Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Need help~~~ pc really dying =(
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 01-10-2008, 01:07 AM   #1 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 11
OS: window xp home edition


Need help~~~ pc really dying =(
can someone giv me a solution to clear this viruses?
1)MS-DOS viruses
2)Script viruses
3)Trojan horses
4)Backdoor and Trojan horses
These are the names of the virus i found in my AVG virus vault. There are 450 of them there. can someone reply fast before they start to spead pls.
bryanchew is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 01-12-2008, 02:49 AM   #2 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 11
OS: window xp home edition


Re: Need help~~~ pc really dying =(
ps i forget to post the hijackthis log on my previous post
so i now will paste the main log below and attached the extra log also


Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-12 18:14:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
90: 2008-01-12 10:15:01 UTC - RP356 - Deckard's System Scanner Restore Point
89: 2008-01-12 09:19:45 UTC - RP355 - Software Distribution Service 3.0
88: 2008-01-06 08:40:41 UTC - RP354 - System Checkpoint
87: 2007-12-31 10:34:01 UTC - RP353 - System Checkpoint
86: 2007-12-30 05:13:07 UTC - RP352 - System Checkpoint


-- First Restore Point --
1: 2007-10-08 11:55:55 UTC - RP267 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-12 18:21:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Windows AdService\WinAdServ.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows AdService\WinAdSlave.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\gqgjoejh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F0 - system.ini: Shell=explorer.exe C:\WINDOWS\system32\svohost.exe
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\svohost.exe
O2 - BHO: imGiantObj Class - {00000062-2E5F-4AF7-986E-5B64E0951A96} - C:\WINDOWS\imGiant.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcywxx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A51900D-AF1E-4D1A-BA61-E7675A67A70d} - C:\WINDOWS\system32\hdsninvm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C6AD991A-0127-4555-9775-9A7CDC8DCF9A} - C:\WINDOWS\system32\awvts.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\spntfddr.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\vtuspqr.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\qyhwcdtv.dll",forkonce
O4 - HKLM\..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe
O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\vljirkpm.dll",sitypnow
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] usb2.exe
O4 - HKLM\..\RunServices: [System] rundl.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] usb2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Bias Barb] C:\DOCUME~1\Owner\APPLIC~1\RDRFUN~1\dupe way boob.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Win32 USB2 Driver] usb2.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Win32 USB2 Driver] usb2.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe~
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/229?6cf0b46766374fe2a2db526893acfb41
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/230?6cf0b46766374fe2a2db526893acfb41
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} () - http://static.windupdates.com/cab/62.../bridge-c6.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2870AA73-0682-4073-8A40-CE710F492E9D} () - http://www.winicon.net/winicon/winicon.cab
O16 - DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} (Speed Class) - http://www.singnet.com.sg/technical/.../SpeedCtrl.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} () - http://cdn.drivecleaner.com/installd...eanerstart.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://apgateway.fngroup.com.sg/,Da...a+iNotes6W.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://apgateway.fngroup.com.sg/dan...erSetupSP1.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll
O20 - Winlogon Notify: ddcywxx - C:\WINDOWS\system32\ddcywxx.dll (file missing)
O20 - Winlogon Notify: urqqqqp - C:\WINDOWS\system32\urqqqqp.dll
O20 - Winlogon Notify: vtuspqr - C:\WINDOWS\system32\vtuspqr.dll (file missing)
O20 - Winlogon Notify: wvuutuu - C:\WINDOWS\system32\wvuutuu.dll
O21 - SSODL: syshelps - {5912C7BE-A0BC-4900-A74F-5590CC64CAC8} - systesrt32.dll (file missing)
O21 - SSODL: prodigy1 - {DE5CA026-A372-43B9-9F9B-4B9D6F7A03F2} - prodigys323.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\gqgjoejh.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Manager - Unknown owner - C:\WINDOWS\service.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe


--
End of file - 12463 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys (file missing)
S3 AmeAtmPc - c:\windows\system32\drivers\ameatmpc.sys (file missing)
S3 Dua1 - c:\documents and settings\owner\desktop\dualengine2\dualengi.sys (file missing)
S3 w800bus (Sony Ericsson W800 driver (WDM)) - c:\windows\system32\drivers\w800bus.sys <Not Verified; MCCI; Sony Ericsson W800>
S3 w800mdfl (Sony Ericsson W800 USB WMC Modem Filter) - c:\windows\system32\drivers\w800mdfl.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem Filter Driver>
S3 w800mdm (Sony Ericsson W800 USB WMC Modem Drivers) - c:\windows\system32\drivers\w800mdm.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem>
S3 w800mgmt (Sony Ericsson W800 USB WMC Device Management Drivers) - c:\windows\system32\drivers\w800mgmt.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Device Management>
S3 w800obex (Sony Ericsson W800 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\w800obex.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DomainService - c:\windows\system32\gqgjoejh.exe /service <Not Verified; ; DDC>

S2 Service Manager - "c:\windows\service.exe" (file missing)
S2 UserAccess7 (SecuROM User Access Service (V7)) - c:\windows\system32\uaservice7.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: 2Wire USB Remote NDIS Ethernet
Device ID: USB\VID_1630&PID_0042\5&126700AE&0&1
Manufacturer:
Name: 2Wire USB Remote NDIS Ethernet
PNP Device ID: USB\VID_1630&PID_0042\5&126700AE&0&1
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-01-12 18:19:35 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-01-12 18:00:00 350 --a------ C:\WINDOWS\Tasks\At19.job
2008-01-12 18:00:00 260 --ah----- C:\WINDOWS\Tasks\AC2996A4918A12AC.job
2008-01-12 17:24:01 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-01-10 17:00:00 350 --a------ C:\WINDOWS\Tasks\At18.job
2008-01-10 16:00:01 350 --a------ C:\WINDOWS\Tasks\At17.job
2008-01-10 15:00:19 350 --a------ C:\WINDOWS\Tasks\At16.job
2008-01-07 20:00:01 350 --a------ C:\WINDOWS\Tasks\At21.job
2008-01-07 19:00:00 350 --a------ C:\WINDOWS\Tasks\At20.job
2008-01-06 02:00:01 350 --a------ C:\WINDOWS\Tasks\At3.job
2008-01-06 01:00:00 350 --a------ C:\WINDOWS\Tasks\At2.job
2008-01-06 00:00:01 350 --a------ C:\WINDOWS\Tasks\At1.job
2008-01-05 23:00:00 350 --a------ C:\WINDOWS\Tasks\At24.job
2008-01-01 14:00:01 350 --a------ C:\WINDOWS\Tasks\At15.job
2008-01-01 13:00:07 350 --a------ C:\WINDOWS\Tasks\At14.job
2008-01-01 12:00:04 350 --a------ C:\WINDOWS\Tasks\At13.job
2008-01-01 11:00:02 350 --a------ C:\WINDOWS\Tasks\At12.job
2008-01-01 10:00:00 350 --a------ C:\WINDOWS\Tasks\At11.job
2008-01-01 09:00:00 350 --a------ C:\WINDOWS\Tasks\At10.job
2008-01-01 08:00:00 350 --a------ C:\WINDOWS\Tasks\At9.job
2008-01-01 07:00:00 350 --a------ C:\WINDOWS\Tasks\At8.job
2008-01-01 06:00:00 350 --a------ C:\WINDOWS\Tasks\At7.job
2008-01-01 05:00:00 350 --a------ C:\WINDOWS\Tasks\At6.job
2008-01-01 04:00:00 350 --a------ C:\WINDOWS\Tasks\At5.job
2008-01-01 03:00:00 350 --a------ C:\WINDOWS\Tasks\At4.job
2007-12-31 22:00:00 350 --a------ C:\WINDOWS\Tasks\At23.job
2007-12-31 21:00:00 350 --a------ C:\WINDOWS\Tasks\At22.job


