - System32\DRIVERS\pctfw.sys
023 - sis315 - System32\DRIVERS\sisgrp.sys
023 - siside - System32\DRIVERS\siside.sys
023 - sisidex - system32\drivers\sisidex.sys
023 - siskp - system32\drivers\srvkp.sys
023 - sisnic - System32\DRIVERS\sisnic.sys
023 - sisperf - system32\drivers\sisperf.sys
023 - slip - System32\DRIVERS\SLIP.sys
023 - smwdm - system32\drivers\smwdm.sys
023 - uploadmgr - %SystemRoot%\System32\svchost.exe -k netsvcs - %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
023 - w810bus - System32\DRIVERS\w810bus.sys
023 - w810mdfl - System32\DRIVERS\w810mdfl.sys
023 - w810mdm - System32\DRIVERS\w810mdm.sys
023 - w810mgmt - System32\DRIVERS\w810mgmt.sys
023 - w810obex - System32\DRIVERS\w810obex.sys
023 - winachcf - System32\DRIVERS\winachcf.sys
023 - wmp54gsvc - "C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe"
023 - wpdusb - System32\Drivers\wpdusb.sys
023 - xtrapd12 - \??\C:\WINDOWS\System32\XTrapD12.sys
023 - zenos1 - \??\C:\Documents and Settings\user\Desktop\Hacks\myzenos\zenos.sys


Contents of the 'Scheduled Tasks' folder
2007-01-01 23:31:39 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-20 13:48:33
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\\35\4>\0042\4>\4A\4B\48\4]
"Order"=hex:08,00,00,00,02,00,00,00,60,01,00,00,01,00,00,00,02,00,00,00,6a,..

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-20 13:49:06
C:\ComboFix-quarantined-files.txt ... 2007-07-20 13:48
C:\ComboFix2.txt ... 2007-07-20 10:36

--- E O F ---
Last edited by sUBs; 07-20-2007 at 02:50 PM.
PaulK123 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-20-2007, 01:41 PM   #8 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 27
OS: WinXP


Re: Trojan.W32.looksky Help!
HiJackThis Log
Sorry but I accidentally deleted the log i did beforehand, Im relli sorry but here is an updated log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:57 PM, on 7/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Logitech\Video\AlbumDB2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 209.183.131.91 i
O1 - Hosts: 66.35.250.150 s
O1 - Hosts: 216.239.39.99 g
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [EzSSS] "C:\Program Files\!Easy ScreenSaver Station\EzSSStation.exe" -T
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [EzSSS] "C:\Program Files\!Easy ScreenSaver Station\EzSSStation.exe" -T (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-117609710-1708537768-725345543-1003 Startup: ScreenThemes.lnk = C:\Program Files\ScreenThemes\scthemes.exe (User '?')
O4 - S-1-5-21-117609710-1708537768-725345543-1003 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: ScreenThemes.lnk = C:\Program Files\ScreenThemes\scthemes.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} (Google Script Object) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WMP54GSVC - GEMTEKS - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe

--
End of file - 14533 bytes
PaulK123 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-20-2007, 03:00 PM   #9 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,474
OS: N/A


Re: Trojan.W32.looksky Help!
Do a HijackThis scan & place a check next to these items and select "Fix checked":

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZS
O16 - DPF: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} (Google Script Object) - http://activex.microsoft.com/objects/ocget.dll


