Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Antivirus XP 2008 problem
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 08-17-2008, 07:28 AM   #1 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: Windows xP


Antivirus XP 2008 problem
I'll edit this post again after i followed the 5 steps..sorry
Last edited by BloodyFrmFl; 08-17-2008 at 07:39 AM.
BloodyFrmFl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-17-2008, 08:29 AM   #2 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: Windows xP


Re: Antivirus XP 2008 problem
Cant seem to edit the post O.o..
anyways I have done the 5 steps.. tell me if i missed something though..

The problem with my comp is the antivirus 2008/all my restore points has been deleted and i cannot restore my comp..Cant surf the web using IE and i have to use firefox.My desktop has changed to something like"your computer has been infected"

Help is much appreciated.. thank you

My hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:46 PM, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\lphc36uj0e92r.exe
C:\Program Files\rhc76uj0e92r\rhc76uj0e92r.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Nokia\PC Suite for the Nokia 6708\Device Manager\audevicemgr.exe
C:\PROGRA~1\Nokia\PCSUIT~1\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Nokia\PC Suite for the Nokia 6708\Sync ML Desktop Server\SyncController.exe
C:\WINDOWS\system32\pphc36uj0e92r.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: A.Video - {0603D38B-C4FF-458D-9E9A-C0FD113FAEC3} - C:\WINDOWS\system32\avideo.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /runonce
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Mama\winlogon.exe
O4 - HKLM\..\Run: [lphc36uj0e92r] C:\WINDOWS\system32\lphc36uj0e92r.exe
O4 - HKLM\..\Run: [SMrhc76uj0e92r] C:\Program Files\rhc76uj0e92r\rhc76uj0e92r.exe
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Nokia Device Manager.lnk = C:\Program Files\Nokia\PC Suite for the Nokia 6708\Device Manager\audevicemgr.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm451YYMY
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1221c56444b54511a60f041273c3dee2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1221c56444b54511a60f041273c3dee2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/ins...loader_v10.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://securevpn.tm.com.my/dana-cac...erSetupSP1.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{30993749-3852-44BE-8738-AAE9A583574F}: NameServer = 192.168.1.1,192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.1 192.168.0.1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 12786 bytes
Attached Files
File Type: txt ActiveScan.txt (6.1 KB, 1 views)
Last edited by BloodyFrmFl; 08-17-2008 at 08:31 AM. Reason: attach file
BloodyFrmFl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-17-2008, 09:08 AM   #3 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: Windows xP


Re: Antivirus XP 2008 problem
I'll post a Fresh log here

Deckard's System Scanner v20071014.68
Run by Mama on 2008-08-17 22:59:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x0000001F


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 1.54 GiB (less than 15%) free.


-- HijackThis (run as Mama.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:59 PM, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\lphc36uj0e92r.exe
C:\Program Files\rhc76uj0e92r\rhc76uj0e92r.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Nokia\PC Suite for the Nokia 6708\Device Manager\audevicemgr.exe
C:\PROGRA~1\Nokia\PCSUIT~1\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Nokia\PC Suite for the Nokia 6708\Sync ML Desktop Server\SyncController.exe
C:\WINDOWS\system32\pphc36uj0e92r.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Documents and Settings\Mama\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mama.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: A.Video - {0603D38B-C4FF-458D-9E9A-C0FD113FAEC3} - C:\WINDOWS\system32\avideo.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /runonce
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Mama\winlogon.exe
O4 - HKLM\..\Run: [lphc36uj0e92r] C:\WINDOWS\system32\lphc36uj0e92r.exe
O4 - HKLM\..\Run: [SMrhc76uj0e92r] C:\Program Files\rhc76uj0e92r\rhc76uj0e92r.exe
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Nokia Device Manager.lnk = C:\Program Files\Nokia\PC Suite for the Nokia 6708\Device Manager\audevicemgr.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm451YYMY
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1221c56444b54511a60f041273c3dee2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1221c56444b54511a60f041273c3dee2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/ins...loader_v10.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://securevpn.tm.com.my/dana-cac...erSetupSP1.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{30993749-3852-44BE-8738-AAE9A583574F}: NameServer = 192.168.1.1,192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.1 192.168.0.1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 12818 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - F:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "F:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R3 komiceb (Nokia 6708 Cable Emulation Bus (WDM)) - c:\windows\system32\drivers\komiceb.sys <Not Verified; MCCI; Nokia 6708 Cable Emulation Bus>