-- Files created between 2007-12-12 and 2008-01-12 -----------------------------

2007-12-30 04:09:26 94842 ---hs---- C:\WINDOWS\system32\stvwa.ini2
2007-12-27 16:22:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2007-12-24 11:46:24 37376 --a------ C:\WINDOWS\system32\qommnom.dll
2007-12-23 11:43:02 37376 --a------ C:\WINDOWS\system32\pmnonnn.dll
2007-12-22 11:39:55 37376 --a------ C:\WINDOWS\system32\khffcyw.dll
2007-12-22 09:35:23 37376 --a------ C:\WINDOWS\system32\ljjgfgg.dll
2007-12-21 23:56:36 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-21 23:49:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-12-21 23:48:21 0 d-------- C:\Program Files\Google
2007-12-21 23:32:28 37376 --a------ C:\WINDOWS\system32\urqqqqp.dll
2007-12-21 17:07:28 37376 --a------ C:\WINDOWS\system32\yayxuss.dll
2007-12-21 11:15:18 37376 --a------ C:\WINDOWS\system32\iiffded.dll
2007-12-21 09:30:03 37376 --a------ C:\WINDOWS\system32\wvuutuu.dll
2007-12-20 09:27:00 37376 --a------ C:\WINDOWS\system32\xxyvspp.dll
2007-12-19 14:26:41 37376 --a------ C:\WINDOWS\system32\iifdddd.dll
2007-12-18 14:22:34 37376 --a------ C:\WINDOWS\system32\nnnljhh.dll
2007-12-17 14:25:42 37376 --a------ C:\WINDOWS\system32\ljjkhfc.dll
2007-12-17 10:01:55 37376 --a------ C:\WINDOWS\system32\iiffcca.dll
2007-12-16 10:00:57 37376 --a------ C:\WINDOWS\system32\tuvurpo.dll
2007-12-14 20:55:12 37376 --a------ C:\WINDOWS\system32\gebyvss.dll
2007-12-13 08:29:25 0 d-------- C:\WINDOWS\network diagnostic


-- Find3M Report ---------------------------------------------------------------

2008-01-12 17:29:25 92566 ---hs---- C:\WINDOWS\system32\stvwa.bak2
2008-01-10 15:02:08 92489 ---hs---- C:\WINDOWS\system32\stvwa.bak1
2008-01-03 15:19:37 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-12-07 17:43:16 74260 --a------ C:\WINDOWS\system32\bmdndopp.exe
2007-12-06 17:41:26 74260 --a------ C:\WINDOWS\system32\jjrgwoiw.exe
2007-12-01 15:04:40 0 d-------- C:\Program Files\Gravity
2007-12-01 03:05:17 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-17 15:41:38 0 d-------- C:\Program Files\ZNRO Server
2007-11-06 08:09:40 75284 --a------ C:\WINDOWS\system32\bxchtirf.exe <Not Verified; ; DDC>
2007-11-05 09:18:28 75284 --a------ C:\WINDOWS\system32\xthsptxm.exe <Not Verified; ; DDC>
2007-11-04 09:18:16 75284 --a------ C:\WINDOWS\system32\olkxwafh.exe <Not Verified; ; DDC>
2007-11-03 09:18:16 75284 --a------ C:\WINDOWS\system32\qpxssoea.exe <Not Verified; ; DDC>
2007-11-02 19:16:01 75284 --a------ C:\WINDOWS\system32\xyhpipsy.exe <Not Verified; ; DDC>
2007-11-02 08:47:03 75284 --a------ C:\WINDOWS\system32\xcdrdwiu.exe <Not Verified; ; DDC>
2007-11-01 08:47:01 75284 --a------ C:\WINDOWS\system32\jtkbdqfq.exe <Not Verified; ; DDC>
2007-10-31 18:26:20 75284 --a------ C:\WINDOWS\system32\mmvhiiuq.exe <Not Verified; ; DDC>
2007-10-30 18:26:19 75284 --a------ C:\WINDOWS\system32\xkjrcwtx.exe <Not Verified; ; DDC>
2007-10-30 11:46:04 75284 --a------ C:\WINDOWS\system32\tblrdybv.exe <Not Verified; ; DDC>
2007-10-29 23:15:17 75284 --a------ C:\WINDOWS\system32\trmipexc.exe <Not Verified; ; DDC>
2007-10-29 21:52:02 75284 --a------ C:\WINDOWS\system32\gcdnrbsa.exe <Not Verified; ; DDC>
2007-10-28 21:52:01 75284 --a------ C:\WINDOWS\system32\pjjvrcqm.exe <Not Verified; ; DDC>
2007-10-28 20:54:11 75284 --a------ C:\WINDOWS\system32\tohgxykh.exe <Not Verified; ; DDC>
2007-10-27 20:53:01 75284 --a------ C:\WINDOWS\system32\mmguuvgx.exe <Not Verified; ; DDC>
2007-10-27 13:28:14 75284 --a------ C:\WINDOWS\system32\nvqnbdum.exe <Not Verified; ; DDC>
2007-10-27 10:15:10 75284 --a------ C:\WINDOWS\system32\pgfmdtmt.exe <Not Verified; ; DDC>
2007-10-26 07:54:31 75284 --a------ C:\WINDOWS\system32\ystjoign.exe <Not Verified; ; DDC>
2007-10-25 20:08:53 75284 --a------ C:\WINDOWS\system32\mujgktdw.exe <Not Verified; ; DDC>
2007-10-25 14:11:56 75284 --a------ C:\WINDOWS\system32\sfgvkoii.exe <Not Verified; ; DDC>
2007-10-24 14:18:15 75284 --a------ C:\WINDOWS\system32\jgcxxwpk.exe <Not Verified; ; DDC>
2007-10-24 14:03:50 75284 --a------ C:\WINDOWS\system32\tybvbile.exe <Not Verified; ; DDC>
2007-10-23 14:01:35 75284 --a------ C:\WINDOWS\system32\ljxurelg.exe <Not Verified; ; DDC>
2007-10-22 15:55:06 75284 --a------ C:\WINDOWS\system32\eykouuha.exe <Not Verified; ; DDC>
2007-10-22 13:44:30 75284 --a------ C:\WINDOWS\system32\hfbhjuvx.exe <Not Verified; ; DDC>
2007-10-21 13:44:30 75284 --a------ C:\WINDOWS\system32\kqjrllxw.exe <Not Verified; ; DDC>
2007-10-20 17:38:00 75284 --a------ C:\WINDOWS\system32\yqjvnoow.exe <Not Verified; ; DDC>
2007-10-19 17:35:48 75284 --a------ C:\WINDOWS\system32\qbawipqw.exe <Not Verified; ; DDC>
2007-10-19 09:03:32 75284 --a------ C:\WINDOWS\system32\dxtuseay.exe <Not Verified; ; DDC>
2007-10-18 08:16:45 75284 --a------ C:\WINDOWS\system32\huujpenv.exe <Not Verified; ; DDC>
2007-10-17 18:33:21 75284 --a------ C:\WINDOWS\system32\nfwrcbde.exe <Not Verified; ; DDC>
2007-10-16 18:35:58 75284 --a------ C:\WINDOWS\system32\moojbppu.exe <Not Verified; ; DDC>
2007-10-15 18:33:19 75284 --a------ C:\WINDOWS\system32\opgvcwhp.exe <Not Verified; ; DDC>
2007-10-14 18:32:59 75284 --a------ C:\WINDOWS\system32\nteobhjo.exe <Not Verified; ; DDC>
2007-10-14 17:05:44 75284 --a------ C:\WINDOWS\system32\ryahgept.exe <Not Verified; ; DDC>
2007-10-14 13:27:32 75284 --a------ C:\WINDOWS\system32\thvqfvym.exe <Not Verified; ; DDC>
2007-10-13 21:24:57 75284 --a------ C:\WINDOWS\system32\quqohebd.exe <Not Verified; ; DDC>
2007-10-13 19:40:52 75284 --a------ C:\WINDOWS\system32\lpwqtigm.exe <Not Verified; ; DDC>
2007-10-13 15:24:33 75284 --a------ C:\WINDOWS\system32\hklpclvn.exe <Not Verified; ; DDC>
2007-10-12 15:24:32 75284 --a------ C:\WINDOWS\system32\upwifrxf.exe <Not Verified; ; DDC>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000062-2E5F-4AF7-986E-5B64E0951A96}]
02/23/2005 05:33 PM 253952 --a------ C:\WINDOWS\imGiant.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\ddcywxx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A51900D-AF1E-4D1A-BA61-E7675A67A70d}]
08/19/2007 04:15 PM 121364 --a------ C:\WINDOWS\system32\hdsninvm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}]
03/09/2005 02:00 PM 96256 --a------ C:\Program Files\SideFind\sfbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6AD991A-0127-4555-9775-9A7CDC8DCF9A}]
08/11/2007 12:04 PM 285273 --ahs---- C:\WINDOWS\system32\awvts.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}]
C:\WINDOWS\system32\spntfddr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1412445-4FF8-410e-8D24-F2CF86B171A4}]
12/29/2005 01:19 PM 143360 --a------ C:\Program Files\PeDevice\PeDev.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4002052-AB29-4B33-8C8D-0E99084564EC}]
C:\WINDOWS\system32\vtuspqr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:31 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [08/17/2003 12:24 AM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/17/2003 12:25 AM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/17/2003 12:25 AM]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"Power Scan"="C:\Program Files\Power Scan\powerscan.exe" [03/09/2005 02:00 PM]
"webrebates"="C:\Program Files\WebRebates4\webrebates.exe" []
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/21/2007 03:10 AM]
"SystemOptimizer"="C:\WINDOWS\system32\qyhwcdtv.dll" []
"Windows AdService"="C:\Program Files\Windows AdService\WinAdServ.exe" [09/12/2007 07:24 PM]
"SYSTRAY"="C:\UNMT.EXE" []
"SearchIndexer"="C:\WINDOWS\system32\vljirkpm.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"Win32 USB2 Driver"="usb2.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" []
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe" [10/16/2003 09:49 PM]
"Bias Barb"="C:\DOCUME~1\Owner\APPLIC~1\RDRFUN~1\dupe way boob.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [12/21/2007 11:49 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Win32 USB2 Driver"=usb2.exe
"System"=rundl.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Win32 USB2 Driver"=usb2.exe
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe~ [10/16/2003 9:46:08 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [7/7/2003 3:20:40 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/18/1999 4:05:56 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F4002052-AB29-4B33-8C8D-0E99084564EC}"= C:\WINDOWS\system32\vtuspqr.dll [ ]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\ddcywxx.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"syshelps"= {5912C7BE-A0BC-4900-A74F-5590CC64CAC8} - systesrt32.dll [ ]
"prodigy1"= {DE5CA026-A372-43B9-9F9B-4B9D6F7A03F2} - prodigys323.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe C:\WINDOWS\system32\svohost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvts]
C:\WINDOWS\system32\awvts.dll 08/11/2007 12:04 PM 285273 C:\WINDOWS\system32\awvts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcywxx]
ddcywxx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqqqp]
urqqqqp.dll 12/21/2007 11:32 PM 37376 C:\WINDOWS\system32\urqqqqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuspqr]
vtuspqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuutuu]
wvuutuu.dll 12/21/2007 09:30 AM 37376 C:\WINDOWS\system32\wvuutuu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.trendmicro.com
127.0.0.1 trendmicro.com
127.0.0.1 rads.mcafee.com
127.0.0.1 customer.symantec.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 updates.symantec.com
127.0.0.1 update.symantec.com
127.0.0.1 www.nai.com
127.0.0.1 nai.com