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:
DirLook::
C:\Documents and Settings\user\My Documents\1
File::
C:\Documents and Settings\user\My Documents\1\Hacking programs with Tutorials.rar
C:\Documents and Settings\user\My Documents\1\Install-100-DP.exe
C:\Documents and Settings\user\My Documents\1\Install-Funny-Pack.exe
C:\Documents and Settings\user\My Documents\1\regular_plugin.exe
C:\Documents and Settings\user\My Documents\1\sinstaller.exe
C:\Documents and Settings\user\My Documents\1\waterfalls1awad728free.exe
C:\Documents and Settings\user\My Documents\1\wwetripleh1024.exe
C:\Documents and Settings\user\My Documents\1\ZangoInstaller.exe
C:\Documents and Settings\user\My Documents\Mall2DeluxeSetup-dm.exe
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Program Files\MSN Messenger\riched20.dll
C:\WINDOWS\Downloaded Program Files\m67m.ocx
C:\WINDOWS\Downloaded Program Files\rdgCA10.exe
C:\WINDOWS\Downloaded Program Files\rdgCA333.exe
C:\WINDOWS\Downloaded Program Files\sea10.exe
C:\WINDOWS\msxmidi.exe
C:\WINDOWS\optimize.exe
C:\WINDOWS\system32\dktibs.exe
C:\WINDOWS\system32\rkinstaller.exe
C:\WINDOWS\system32\winlogon32.dll
C:\WINDOWS\thin-143-1-x-x.exe
C:\WINDOWS\xpehbamnow.exe
C:\WINDOWS\system32\drivers\etc\hosts
Folder::
C:\VundoFix Backups
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\CONFLICT.2
C:\WINDOWS\Downloaded Program Files\CONFLICT.3
C:\Program Files\filesubmit
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

I would also require a fresh Hijackthis log
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-21-2007, 10:17 AM   #10 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 27
OS: WinXP


Re: Trojan.W32.looksky Help!
Combo Fix Log

"user" - 2007-07-21 12:12:02 - ComboFix 07-07-20.7 - Service Pack 1 NTFS
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\user\My Documents\1\Hacking programs with Tutorials.rar
C:\Documents and Settings\user\My Documents\1\Install-100-DP.exe
C:\Documents and Settings\user\My Documents\1\Install-Funny-Pack.exe
C:\Documents and Settings\user\My Documents\1\regular_plugin.exe
C:\Documents and Settings\user\My Documents\1\sinstaller.exe
C:\Documents and Settings\user\My Documents\1\waterfalls1awad728free.exe
C:\Documents and Settings\user\My Documents\1\wwetripleh1024.exe
C:\Documents and Settings\user\My Documents\1\ZangoInstaller.exe
C:\Documents and Settings\user\My Documents\Mall2DeluxeSetup-dm.exe
C:\Program Files\filesubmit
C:\Program Files\filesubmit\triplehwp004.zip\fsi_install.ico
C:\Program Files\filesubmit\triplehwp004.zip\fsi_uninstall.ico
C:\Program Files\filesubmit\triplehwp004.zip\triplehwp004.zip
C:\Program Files\filesubmit\triplehwp004.zip\UNWISE.EXE
C:\Program Files\filesubmit\triplehwp004.zip\VVSNInst.exe
C:\Program Files\filesubmit\wwetripleh1024.zip\fsi_install.ico
C:\Program Files\filesubmit\wwetripleh1024.zip\fsi_uninstall.ico
C:\Program Files\filesubmit\wwetripleh1024.zip\SetupInst.exe
C:\Program Files\filesubmit\wwetripleh1024.zip\UNWISE.EXE
C:\Program Files\filesubmit\wwetripleh1024.zip\wwetripleh1024.zip
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Program Files\MSN Messenger\riched20.dll
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ocget.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgCA10.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgCA333.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\sea10.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.2
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\ocget.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\rdgCA10.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\rdgCA333.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\sea10.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.3
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\ocget.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\rdgCA10.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\rdgCA333.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\sea10.exe
C:\WINDOWS\Downloaded Program Files\m67m.ocx
C:\WINDOWS\Downloaded Program Files\rdgCA10.exe
C:\WINDOWS\Downloaded Program Files\rdgCA333.exe
C:\WINDOWS\Downloaded Program Files\sea10.exe
C:\WINDOWS\msxmidi.exe
C:\WINDOWS\optimize.exe
C:\WINDOWS\system32\dktibs.exe
C:\WINDOWS\system32\drivers\etc\hosts
C:\WINDOWS\system32\rkinstaller.exe
C:\WINDOWS\system32\winlogon32.dll
C:\WINDOWS\thin-143-1-x-x.exe
C:\WINDOWS\xpehbamnow.exe