26 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-12 18:23:21 ------------
Attached Files
File Type: txt extra.txt (14.3 KB, 3 views)
bryanchew is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-13-2008, 05:47 AM   #3 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 11
OS: window xp home edition


Re: Need help~~~ pc really dying =(
bump pls
bryanchew is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-14-2008, 01:12 AM   #4 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 11
OS: window xp home edition


Re: Need help~~~ pc really dying =(
bump pls
bryanchew is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-15-2008, 02:13 AM   #5 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 11
OS: window xp home edition


Re: Need help~~~ pc really dying =(
Why there is nobody helping me with my problem, my computer is really dying soon. Really need help!!
bryanchew is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-15-2008, 08:58 AM   #6 (permalink)
Expert Analyst, Moderator, Security Team
 
Join Date: Sep 2006
Posts: 1,541
OS: xp


Re: Need help~~~ pc really dying =(
Welcome bryanchew

Post a combofix log
1. Download this file - combofix.exe to your desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
alternate link
http://www.forospyware.com/sUBs/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
If you already have combofix re-download please as it is updated often.

---------------
Download the HijackThis Installer: http://www.trendsecure.com/portal/en...HJTInstall.exe
Save HJTInstall.exe to your desktop.
Double-click on HJTInstall.exe to run the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis.
Accept the license agreement by clicking the "I Accept" button.
click on the none of the above Just start the program button
click scan then save log and post that please.
__________________


Our help is voluntary. But this site needs donations to operate.
LonnyRJones is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-17-2008, 01:41 AM   #7 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 11
OS: window xp home edition


Re: Need help~~~ pc really dying =(
Hey i have scanned the using the combofix thing and this is wad i got