((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))


2007-07-20 13:55 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-20 10:31 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-19 17:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-16 20:17 <DIR> d-------- C:\Program Files\ASCII
2007-07-12 17:45 <DIR> d-------- C:\NVIDIA
2007-07-11 21:05 <DIR> d-------- C:\Program Files\!Easy ScreenSaver Station
2007-07-09 13:20 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\Talkback
2007-07-09 13:20 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\BitTorrent
2007-07-09 13:18 786,432 --ah----- C:\DOCUME~1\Michael\NTUSER.DAT
2007-07-09 13:18 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\Teleca
2007-07-09 13:18 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\PCToolsFirewallPlus
2007-07-09 13:18 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\Ideazon
2007-07-07 23:16 36,864 --a------ C:\WINDOWS\system32\lfbmp11n.dll
2007-07-07 23:16 356,864 --a------ C:\WINDOWS\system32\ltkrn11n.dll
2007-07-07 23:16 273,408 --a------ C:\WINDOWS\system32\lfcmp11n.dll
2007-07-07 23:16 244,224 --a------ C:\WINDOWS\system32\ltdis11n.dll
2007-07-07 23:16 226,304 --a------ C:\WINDOWS\system32\ltefx11n.dll
2007-07-07 23:16 126,976 --a------ C:\WINDOWS\system32\ltimg11n.dll
2007-07-07 23:16 111,616 --a------ C:\WINDOWS\system32\ltfil11n.dll
2007-07-07 23:16 <DIR> d-------- C:\Program Files\ScreenThemes
2007-07-06 20:28 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\PCToolsFirewallPlus
2007-07-06 20:08 55,904 --a------ C:\WINDOWS\system32\drivers\pctfw.sys
2007-07-06 20:08 100,448 --a------ C:\WINDOWS\system32\drivers\pctfw1.sys
2007-07-06 20:08 <DIR> d-------- C:\Program Files\PC Tools Firewall Plus
2007-06-22 18:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2007-06-22 18:06 <DIR> d-------- C:\Program Files\Audacity