ComboFix 08-01-17.5 - Owner 2008-01-17 16:59:30.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\nfo
C:\Documents and Settings\All Users\Application Data.\nfo\keys.dat
C:\Documents and Settings\All Users\Application Data.\nfo\mon0104.dbd
C:\Documents and Settings\All Users\Application Data.\nfo\mon0106.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon0204.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon0315.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon0412.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon0504.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon0904.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon1125.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon1204.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon1215.dbd
C:\Documents and Settings\All Users\Application Data.\nfo\mon1909.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon1920.dbd
C:\Documents and Settings\All Users\Application Data.\nfo\mon2007.dbd
C:\Documents and Settings\All Users\Application Data.\vidmon
C:\Documents and Settings\All Users\Application Data.\vidmon\vidmon.inf
C:\Documents and Settings\All Users\Application Data.\vidmon\vidmonsh.inf
C:\Documents and Settings\Owner\Application Data\wtta.exe
C:\Documents and Settings\Owner\new.txt
C:\lswmv.ini
C:\Program Files\Common Files\uninstall information
C:\Program Files\Common Files\uninstall information\RemoveWebDP.exe
C:\Program Files\ISTsvc
C:\Program Files\pedevice
C:\Program Files\pedevice\communication.xml
C:\Program Files\pedevice\Domain.Watchlist.txt
C:\Program Files\pedevice\fixit2.exe
C:\Program Files\pedevice\pae-options.xml
C:\Program Files\pedevice\pae_url.xml
C:\Program Files\pedevice\PeDev.dll
C:\Program Files\pedevice\PeDev.exe
C:\Program Files\pedevice\pedevPS.dll
C:\Program Files\pedevice\Preparation.dll
C:\Program Files\pedevice\search.watchlist.txt
C:\Program Files\pedevice\stat_archive\2008-01-10
C:\Program Files\pedevice\stat_archive\2008-01-12
C:\Program Files\pedevice\statistic.xml
C:\Program Files\pedevice\tmp\tmp.html
C:\Program Files\pedevice\watchlist.xml
C:\Program Files\SideFind
C:\Program Files\SideFind\sfbho.dll
C:\Program Files\SideFind\sfexd001
C:\Program Files\SideFind\sidefind.dll
C:\Program Files\windows adstatus
C:\Program Files\windows adstatus\WinStatKeep.exe
C:\WINDOWS\180ax.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\6_exception.nls
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\bxchtirf.exe
C:\WINDOWS\system32\config\systemprofile\Application Data\wtta.exe
C:\WINDOWS\system32\dxtuseay.exe
C:\WINDOWS\system32\eykouuha.exe
C:\WINDOWS\system32\gcdnrbsa.exe
C:\WINDOWS\system32\hdsninvm.dll
C:\WINDOWS\system32\hfbhjuvx.exe
C:\WINDOWS\system32\huujpenv.exe
C:\WINDOWS\system32\jgcxxwpk.exe
C:\WINDOWS\system32\jkkhhhe.dll
C:\WINDOWS\system32\jtkbdqfq.exe
C:\WINDOWS\system32\kqjrllxw.exe
C:\WINDOWS\system32\ljxurelg.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mmguuvgx.exe
C:\WINDOWS\system32\mmvhiiuq.exe
C:\WINDOWS\system32\mujgktdw.exe
C:\WINDOWS\system32\nfomon
C:\WINDOWS\system32\nfomon\License.txt
C:\WINDOWS\system32\nfomon\nfo.ocx
C:\WINDOWS\system32\nfomon\nfom.dll
C:\WINDOWS\system32\nfomon\nfomon.ex_
C:\WINDOWS\system32\nfwrcbde.exe
C:\WINDOWS\system32\nvqnbdum.exe
C:\WINDOWS\system32\olkxwafh.exe
C:\WINDOWS\system32\pgfmdtmt.exe
C:\WINDOWS\system32\pjjvrcqm.exe
C:\WINDOWS\system32\pqtmocpj.dll
C:\WINDOWS\system32\qbawipqw.exe
C:\WINDOWS\system32\qpxssoea.exe
C:\WINDOWS\system32\sfgvkoii.exe
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.bak2
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\stvwa.ini2
C:\WINDOWS\system32\stvwa.tmp
C:\WINDOWS\system32\tblrdybv.exe
C:\WINDOWS\system32\tohgxykh.exe
C:\WINDOWS\system32\trmipexc.exe
C:\WINDOWS\system32\tybvbile.exe
C:\WINDOWS\system32\vidmon
C:\WINDOWS\system32\vidmon\vidmon.ex_
C:\WINDOWS\system32\wvuutuu.dll
C:\WINDOWS\system32\xcdrdwiu.exe
C:\WINDOWS\system32\xkjrcwtx.exe
C:\WINDOWS\system32\xthsptxm.exe
C:\WINDOWS\system32\xyhpipsy.exe
C:\WINDOWS\system32\yqjvnoow.exe
C:\WINDOWS\system32\ystjoign.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
-------\runtime


((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-17 16:55 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 17:16 . 2008-01-17 16:50 <DIR> d-------- C:\Program Files\Cheat Engine
2008-01-12 18:14 . 2008-01-12 18:14 <DIR> d-------- C:\Deckard
2007-12-30 13:55 . 2007-12-30 13:55 268 --ah----- C:\sqmdata19.sqm
2007-12-30 13:55 . 2007-12-30 13:55 244 --ah----- C:\sqmnoopt19.sqm
2007-12-24 11:46 . 2007-12-24 11:46 37,376 --a------ C:\WINDOWS\system32\qommnom.dll
2007-12-23 11:43 . 2007-12-23 11:43 37,376 --a------ C:\WINDOWS\system32\pmnonnn.dll
2007-12-22 11:39 . 2007-12-22 11:39 37,376 --a------ C:\WINDOWS\system32\khffcyw.dll
2007-12-22 09:35 . 2007-12-22 09:35 37,376 --a------ C:\WINDOWS\system32\ljjgfgg.dll
2007-12-21 23:56 . 2007-12-22 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-21 23:48 . 2007-12-22 09:28 <DIR> d-------- C:\Program Files\Google
2007-12-21 23:32 . 2007-12-21 23:32 37,376 --a------ C:\WINDOWS\system32\urqqqqp.dll
2007-12-21 17:07 . 2007-12-21 17:07 37,376 --a------ C:\WINDOWS\system32\yayxuss.dll
2007-12-21 11:15 . 2007-12-21 11:15 37,376 --a------ C:\WINDOWS\system32\iiffded.dll
2007-12-20 09:27 . 2007-12-20 09:27 37,376 --a------ C:\WINDOWS\system32\xxyvspp.dll
2007-12-19 14:26 . 2007-12-19 14:26 37,376 --a------ C:\WINDOWS\system32\iifdddd.dll
2007-12-18 14:22 . 2007-12-18 14:22 37,376 --a------ C:\WINDOWS\system32\nnnljhh.dll
2007-12-17 14:25 . 2007-12-17 14:25 37,376 --a------ C:\WINDOWS\system32\ljjkhfc.dll
2007-12-17 10:01 . 2007-12-17 10:01 37,376 --a------ C:\WINDOWS\system32\iiffcca.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-12 16:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\Hamachi
2008-01-03 07:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2007-12-01 07:04 --------- d-----w C:\Program Files\Gravity
2007-11-30 19:05 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-17 07:41 --------- d-----w C:\Program Files\ZNRO Server
2004-07-27 00:17 32 --sha-w C:\WINDOWS\{2A9D1721-1D2A-4DFA-BA52-EDBEDC8EEDBD}.dat
2004-12-03 02:39 32 --sha-w C:\WINDOWS\{8F7469FB-3F8A-4C82-892C-44218CCE49AA}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000062-2E5F-4AF7-986E-5B64E0951A96}]
2005-02-23 17:33 253952 --a------ C:\WINDOWS\imGiant.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"Win32 USB2 Driver"="usb2.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe" [2003-10-16 21:49 159744]
"Bias Barb"="C:\DOCUME~1\Owner\APPLIC~1\RDRFUN~1\dupe way boob.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-21 23:49 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:31 208952]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2003-08-17 00:24 59392]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-08-17 00:25 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-08-17 00:25 455168]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"Power Scan"="C:\Program Files\Power Scan\powerscan.exe" [2005-03-09 14:00 8494]
"webrebates"="C:\Program Files\WebRebates4\webrebates.exe" [ ]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 03:10 579072]
"Windows AdService"="C:\Program Files\Windows AdService\WinAdServ.exe" [2007-09-12 19:24 25088]
"SYSTRAY"="C:\UNMT.EXE" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Win32 USB2 Driver"="usb2.exe" []
"System"="rundl.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Win32 USB2 Driver"="usb2.exe" []
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 03:10 219136]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe~ [2003-10-16 21:46:08]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 15:20:40]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 04:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcywxx]
ddcywxx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqqqp]
urqqqqp.dll 2007-12-21 23:32 37376 C:\WINDOWS\system32\urqqqqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuspqr]
vtuspqr.dll


.
Contents of the 'Scheduled Tasks' folder
"2008-01-17 09:00:06 C:\WINDOWS\Tasks\AC2996A4918A12AC.job"
- c:\docume~1\owner\applic~1\rdrfun~1\loadjunkbits.exe
"2008-01-12 16:00:03 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-17 01:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-17 02:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-17 03:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-17 04:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-17 05:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-17 06:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-17 07:00:01 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-17 08:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-17 09:00:07 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-14 10:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-12 17:00:02 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-07 11:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-07 12:00:01 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2007-12-31 13:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2007-12-31 14:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-05 15:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-12 18:00:05 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2007-12-31 19:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2007-12-31 20:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2007-12-31 21:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2007-12-31 22:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2007-12-31 23:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-17 00:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-17 08:24:23 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-17 09:29:06 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 17:24:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 17:34:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-17 09:34:36
.
2008-01-12 09:22:57 --- E O F ---
bryanchew is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-17-2008, 01:49 AM   #8 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 11
OS: window xp home edition