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-21 16:14:39 -------- d-----w C:\Program Files\MSN Messenger
2007-07-21 16:10:46 -------- d-----w C:\Program Files\Google
2007-07-21 14:31:48 -------- d-----w C:\DOCUME~1\user\APPLIC~1\Skype
2007-07-21 14:31:46 -------- d-----w C:\DOCUME~1\user\APPLIC~1\Xfire
2007-07-21 14:30:40 -------- d-s---w C:\Program Files\Xfire
2007-07-21 14:30:20 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-07-20 17:43:45 -------- d-----w C:\Program Files\Download Manager
2007-07-12 01:05:24 -------- d-----w C:\Program Files\!Easy ScreenSaver Station
2007-07-03 19:13:57 -------- d-----w C:\DOCUME~1\user\APPLIC~1\BitTorrent
2007-07-03 19:01:05 -------- d-----w C:\Program Files\BitTorrent
2007-06-22 22:14:19 -------- d-----w C:\Program Files\Blaze Media Pro
2007-06-18 22:55:07 -------- d-----w C:\Program Files\Ares
2007-06-18 22:55:01 -------- d-----w C:\Program Files\Apollo 3GP Video Converter
2007-06-18 01:41:07 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-17 23:50:04 -------- d-----w C:\Program Files\EA GAMES
2007-06-17 22:17:01 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-17 19:00:16 928 ----a-w C:\WINDOWS\eReg.dat
2007-06-17 18:59:54 -------- d-----w C:\Program Files\Byteswarm
2007-06-17 18:59:47 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-05-30 16:01:46 1,224,256 ----a-w C:\WINDOWS\system32\SCRPlayer.scr
2007-05-28 02:25:38 -------- d-----w C:\DOCUME~1\user\APPLIC~1\gtk-2.0
2007-05-28 02:23:25 -------- d-----w C:\Program Files\GIMP-2.0
2007-05-28 01:47:52 -------- d-----w C:\DOCUME~1\user\APPLIC~1\AdobeUM
2007-05-25 02:54:07 -------- d-----w C:\Program Files\Common Files\Stardock
2007-05-25 02:54:06 -------- d-----w C:\Program Files\Stardock
2007-05-03 19:51:07 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2004-10-19 05:37:32 17,901 ----a-w C:\Program Files\irunin.ini
2004-10-19 05:37:00 8,134 ----a-w C:\Program Files\irunin.bmp
2004-10-19 05:37:00 15,938 ----a-w C:\Program Files\irunin.lng
2004-10-19 05:37:00 149,841 ----a-w C:\Program Files\irunin.dat
2003-12-15 20:24:16 56,832 --sha-w C:\Program Files\Thumbs.db
2003-12-14 20:34:06 57 ----a-w C:\Program Files\status.js
2003-12-14 20:32:46 1,290,240 ----a-w C:\Program Files\Zuma.exe
2003-12-14 20:32:20 27,587 ----a-w C:\Program Files\theUninstallFile.txt
2003-12-14 20:31:52 38,543 ----a-w C:\Program Files\gameart.jpg
2003-12-14 20:31:52 285 ----a-w C:\Program Files\osd212.osd
2003-12-14 20:31:50 6,561 ----a-w C:\Program Files\racnotinstalled.htm
2003-12-14 20:31:50 333 ----a-w C:\Program Files\wrapper.ini
2003-12-14 20:31:50 287 ----a-w C:\Program Files\launch.ini
2003-12-14 20:31:50 27,957 ----a-w C:\Program Files\readme.html
2003-12-14 20:31:50 224 ----a-w C:\Program Files\feedback.htm
2003-12-14 20:31:50 210 ----a-w C:\Program Files\setup.ini
2003-12-14 20:31:50 14,190 ----a-w C:\Program Files\pregame.htm
2003-12-14 20:31:50 1,285 ----a-w C:\Program Files\contentbox_bottom.gif
2003-12-14 20:31:48 95 ----a-w C:\Program Files\mainimage_top.gif
2003-12-14 20:31:48 91 ----a-w C:\Program Files\mainimage_bottom.gif
2003-12-14 20:31:48 902 ----a-w C:\Program Files\contentbox.gif
2003-12-14 20:31:48 828 ----a-w C:\Program Files\button_center.gif
2003-12-14 20:31:48 741 ----a-w C:\Program Files\mainimage_left.gif
2003-12-14 20:31:48 53 ----a-w C:\Program Files\empty.gif
2003-12-14 20:31:48 49 ----a-w C:\Program Files\spacer.gif
2003-12-14 20:31:48 314 ----a-w C:\Program Files\butt_next_over.gif
2003-12-14 20:31:48 310 ----a-w C:\Program Files\butt_back_over.gif
2003-12-14 20:31:48 279 ----a-w C:\Program Files\meter_bottom.gif
2003-12-14 20:31:48 263 ----a-w C:\Program Files\meter_top.gif
2003-12-14 20:31:48 218 ----a-w C:\Program Files\butt_next.gif
2003-12-14 20:31:48 213 ----a-w C:\Program Files\butt_back.gif
2003-12-14 20:31:48 208 ----a-w C:\Program Files\button_right.gif
2003-12-14 20:31:48 192 ----a-w C:\Program Files\meter_right.gif
2003-12-14 20:31:48 191 ----a-w C:\Program Files\meter_left.gif
2003-12-14 20:31:48 187 ----a-w C:\Program Files\button_left.gif
2003-12-14 20:31:48 150 ----a-w C:\Program Files\horzline.gif
2003-12-14 20:31:48 149 ----a-w C:\Program Files\meter_upperleft.gif
2003-12-14 20:31:48 149 ----a-w C:\Program Files\meter_lowerright.gif
2003-12-14 20:31:48 147 ----a-w C:\Program Files\meter_upperright.gif
2003-12-14 20:31:48 146 ----a-w C:\Program Files\meter_lowerleft.gif
2003-12-14 20:31:48 124 ----a-w C:\Program Files\butt_left.gif
2003-12-14 20:31:48 123 ----a-w C:\Program Files\butt_right.gif
2003-12-14 20:31:48 115 ----a-w C:\Program Files\mainimage_right.gif
2003-12-14 20:31:48 102,196 ----a-w C:\Program Files\bass.dll
2003-12-14 20:31:48 101 ----a-w C:\Program Files\fill.gif
2003-12-14 20:31:48 1,241 ----a-w C:\Program Files\contentbox_top.gif
2003-11-21 20:11:34 49 ---ha-w C:\Program Files\Config.dat
2006-05-03 1054 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