Re: Need help~~~ pc really dying =(
After i used the HJTinstall.exe to scan the results i got is this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:38 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows AdService\WinAdServ.exe
C:\Program Files\Windows AdService\WinAdSlave.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: imGiantObj Class - {00000062-2E5F-4AF7-986E-5B64E0951A96} - C:\WINDOWS\imGiant.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe
O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] usb2.exe
O4 - HKLM\..\RunServices: [System] rundl.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] usb2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Bias Barb] C:\DOCUME~1\Owner\APPLIC~1\RDRFUN~1\dupe way boob.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Win32 USB2 Driver] usb2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Win32 USB2 Driver] usb2.exe (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/229?6cf0b46766374fe2a2db526893acfb41
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/230?6cf0b46766374fe2a2db526893acfb41
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62.../bridge-c6.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2870AA73-0682-4073-8A40-CE710F492E9D} - http://www.winicon.net/winicon/winicon.cab
O16 - DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} (Speed Class) - http://www.singnet.com.sg/technical/.../SpeedCtrl.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installd...eanerstart.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://apgateway.fngroup.com.sg/,Da...a+iNotes6W.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://apgateway.fngroup.com.sg/dan...erSetupSP1.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O20 - Winlogon Notify: ddcywxx - ddcywxx.dll (file missing)
O20 - Winlogon Notify: urqqqqp - C:\WINDOWS\SYSTEM32\urqqqqp.dll
O20 - Winlogon Notify: vtuspqr - vtuspqr.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Manager - Unknown owner - C:\WINDOWS\service.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe (file missing)

--
End of file - 9531 bytes
bryanchew is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-19-2008, 01:33 AM   #9 (permalink)
Expert Analyst, Moderator, Security Team
 
Join Date: Sep 2006
Posts: 1,541
OS: xp


Re: Need help~~~ pc really dying =(
In the windows control panel > addremove programs uninstall Messenger Plus!'s "sponser"
Messenger Plus! Live & Sponsor



Start Hijackthis Scan and place a check next to these items If there.
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62.../bridge-c6.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installd...eanerstart.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab
====================================
Hit fix checked and close Hijackthis.

Launch Notepad (Important, not wordpad or other third party text editor), and copy and paste the contents
of the code box below into a new text file. (dont include the word code)
Save it as file name: cfscript.txt
Code:
file::
C:\WINDOWS\Tasks\AC2996A4918A12AC.job
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\system32\JD363RLT.exe
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\system32\urqqqqp.dll
C:\WINDOWS\imGiant.dll
C:\WINDOWS\system32\yayxuss.dll
C:\WINDOWS\system32\iiffded.dll
C:\WINDOWS\system32\xxyvspp.dll
C:\WINDOWS\system32\iifdddd.dll
C:\WINDOWS\system32\nnnljhh.dll
C:\WINDOWS\system32\ljjkhfc.dll
C:\WINDOWS\system32\iiffcca.dll
C:\WINDOWS\system32\qommnom.dll
C:\WINDOWS\system32\pmnonnn.dll
C:\WINDOWS\system32\khffcyw.dll
C:\WINDOWS\system32\ljjgfgg.dll
driver::
Service Manager
folder::
c:\docume~1\owner\applic~1\rdrfun~1
C:\Program Files\Power Scan
C:\Program Files\WebRebates4
registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcywxx]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqqqp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuspqr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Win32 USB2 Driver"=-
"System"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Win32 USB2 Driver"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"=-
"Win32 USB2 Driver"=-
"Bias Barb"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000062-2E5F-4AF7-986E-5B64E0951A96}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power Scan"=-
"webrebates"=-
"Windows AdService"=-
"SYSTRAY"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad support for imGiant]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media-motor]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Access]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uninstall 180search Assistant]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebDP 2.07]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebSearch]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows AdService]
killall::
http://users.pandora.be/bluepatchy/m...s/CFScript.gif
As in the picture above drag and drop cfscript.txt onto combofix.exe
when it is finished a text will open, post it.
__________________


Our help is voluntary. But this site needs donations to operate.
Last edited by LonnyRJones; 01-19-2008 at 01:35 AM.
LonnyRJones is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-19-2008, 09:17 AM   #10 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 11
OS: window xp home edition


Re: Need help~~~ pc really dying =(
ComboFix 08-01-17.5 - Owner 2008-01-19 19:23:59.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.77 [GMT 8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\cfscript.txt
* Created a new restore point

FILE
C:\WINDOWS\imGiant.dll
C:\WINDOWS\system32\iifdddd.dll
C:\WINDOWS\system32\iiffcca.dll
C:\WINDOWS\system32\iiffded.dll
C:\WINDOWS\system32\JD363RLT.exe
C:\WINDOWS\system32\khffcyw.dll
C:\WINDOWS\system32\ljjgfgg.dll
C:\WINDOWS\system32\ljjkhfc.dll
C:\WINDOWS\system32\nnnljhh.dll
C:\WINDOWS\system32\pmnonnn.dll
C:\WINDOWS\system32\qommnom.dll
C:\WINDOWS\system32\urqqqqp.dll
C:\WINDOWS\system32\xxyvspp.dll
C:\WINDOWS\system32\yayxuss.dll
C:\WINDOWS\Tasks\AC2996A4918A12AC.job
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\owner\applic~1\rdrfun~1
c:\docume~1\owner\applic~1\rdrfun~1\0
C:\Program Files\Power Scan
C:\Program Files\Power Scan\powerscan.ex_
C:\Program Files\Power Scan\powerscan.exe
C:\WINDOWS\imGiant.dll
C:\WINDOWS\system32\iifdddd.dll
C:\WINDOWS\system32\iiffcca.dll
C:\WINDOWS\system32\iiffded.dll
C:\WINDOWS\system32\khffcyw.dll
C:\WINDOWS\system32\ljjgfgg.dll
C:\WINDOWS\system32\ljjkhfc.dll
C:\WINDOWS\system32\nnnljhh.dll
C:\WINDOWS\system32\pmnonnn.dll
C:\WINDOWS\system32\qommnom.dll
C:\WINDOWS\system32\urqqqqp.dll
C:\WINDOWS\system32\xxyvspp.dll
C:\WINDOWS\system32\yayxuss.dll
C:\WINDOWS\Tasks\AC2996A4918A12AC.job
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SERVICE_MANAGER
-------\Service Manager


((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
.

2008-01-19 18:20 . 2008-01-19 18:39 <DIR> d-------- C:\Program Files\StaRO
2008-01-17 17:40 . 2008-01-17 17:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-17 16:55 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 18:14 . 2008-01-12 18:14 <DIR> d-------- C:\Deckard
2007-12-30 13:55 . 2007-12-30 13:55 268 --ah----- C:\sqmdata19.sqm
2007-12-30 13:55 . 2007-12-30 13:55 244 --ah----- C:\sqmnoopt19.sqm
2007-12-21 23:56 . 2007-12-22 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-21 23:48 . 2007-12-22 09:28 <DIR> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 10:58 --------- d-----w C:\Program Files\MSN Messenger
2008-01-19 05:19 --------- d-----w C:\Program Files\ZNRO Server
2008-01-19 03:43 --------- d-----w C:\Program Files\Gravity
2008-01-19 03:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-12 16:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\Hamachi
2008-01-03 07:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2007-11-30 19:05 --------- d-----w C:\Program Files\Windows Live Toolbar
2004-07-27 00:17 32 --sha-w C:\WINDOWS\{2A9D1721-1D2A-4DFA-BA52-EDBEDC8EEDBD}.dat
2004-12-03 02:39 32 --sha-w C:\WINDOWS\{8F7469FB-3F8A-4C82-892C-44218CCE49AA}.dat
.