---- Directory of C:\Documents and Settings\user\My Documents\1 ----

2007-07-19 15:01 0 --a------ C:\Documents and Settings\user\My Documents\1\ucleaner_setup.exe
2007-06-18 17:48 6010424 --a------ C:\Documents and Settings\user\My Documents\1\Firefox Setup 2.0.0.4.exe
2007-01-16 18:04 443589649 --a------ C:\Documents and Settings\user\My Documents\1\MSSetup.exe
2007-01-16 17:31 29724464 --a------ C:\Documents and Settings\user\My Documents\1\IE7-WindowsServer2003-x64-enu.exe
2006-12-12 10:52 12099848 --a------ C:\Documents and Settings\user\My Documents\1\avast!setupeng.exe
2006-10-31 17:09 24576 --a------ C:\Documents and Settings\user\My Documents\1\16GRAND.doc
2006-10-31 15:54 24064 ---h----- C:\Documents and Settings\user\My Documents\1\~WRL0003.tmp
2006-09-19 18:00 13714856 --a------ C:\Documents and Settings\user\My Documents\1\zapSetup_65_737_000_en.exe
2006-08-28 16:04 23296 --a------ C:\Documents and Settings\user\My Documents\1\regular_plugin.exe
2006-08-24 19:02 5118736 --a------ C:\Documents and Settings\user\My Documents\1\Firefox Setup 1.5.0.6.exe
2006-08-21 22:58 1323592 --a------ C:\Documents and Settings\user\My Documents\1\MesaParkAudioMixer30-Demo.exe
2006-08-21 22:55 5580426 --a------ C:\Documents and Settings\user\My Documents\1\scdjm1200r.exe
2006-08-21 22:54 1941104 --a------ C:\Documents and Settings\user\My Documents\1\Acoustica-MP3-Audio-Mixer-Installer.exe
2006-08-14 15:34 5446320 --a------ C:\Documents and Settings\user\My Documents\1\Shockwave_Installer_Full.exe
2006-08-14 14:43 382054505 --a------ C:\Documents and Settings\user\My Documents\1\PSE_40_WWE_TRYBUY.zip
2006-08-07 23:16 26886144 --a------ C:\Documents and Settings\user\My Documents\1\atrt_demo_win.exe
2006-07-28 11:15 849130 --a------ C:\Documents and Settings\user\My Documents\1\Install-100-DP.exe
2006-07-27 17:59 21290704 --a------ C:\Documents and Settings\user\My Documents\1\AdbeRdr708_en_US.exe
2006-07-25 13:04 4992624 --a------ C:\Documents and Settings\user\My Documents\1\waterfalls1awad728free.exe
2006-07-18 11:13 152292 --a------ C:\Documents and Settings\user\My Documents\1\Buffet.pdf
2006-07-10 10:16 15272744 --a------ C:\Documents and Settings\user\My Documents\1\Install_Messenger_nous.exe
2006-07-03 18:10 625752 --a------ C:\Documents and Settings\user\My Documents\1\wwetripleh1024.exe
2006-06-30 10:06 2879496 --a------ C:\Documents and Settings\user\My Documents\1\SevenSeasSetup.exe
2006-06-26 14:16 3442024 --a------ C:\Documents and Settings\user\My Documents\1\WWE SmackDown vs RAW 2006 Guide--pdf.pdf
2006-06-20 21:55 977708 --a------ C:\Documents and Settings\user\My Documents\1\pcw_park_map_2006.pdf
2006-06-15 18:31 23552 --a------ C:\Documents and Settings\user\My Documents\1\FortheSurpriseParty[2].doc
2006-06-14 20:33 599554 --a------ C:\Documents and Settings\user\My Documents\1\Install-Funny-Pack.exe
2006-06-10 15:25 4776277 --a------ C:\Documents and Settings\user\My Documents\1\wp_game_niggazdoomgl_2.2.zip
2006-06-10 13:57 1153119 --a------ C:\Documents and Settings\user\My Documents\1\05_1600.zip
2006-06-09 20:38 24576 --a------ C:\Documents and Settings\user\My Documents\1\SchabloneTubeQuiz.doc
2006-06-08 22:37 11500150 --a------ C:\Documents and Settings\user\My Documents\1\veme.exe
2006-06-08 21:52 5049 --a------ C:\Documents and Settings\user\My Documents\1\prepre.html
2006-06-06 17:00 3773944 --a------ C:\Documents and Settings\user\My Documents\1\aumix213.exe
2006-06-01 09:03 746016 --a------ C:\Documents and Settings\user\My Documents\1\FRAPS273.EXE
2006-05-25 09:49 21362099 --a------ C:\Documents and Settings\user\My Documents\1\Hacking programs with Tutorials.rar