((((((((((((((((((((((((((((( snapshot@2008-01-17_17.33.54.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 08:57:21 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-19 11:23:30 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-17 08:57:22 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-19 11:23:31 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-17 08:57:22 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-19 11:23:31 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-17 08:57:23 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-19 11:23:31 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-17 08:57:24 4,722,688 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-19 11:23:31 4,870,144 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-17 08:57:25 331,776 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-19 11:23:31 331,776 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
- 2003-03-19 04:20:00 1,060,864 ----a-w C:\WINDOWS\mfc71.dll
+ 2003-03-18 13:20:00 1,060,864 ----a-w C:\WINDOWS\mfc71.dll
- 2004-01-12 07:00:00 348,160 ----a-w C:\WINDOWS\msvcr71.dll
+ 2004-01-11 16:00:00 348,160 ----a-w C:\WINDOWS\msvcr71.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe" [2003-10-16 21:49 159744]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-21 23:49 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:31 208952]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2003-08-17 00:24 59392]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-08-17 00:25 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-08-17 00:25 455168]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 03:10 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 03:10 219136]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe~ [2003-10-16 21:46:08]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 15:20:40]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 04:05:56]

S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys []
S3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 13:58]
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 13:58]
S3 Dua1;Dua1;C:\Documents and Settings\Owner\Desktop\DualEngine2\DualEngi.sys []

.
Contents of the 'Scheduled Tasks' folder
"2007-12-31 14:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-12 18:00:05 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\JD363RLT.exe
"2008-01-19 11:24:08 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-19 09:29:16 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 19:35:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-19 19:44:46 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-01-19 11:44:42
ComboFix2.txt 2008-01-17 09:34:41
.
2008-01-12 09:22:57 --- E O F ---
bryanchew is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-20-2008, 02:36 AM   #11 (permalink)
Expert Analyst, Moderator, Security Team
 
Join Date: Sep 2006
Posts: 1,541
OS: xp


Re: Need help~~~ pc really dying =(
Any Improvment ?


Download then install AVG Anti-Rootkit Free
http://free.grisoft.com/doc/39798/lng/us/tpl/v5e
fallow the prompts to restart your pc then run the program and do an indepth search,
when its finished If any items are found press save results and post it in your next reply, then Close the program.


Download AVG Anti Spyware
  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the main Status screen, under Your Computer's Security, click Resident Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Do Not Automatically generate report after every scan"
    • Click Scanner
    • Click on the Scan tab
    • Click Complete System Scan to begin scanning. Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Post or attach that report
__________________


Our help is voluntary. But this site needs donations to operate.
Last edited by LonnyRJones; 01-20-2008 at 02:38 AM.
LonnyRJones is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 03:52 AM   #12 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 11
OS: window xp home edition


Re: Need help~~~ pc really dying =(
I got this while scanning the second link you asked me to download:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:33:05 PM 1/22/2008

+ Scan result:



C:\Program Files\180Solutions\sais.ex_ -> Adware.180Solutions : No action taken.
C:\QooBox\Quarantine\C\WINDOWS\180ax.exe.vir -> Adware.180Solutions : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP358\A0362963.exe -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\sais -> Adware.180Solutions : No action taken.
HKU\S-1-5-21-2999089190-3860465486-2027363602-1003\Software\sais -> Adware.180Solutions : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\DrTemp\thin-143-1-x-x.exe -> Adware.BetterInternet : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\THI2CD4.tmp\IMGUninst.exe -> Adware.BetterInternet : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\THI2CD4.tmp\adrmimg.cab/IMGUninst.exe -> Adware.BetterInternet : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\THI747D.tmp\imGiant.cab/imGiant.dll -> Adware.BetterInternet : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\THI747D.tmp\imGiant.dll -> Adware.BetterInternet : No action taken.
C:\QooBox\Quarantine\C\WINDOWS\imGiant.dll.vir -> Adware.BetterInternet : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363127.dll -> Adware.BetterInternet : No action taken.
C:\WINDOWS\IMGUninst.exe -> Adware.BetterInternet : No action taken.
C:\Program Files\Admanager Controller -> Adware.BlazeFind : No action taken.
C:\Program Files\Admanager Controller\AdManComm.dll -> Adware.BlazeFind : No action taken.
C:\Program Files\Admanager Controller\AdManCtl.exe -> Adware.BlazeFind : No action taken.
C:\Program Files\Admanager Controller\AdManKeep.exe -> Adware.BlazeFind : No action taken.
C:\Program Files\Admanager Controller\Info.txt -> Adware.BlazeFind : No action taken.
C:\Program Files\Admanager Controller\Untitled Folder -> Adware.BlazeFind : No action taken.
HKLM\SOFTWARE\Classes\VCCPGDATAACCESS.PgDataAccessCtrl.1 -> Adware.Delfin : No action taken.
HKLM\SOFTWARE\motoin -> Adware.Delfin : No action taken.
C:\QooBox\Quarantine\C\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe.vir -> Adware.DelphinMediaViewer : No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\nfomon\nfo.ocx.vir -> Adware.DelphinMediaViewer : No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\nfomon\nfom.dll.vir -> Adware.DelphinMediaViewer : No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\nfomon\nfomon.ex_.vir -> Adware.DelphinMediaViewer : No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\vidmon\vidmon.ex_.vir -> Adware.DelphinMediaViewer : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP358\A0362953.exe -> Adware.DelphinMediaViewer : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP358\A0362960.ocx -> Adware.DelphinMediaViewer : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP358\A0362961.dll -> Adware.DelphinMediaViewer : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\2937484.dll -> Adware.EliteBar : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\441000.dll -> Adware.EliteBar : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\627500.dll -> Adware.EliteBar : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\705937.dll -> Adware.EliteBar : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\774750.dll -> Adware.EliteBar : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\810625.dll -> Adware.EliteBar : No action taken.
C:\Documents and Settings\Default User\Local Settings\Temp\tmp187015.tmp -> Adware.EliteBar : No action taken.
C:\Documents and Settings\Default User\Local Settings\Temp\tmp508921.tmp -> Adware.EliteBar : No action taken.
C:\Documents and Settings\Default User\Local Settings\Temp\tmp659718.tmp -> Adware.EliteBar : No action taken.
C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll -> Adware.EliteBar : No action taken.
C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll -> Adware.EliteBar : No action taken.
C:\WINDOWS\sideb.exe -> Adware.EliteBar : No action taken.
HKU\S-1-5-21-2999089190-3860465486-2027363602-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\ISTsvc -> Adware.ISTBar : No action taken.
HKLM\SOFTWARE\ISTsvc\history -> Adware.ISTBar : No action taken.
C:\Program Files\Media Access -> Adware.MediaAccess : No action taken.
C:\Program Files\Media Access\Info.txt -> Adware.MediaAccess : No action taken.
C:\Program Files\Media Access\MediaAccC.dll -> Adware.MediaAccess : No action taken.
C:\Program Files\Media Access\MediaAccK.ex_ -> Adware.MediaAccess : No action taken.
C:\Program Files\Media Access\MediaAccess.exe -> Adware.MediaAccess : No action taken.
C:\WINDOWS\mmbun2.exe -> Adware.MediaMotor : No action taken.
C:\WINDOWS\unstall.exe -> Adware.MediaMotor : No action taken.
HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl -> Adware.MediaMotor : No action taken.
HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl\Clsid -> Adware.MediaMotor : No action taken.
HKU\S-1-5-21-2999089190-3860465486-2027363602-1003\Software\pynix -> Adware.MediaMotor : No action taken.
HKU\S-1-5-21-2999089190-3860465486-2027363602-1003\Software\PowerScan -> Adware.PowerScan : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\rs.exe -> Adware.PurityScan : No action taken.
C:\Documents and Settings\Default User\Application Data\wtta.exe -> Adware.PurityScan : No action taken.
C:\Documents and Settings\Default User\Local Settings\Temp\rs.exe -> Adware.PurityScan : No action taken.
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\wtta.exe.vir -> Adware.PurityScan : No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Application Data\wtta.exe.vir -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP358\A0362910.exe -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP358\A0362911.exe -> Adware.PurityScan : No action taken.
C:\QooBox\Quarantine\C\Program Files\SideFind\sfbho.dll.vir -> Adware.SideFind : No action taken.
C:\QooBox\Quarantine\C\Program Files\SideFind\sidefind.dll.vir -> Adware.SideFind : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP358\A0362949.dll -> Adware.SideFind : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP358\A0362950.dll -> Adware.SideFind : No action taken.
HKLM\SOFTWARE\Classes\SideFind.Finder -> Adware.SideFind : No action taken.
HKLM\SOFTWARE\Classes\SideFind.Finder.1 -> Adware.SideFind : No action taken.
HKLM\SOFTWARE\Classes\SideFind.Finder\CLSID -> Adware.SideFind : No action taken.
HKLM\SOFTWARE\Classes\SideFind.Finder\CurVer -> Adware.SideFind : No action taken.
HKLM\SOFTWARE\Microsoft\SideFind -> Adware.SideFind : No action taken.
HKLM\SOFTWARE\SideFind -> Adware.SideFind : No action taken.
HKLM\SOFTWARE\SideFind\History -> Adware.SideFind : No action taken.
C:\Program Files\WebSearch -> Adware.TopMoxie : No action taken.
C:\Program Files\WebSearch\WebSearch.dll -> Adware.TopMoxie : No action taken.
C:\Program Files\WebSearch\WebSearch.ex_ -> Adware.TopMoxie : No action taken.
C:\Program Files\WebSearch\uninstall.exe -> Adware.TopMoxie : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP319\A0356708.dll -> Adware.WebRebates : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP319\A0356709.dll -> Adware.WebRebates : No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : No action taken.
C:\WINDOWS\wt\updater\install\wcmdmgr.exe -> Adware.Wildtangent : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\ICD1.tmp\WinStatX.dll -> Adware.WinAD : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\ICD2.tmp\MediaPassX.dll -> Adware.WinAD : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\AdmilliServX.dll -> Adware.WinAD : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\MediaAccX.dll -> Adware.WinAD : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\WinStatX.dll -> Adware.WinAD : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\lc.exe -> Adware.WinAD : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\loud.exe -> Adware.WinAD : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\~124.exe -> Adware.WinAD : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\~132.exe -> Adware.WinAD : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\~136.exe -> Adware.WinAD : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\~172.exe -> Adware.WinAD : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\~17C.exe -> Adware.WinAD : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\~182.exe -> Adware.WinAD : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\~18C.exe -> Adware.WinAD : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\~19A.exe -> Adware.WinAD : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\~4.exe -> Adware.WinAD : No action taken.
C:\Documents and Settings\Default User\Local Settings\Temp\ICD1.tmp\WinStatX.dll -> Adware.WinAD : No action taken.
C:\FuckBush.exe -> Adware.WinAD : No action taken.
C:\Program Files\AdTools Service\AdTools.exe -> Adware.WinAD : No action taken.
C:\Program Files\AdTools Service\AdToolsComm.dll -> Adware.WinAD : No action taken.
C:\Program Files\AdTools Service\AdToolsKeep.exe -> Adware.WinAD : No action taken.
C:\Program Files\Media Pass\MediaPass.exe -> Adware.WinAD : No action taken.
C:\Program Files\Media Pass\MediaPassC.dll -> Adware.WinAD : No action taken.
C:\Program Files\Media Pass\MediaPassK.exe -> Adware.WinAD : No action taken.
C:\Program Files\Windows AdService\WinAdMaster.dll -> Adware.WinAD : No action taken.
C:\Program Files\Windows AdService\WinAdServ.exe -> Adware.WinAD : No action taken.
C:\QooBox\Quarantine\C\Program Files\Windows AdStatus\WinStatKeep.exe.vir -> Adware.WinAD : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP358\A0362959.exe -> Adware.WinAD : No action taken.
C:\WINDOWS\system32\loudc.exe -> Adware.WinAD : No action taken.
C:\WinFuck.exe -> Adware.WinAD : No action taken.
C:\Winads.exe -> Adware.WinAD : No action taken.
HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Adware.WinAd : No action taken.
HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Adware.WinAd : No action taken.
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Adware.WinAd : No action taken.
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Adware.WinAd : No action taken.
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Adware.WinAd : No action taken.
HKLM\SOFTWARE\Media Access -> Adware.WinAD : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\WinWildApp.exe -> Adware.WinFetcher : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\ov.exe -> Adware.WinFetcher : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\update_1.exe -> Adware.WinFetcher : No action taken.
C:\Program Files\AdStatus Service -> Adware.WinTaskAd : No action taken.
C:\Program Files\AdStatus Service\AdStatComm.dll -> Adware.WinTaskAd : No action taken.
C:\Program Files\AdStatus Service\AdStatKeep.exe -> Adware.WinTaskAd : No action taken.
C:\Program Files\AdStatus Service\AdStatServ.exe -> Adware.WinTaskAd : No action taken.
C:\Program Files\AdStatus Service\Info.txt -> Adware.WinTaskAd : No action taken.
C:\jutt.exe -> Backdoor.SdBot.amv : No action taken.
C:\WINDOWS\mtu.bat -> Backdoor.Secdrop.fw : No action taken.
C:\deds2.exe/mtu.bat -> Backdoor.Secdrop.fw : No action taken.
C:\mediaded.exe/mtu.bat -> Backdoor.Secdrop.fw : No action taken.
C:\sp5updated.exe/mtu.bat -> Backdoor.Secdrop.fw : No action taken.
C:\wrdpad2.exe/mtu.bat -> Backdoor.Secdrop.fw : No action taken.
C:\WINDOWS\system32\pwn -> Downloader.Ftp.an : No action taken.
C:\WINDOWS\system32\ntcfg -> Downloader.Ftp.i : No action taken.
C:\WINDOWS\system32\tommynub -> Downloader.Ftp.i : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\UDC6_0001_D21M0303NetInstaller.exe -> Downloader.Small : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\fljxdyvw.exe -> Downloader.Tiny.id : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\ggocccht.exe -> Downloader.Tiny.id : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\gmfcuisf.exe -> Downloader.Tiny.id : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\jkiwoprx.exe -> Downloader.Tiny.id : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363703.exe -> Downloader.Tiny.id : No action taken.
C:\Documents and Settings\Default User\Local Settings\Temp\tmp702093.tmp -> Hijacker.StartPage.nk : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\bephgtoc.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\bphlecam.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\clbvetbf.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\cllevlsm.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\dclmegti.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\ertuvagd.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\feafsdbb.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\ffspscxp.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\ghykcvwj.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\hmgfmrvo.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\iogsoakt.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\kvwbuhjv.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\kwblitrv.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\lkfwulfa.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\ltifpalr.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\mlbbccdx.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\oauqpwye.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\ojwtathd.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\omtbnawl.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\oxuvpbgj.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\pkkskyei.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\pxqrirff.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363704.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363706.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363709.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363710.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363711.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363712.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363713.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363715.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363718.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363719.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363722.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363725.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363726.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363728.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363729.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363730.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363733.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363734.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363735.dll -> Logger.VBStat.h : No action taken.
C:\System Volume Information\_restore{F0C669DE-0A35-41EA-937E-C1296D6909A5}\RP360\A0363736.dll -> Logger.VBStat.h : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\removalfile.bat -> Not-A-Virus.Adware.Virtumonde : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\ICD4.tmp\WinAntiSpyware2007FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\WinAntiSpyware2007FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\ICD5.tmp\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for zenosengine2.6.zip\zenosengine2.6\zenos.sys -> Rootkit.Agent : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for zenosengine2.6[1].zip\zenosengine2.6\zenos.sys -> Rootkit.Agent : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for zenosengine2.6.zip\zenosengine2.6\zenos.sys -> Rootkit.Agent : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for zenosengine2.6[1].zip\zenosengine2.6\zenos.sys -> Rootkit.Agent : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@2o7[3].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@2o7[3].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@2o7[4].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@shopping.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@2o7[3].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@z1.adserver[2].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[2].txt -> TrackingCookie.Adserver : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@z1.adserver[2].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@advertising[3].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@advertising[4].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@servedby.advertising[3].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@servedby.advertising[4].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@advertising[3].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@advertising[4].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[3].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[4].txt -> TrackingCookie.Advertising : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@advertising[3].txt -> TrackingCookie.Advertising : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@advertising[4].txt -> TrackingCookie.Advertising : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@servedby.advertising[3].txt -> TrackingCookie.Advertising : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@servedby.advertising[4].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@atdmt[3].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@atdmt[4].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[3].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[4].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[5].txt -> TrackingCookie.Atdmt : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@atdmt[3].txt -> TrackingCookie.Atdmt : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@atdmt[4].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@casalemedia[3].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@casalemedia[5].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[3].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[5].txt -> TrackingCookie.Casalemedia : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@casalemedia[3].txt -> TrackingCookie.Casalemedia : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@casalemedia[5].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@centrport[1].txt -> TrackingCookie.Centrport : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@centrport[2].txt -> TrackingCookie.Centrport : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@centrport[1].txt -> TrackingCookie.Centrport : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@centrport[2].txt -> TrackingCookie.Centrport : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@centrport[1].txt -> TrackingCookie.Centrport : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@centrport[2].txt -> TrackingCookie.Centrport : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@cliks[1].txt -> TrackingCookie.Cliks : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@cliks[2].txt -> TrackingCookie.Cliks : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@stat.dealtime[2].txt -> TrackingCookie.Dealtime : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@doubleclick[3].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@doubleclick[4].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[3].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[4].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[5].txt -> TrackingCookie.Doubleclick : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@doubleclick[3].txt -> TrackingCookie.Doubleclick : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@doubleclick[4].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@as-us.falkag[4].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[4].txt -> TrackingCookie.Falkag : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@as-us.falkag[4].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@fastclick[4].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@fastclick[5].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[4].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[5].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[6].txt -> TrackingCookie.Fastclick : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@fastclick[4].txt -> TrackingCookie.Fastclick : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@fastclick[5].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@gator[1].txt -> TrackingCookie.Gator : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@gator[2].txt -> TrackingCookie.Gator : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@gator[3].txt -> TrackingCookie.Gator : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@gator[4].txt -> TrackingCookie.Gator : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@gator[1].txt -> TrackingCookie.Gator : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@gator[2].txt -> TrackingCookie.Gator : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@gator[3].txt -> TrackingCookie.Gator : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@gator[4].txt -> TrackingCookie.Gator : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@gator[1].txt -> TrackingCookie.Gator : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@gator[2].txt -> TrackingCookie.Gator : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@gator[3].txt -> TrackingCookie.Gator : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@gator[4].txt -> TrackingCookie.Gator : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@goclick[2].txt -> TrackingCookie.Goclick : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@ehg-hitent.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@phg.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@phg.hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ehg-globalgamingleague.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ehg-hitent.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@phg.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@phg.hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ehg-hitent.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@phg.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@phg.hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@ivwbox[1].txt -> TrackingCookie.Ivwbox : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ivwbox[1].txt -> TrackingCookie.Ivwbox : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ivwbox[1].txt -> TrackingCookie.Ivwbox : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Default User\Cookies\anyuser@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@mediaplex[3].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Owner\Cookies\anyuser@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[3].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[4].txt -> TrackingCookie.Mediaplex : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\anyuser@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@mediaplex[3].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@search.msn[1].txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@search.msn[3].txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@search.msn[1].txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@search.msn[3].txt -> TrackingCookie.Msn : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@search.msn[1].txt -> TrackingCookie.Msn : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@search.msn[3].txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@master.mx-targeting[1].txt -> TrackingCookie.Mx-targeting : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@master.mx-targeting[2].txt -> TrackingCookie.Mx-targeting : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@master.mx-targeting[3].txt -> TrackingCookie.Mx-targeting : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@master.mx-targeting[5].txt -> TrackingCookie.Mx-targeting : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@www4.paypopup[1].txt -> TrackingCookie.Paypopup : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@www4.paypopup[1].txt -> TrackingCookie.Paypopup : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www4.paypopup[1].txt -> TrackingCookie.Paypopup : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@questionmarket[3].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[3].txt -> TrackingCookie.Questionmarket : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@questionmarket[3].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@realmedia[2].txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@realmedia[3].txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@realmedia[5].txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@realmedia[3].txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@realmedia[5].txt -> TrackingCookie.Realmedia : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@realmedia[2].txt -> TrackingCookie.Realmedia : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@realmedia[3].txt -> TrackingCookie.Realmedia : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@realmedia[5].txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@serving-sys[3].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[3].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[4].txt -> TrackingCookie.Serving-sys : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@serving-sys[3].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@targetnet[1].txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@targetnet[2].txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@targetnet[4].txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@targetnet[1].txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@targetnet[2].txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@targetnet[4].txt -> TrackingCookie.Targetnet : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@targetnet[1].txt -> TrackingCookie.Targetnet : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@targetnet[2].txt -> TrackingCookie.Targetnet : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@targetnet[4].txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@tribalfusion[4].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[3].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[4].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@tribalfusion[4].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@server3.web-stat[2].txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@server3.web-stat[2].txt -> TrackingCookie.Web-stat : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@server3.web-stat[2].txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@ysbweb[1].txt -> TrackingCookie.Ysbweb : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ysbweb[1].txt -> TrackingCookie.Ysbweb : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ysbweb[1].txt -> TrackingCookie.Ysbweb : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Default User\Cookies\owner@zedo[3].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@zedo[3].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@zedo[4].txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@zedo[3].txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\re11.REG -> Trojan.LowZones.a : No action taken.
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\u.bat -> Worm.Gaobot : No action taken.
C:\Documents and Settings\Default User\Local Settings\Temp\u.bat -> Worm.Gaobot : No action taken.


::Report end

and remember i still have 450+ unhealerable files in my AVG 7.5 virus vault can you also tell me what to do about that? thx for your help anyway i really appriciate it very much
bryanchew is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 03:54 AM   #13 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 11
OS: window xp home edition


Re: Need help~~~ pc really dying =(
i forgot to add in that i have followed ur advice used the take all actions button after i saved the report.
bryanchew is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 04:32 AM   #14 (permalink)
Expert Analyst, Moderator, Security Team
 
Join Date: Sep 2006
Posts: 1,541
OS: xp


Re: Need help~~~ pc really dying =(
Can you have avg delete the files in its quarantine ?

Hows your PC running ? any problems at all ?

Spybot search & destroy and Ad-Aware programs would be a good idea to
do not use spybots tea timer yet
http://www.safer-networking.org/en/tutorial/index.html
http://www.majorgeeks.com/download506.html
__________________


Our help is voluntary. But this site needs donations to operate.
LonnyRJones is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-25-2008, 09:16 PM   #15 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 11
OS: window xp home edition


Re: Need help~~~ pc really dying =(
ok thx i think it is ok now
bryanchew is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-26-2008, 01:25 PM   #16 (permalink)
Expert Analyst, Moderator, Security Team
 
Join Date: Sep 2006
Posts: 1,541
OS: xp


Re: Need help~~~ pc really dying =(
Thats good to hear

Uninstall combofix as fallows, go start run type
combofix /u
and press enter or click ok

Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

PC Safety and Security--What Do I Need?

To help avoid reinfection see "So how did I get infected in the first place?"
http://castlecops.com/postlite7736-.html
__________________


Our help is voluntary. But this site needs donations to operate.
LonnyRJones is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 11:46 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84