2006-05-22 14:22 40264 --a------ C:\Documents and Settings\user\My Documents\1\809f3775fa81e418f22d756d12363c5f2683f916.torrent
2006-05-22 14:08 1610262 --a------ C:\Documents and Settings\user\My Documents\1\TrustyFiles.exe
2006-05-22 14:01 3345634 --a------ C:\Documents and Settings\user\My Documents\1\bittornado.exe
2006-05-22 13:57 4043848 --a------ C:\Documents and Settings\user\My Documents\1\3 LimeWireWinPro.exe
2006-05-21 14:43 2699256 --a------ C:\Documents and Settings\user\My Documents\1\ESPNRunTimeSetup.exe
2006-05-15 16:28 69946107 --a------ C:\Documents and Settings\user\My Documents\1\FinSW2k5Win.exe
2006-05-15 11:02 127928 --a------ C:\Documents and Settings\user\My Documents\1\ZangoInstaller.exe
2006-05-08 17:33 692434 --a------ C:\Documents and Settings\user\My Documents\1\Auto Looter v23 - Splash.zip
2006-05-08 17:31 1911 --a------ C:\Documents and Settings\user\My Documents\1\Wizard Bot Script X 1.0.rar
2006-05-08 17:30 3033 --a------ C:\Documents and Settings\user\My Documents\1\SleepyWood Quest Bot.zip
2006-05-08 17:25 189720 --a------ C:\Documents and Settings\user\My Documents\1\MapeEasy v0.9.rar
2006-05-07 16:16 27537 --a------ C:\Documents and Settings\user\My Documents\1\Ship.zip
2006-05-07 15:51 611272 --a------ C:\Documents and Settings\user\My Documents\1\kazaa_setup.exe
2006-05-06 17:46 117320 --a------ C:\Documents and Settings\user\My Documents\1\sinstaller.exe
2006-05-06 17:32 861019 --a------ C:\Documents and Settings\user\My Documents\1\01_1600.zip
2006-05-06 17:31 1785599 --a------ C:\Documents and Settings\user\My Documents\1\03_1600.zip
2006-05-01 20:58 24576 --a------ C:\Documents and Settings\user\My Documents\1\BibliographyforDebates.doc
2006-05-01 18:28 26112 --a------ C:\Documents and Settings\user\My Documents\1\DebatesOpeningStatement[1].doc
2006-05-01 16:35 25088 --a------ C:\Documents and Settings\user\My Documents\1\ClosingStatement.doc
2006-04-21 17:25 18944 --a------ C:\Documents and Settings\user\My Documents\1\HTR POOL 2006 - english.xls
2006-04-14 10:48 6705304 --a------ C:\Documents and Settings\user\My Documents\1\stop-sign_install.exe
2006-03-28 23:04 723128 --a------ C:\Documents and Settings\user\My Documents\1\FRAPS272.EXE
2006-03-28 22:57 44801284 --a------ C:\Documents and Settings\user\My Documents\1\vegas40.exe
2006-03-02 18:32 3878182 --a------ C:\Documents and Settings\user\My Documents\1\disaffected_setup.exe
2006-02-09 22:57 40 --a------ C:\Documents and Settings\user\My Documents\1\pvivaldi.ram
2006-02-02 20:03 2855080 --a------ C:\Documents and Settings\user\My Documents\1\aawsepersonal.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 03:08 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-04-28 08:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-06-20 08:00]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\spydoctor.exe" [2004-08-10 14:08]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-21 17:37]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-06-28 17:38]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-01 19:11]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-02-23 14:55]
"ares"="C:\Program Files\Ares\Ares.exe" []
"EzSSS"="C:\Program Files\!Easy ScreenSaver Station\EzSSStation.exe" [2007-05-30 12:01]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
ScreenThemes.lnk - C:\Program Files\ScreenThemes\scthemes.exe [2007-07-07 23:16:25]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-05-30 19:23:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 08:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"ZboardTray"="C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard]
Winlognotif.dll 2003-09-03 07:14 49152 C:\WINDOWS\system32\Winlognotif.dll

023 - aeaudio - system32\drivers\aeaudio.sys
023 - bcm43xx - System32\DRIVERS\bcmwl5.sys
023 - gtndis5 - \??\C:\WINDOWS\System32\GTNDIS5.SYS
023 - ndisip - System32\DRIVERS\NdisIP.sys
023 - npkcrypt - \??\C:\Program Files\NEXON\MapleStory\npkcrypt.sys
023 - npkcusb - \??\C:\Program Files\NEXON\MapleStory\npkcusb.sys
023 - nvata - System32\DRIVERS\nvata.sys
023 - omnidrv - System32\DRIVERS\OmniDrv.sys
023 - omniusb - System32\DRIVERS\OmniUsb.sys
023 - omniusbl - System32\DRIVERS\OmniUsbl.sys
023 - pctfw1 - \??\C:\WINDOWS\System32\drivers\pctfw1.sys
023 - pctoolsfirewallplus - C:\Program Files\PC Tools Firewall Plus\FWService.exe
023 - pid_0928 - System32\DRIVERS\LV561AV.SYS
023 - saruen - \??\C:\Documents and Settings\user\Desktop\Hacks\saruengang101of\saruen.sys
023 - ser2pl - System32\DRIVERS\ser2pl.sys
023 - sfilter - System32\DRIVERS\pctfw.sys
023 - sis315 - System32\DRIVERS\sisgrp.sys
023 - siside - System32\DRIVERS\siside.sys
023 - sisidex - system32\drivers\sisidex.sys
023 - siskp - system32\drivers\srvkp.sys
023 - sisnic - System32\DRIVERS\sisnic.sys
023 - sisperf - system32\drivers\sisperf.sys
023 - slip - System32\DRIVERS\SLIP.sys
023 - smwdm - system32\drivers\smwdm.sys
023 - uploadmgr - %SystemRoot%\System32\svchost.exe -k netsvcs - %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
023 - w810bus - System32\DRIVERS\w810bus.sys
023 - w810mdfl - System32\DRIVERS\w810mdfl.sys
023 - w810mdm - System32\DRIVERS\w810mdm.sys
023 - w810mgmt - System32\DRIVERS\w810mgmt.sys
023 - w810obex - System32\DRIVERS\w810obex.sys
023 - winachcf - System32\DRIVERS\winachcf.sys
023 - wmp54gsvc - "C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe"
023 - wpdusb - System32\Drivers\wpdusb.sys
023 - xtrapd12 - \??\C:\WINDOWS\System32\XTrapD12.sys
023 - zenos1 - \??\C:\Documents and Settings\user\Desktop\Hacks\myzenos\zenos.sys


Contents of the 'Scheduled Tasks' folder
2007-01-01 23:31:39 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-21 12:14:52
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\\35\4>\0042\4>\4A\4B\48\4]
"Order"=hex:08,00,00,00,02,00,00,00,60,01,00,00,01,00,00,00,02,00,00,00,6a,..

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gusvc]
"ImagePath"="\"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

Completion time: 2007-07-21 12:15:25
C:\ComboFix-quarantined-files.txt ... 2007-07-21 12:15
C:\ComboFix2.txt ... 2007-07-20 13:49
C:\ComboFix3.txt ... 2007-07-20 10:36

--- E O F ---

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:50 PM, on 7/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [EzSSS] "C:\Program Files\!Easy ScreenSaver Station\EzSSStation.exe" -T
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h (User '?')
O4 - HKUS\S-1-5-21-117609710-1708537768-725345543-1003\..\Run: [EzSSS] "C:\Program Files\!Easy ScreenSaver Station\EzSSStation.exe" -T (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-117609710-1708537768-725345543-1003 Startup: ScreenThemes.lnk = C:\Program Files\ScreenThemes\scthemes.exe (User '?')
O4 - S-1-5-21-117609710-1708537768-725345543-1003 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: ScreenThemes.lnk = C:\Program Files\ScreenThemes\scthemes.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WMP54GSVC - GEMTEKS - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe

--
End of file - 10912 bytes
PaulK123 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-21-2007, 11:20 AM   #11 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,474
OS: N/A


Re: Trojan.W32.looksky Help!
I'm going to assume the folder - My Documents\1 - is created by you & contains files that you downloaded from the net. Tell me if that's incorrect.

These files from there should be deleted:

* ucleaner_setup.exe
* ZangoInstaller.exe


----------


When that's done, your system is clean.

C:\QooBox\ is ComboFix's quarantine folder. You can safely delete it


Kindly follow these simple steps in order to keep your computer clean and secure:
  1. CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
    Go to Start → Run → type control sysdm.cpl,,4 & press Enter
    • Tick on the checkbox - Turn off System Restore on all drives
    • Click Apply
    Turn it back 'On' by unticking the same checkbox & click OK


  2. DISABLE THE VIEWING OF SYSTEM FILES
    From Windows Explorer, go to Tools>Folder Options> View tab.
    • Untick - Show hidden files and folder
    • Tick - Hide file extensions for known types
    • Tick - Hide protected operating system files
    Click Yes to confirm & then click OK


  3. SECURING INTERNET EXPLORER
    From within Internet Explorer click on the Tools menu and then click on Internet Options.
    • Select the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Select Custom Level .
        • Change 'Download signed ActiveX controls' to Prompt
        • Change 'Download unsigned ActiveX controls' to Disable
        • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
        • Change 'Installation of desktop items' to Prompt
        • Change 'Launching programs and files in an IFRAME' to Prompt
        • Change 'Navigate sub-frames across different domains' to Prompt
        • When all these changes have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Select OK to exit the Internet Properties page.


  4. ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources → http://www.bleepingcomputer.com/forums/topict405.html

    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  5. FIREWALL
    Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here → http://www.bleepingcomputer.com/forums/tutorial60.html


  6. Microsoft Windows Updatehttp://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


  7. SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial43.html

  8. AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial48.html


  9. SPYWAREBLASTER
    SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

    Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial49.html


  10. IE-SPYAD
    IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
  • http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • http://toolbar.google.com/ - Google Toolbar - Get the free google toolbar to help stop pop up windows.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-21-2007, 02:27 PM   #12 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 27
OS: WinXP


Re: Trojan.W32.looksky Help!
Yep, thanks for all of your help! THANK U
PaulK123 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 01:09 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85