S3 btaudio (Bluetooth Audio Device) - c:\windows\system32\drivers\btaudio.sys (file missing)
S3 BTDriver (Bluetooth Virtual Communications Driver) - c:\windows\system32\drivers\btport.sys (file missing)
S3 BTKRNL (Bluetooth Bus Enumerator) - c:\windows\system32\drivers\btkrnl.sys (file missing)
S3 BTWDNDIS (Bluetooth LAN Access Server) - c:\windows\system32\drivers\btwdndis.sys (file missing)
S3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2101>
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 GMSIPCI - g:\install\gmsipci.sys (file missing)
S3 komibus (Nokia 6708 Composite Device driver (WDM)) - c:\windows\system32\drivers\komibus.sys <Not Verified; MCCI; Nokia 6708 Composite Device>
S3 komimdfl (Nokia 6708 VSC Modem (WDM) (Filter)) - c:\windows\system32\drivers\komimdfl.sys <Not Verified; MCCI; Nokia 6708 Modem Filter Driver>
S3 komimdmc (Nokia 6708 mRouter Port (WDM)) - c:\windows\system32\drivers\komimdmc.sys <Not Verified; MCCI; Nokia 6708 mRouter Port>
S3 komisce (Nokia 6708 VSC Modem (WDM)) - c:\windows\system32\drivers\komisce.sys <Not Verified; MCCI; Nokia 6708 VSC Modem>
S3 nocashio - c:\windows\system32\drivers\nocashio.sys
S3 npkcrypt - f:\program files\gravity\euphro\npkcrypt.sys (file missing)
S3 npkycryp - f:\program files\gravity\euphro\npkycryp.sys (file missing)
S3 w810bus (Sony Ericsson W810 Driver driver (WDM)) - c:\windows\system32\drivers\w810bus.sys (file missing)
S3 w810mdfl (Sony Ericsson W810 USB WMC Modem Filter) - c:\windows\system32\drivers\w810mdfl.sys (file missing)
S3 w810mdm (Sony Ericsson W810 USB WMC Modem Driver) - c:\windows\system32\drivers\w810mdm.sys (file missing)
S3 w810mgmt (Sony Ericsson W810 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\w810mgmt.sys (file missing)
S3 w810obex (Sony Ericsson W810 USB WMC OBEX Interface) - c:\windows\system32\drivers\w810obex.sys (file missing)
S3 XDva004 - c:\windows\system32\xdva004.sys (file missing)
S3 XDva039 - c:\windows\system32\xdva039.sys (file missing)
S3 XDva132 - c:\windows\system32\xdva132.sys (file missing)
S3 XDva158 - c:\windows\system32\xdva158.sys (file missing)
S3 XDva165 - c:\windows\system32\xdva165.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
S3 ZSMC301b (USB PC Camera 301P) - c:\windows\system32\drivers\usbvm31b.sys <Not Verified; VM; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 InCDsrvR (InCD Helper (read only)) - c:\program files\ahead\incd\incdsrv.exe -r <Not Verified; Nero AG; Nero AG incdsrv>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-17 22:00:00 488 --a------ C:\WINDOWS\Tasks\SmartDefrag.job


-- Files created between 2008-07-17 and 2008-08-17 -----------------------------

2008-08-17 22:15:43 0 d-------- C:\Program Files\SpywareBlaster
2008-08-17 21:43:27 0 d-------- C:\WINDOWS\LastGood
2008-08-17 21:41:50 0 d-------- C:\Program Files\Panda Security
2008-08-17 21:10:36 0 d-------- C:\Program Files\Trend Micro
2008-08-17 21:01:23 0 d-------- C:\Documents and Settings\Mama\Application Data\Adobe
2008-08-17 21:00:22 0 d-------- C:\Documents and Settings\Mama\Application Data\Talkback
2008-08-17 20:58:54 0 d-------- C:\Documents and Settings\Mama\Application Data\Mozilla
2008-08-17 20:30:34 94208 --a------ C:\WINDOWS\system32\pphc36uj0e92r.exe
2008-08-17 20:30:34 0 d-------- C:\Documents and Settings\Mama\Application Data\rhc76uj0e92r
2008-08-17 20:30:28 0 d-------- C:\Program Files\rhc76uj0e92r
2008-08-17 20:25:20 118784 --a------ C:\WINDOWS\system32\blphc36uj0e92r.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-08-17 20:25:08 0 d-------- C:\Program Files\RichVideoCodec
2008-08-17 20:25:07 195072 --a------ C:\WINDOWS\system32\lphc36uj0e92r.exe
2008-08-17 20:24:27 45056 --a------ C:\WINDOWS\system32\avideo.dll
2008-08-17 20:14:32 0 d-------- C:\Documents and Settings\Mohd Hafiz\Application Data\LimeWire
2008-08-17 01:43:14 0 d-------- C:\Program Files\Virtual Villagers 2
2008-08-17 01:34:02 0 d-------- C:\Program Files\Virtual Villagers
2008-08-17 01:34:02 0 d-------- C:\Program Files\BFG
2008-08-17 0151 0 d-------- C:\Program Files\Fish Tycoon
2008-08-16 21:54:54 40960 ---hs---- C:\Documents and Settings\Mohd Hafiz\winlogon.exe
2008-08-16 21:54:54 40960 ---hs---- C:\Documents and Settings\Mama\winlogon.exe
2008-08-16 09:11:42 147456 --a------ C:\WINDOWS\system32\RichVideoCodec.dll <Not Verified; IRCodecs; IRCodecs>
2008-08-16 01:00:28 0 d-------- C:\Documents and Settings\Mohd Hafiz\Application Data\Microsoft Games
2008-08-13 21:35:07 0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-19 20:56:57 0 d-------- C:\Documents and Settings\Mohd Hafiz\Application Data\Microsoft Web Folders
2008-07-19 20:14:49 0 d-------- C:\Documents and Settings\Mohd Hafiz\Application Data\InstallShield
2008-07-19 04:51:05 96 --ah----- C:\WINDOWS\system32\HsInfo.dat
2008-07-18 23:20:52 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-18 23:19:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-18 23:07:38 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-18 23:07:36 0 d-------- C:\Program Files\NOS


-- Find3M Report ---------------------------------------------------------------

2008-08-17 00:35:56 0 d-------- C:\Program Files\PopCap Games
2008-07-19 21:00:39 0 d-------- C:\Program Files\Common Files
2008-07-19 20:56:19 0 d-------- C:\Program Files\microsoft frontpage
2008-07-19 20:15:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-19 13:30:09 0 d-------- C:\Program Files\Garena
2008-07-18 23:19:59 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-13 03:12:00 0 d-------- C:\Program Files\Spyware Doctor
2008-07-12 19:00:09 723 --a----c- C:\WINDOWS\eReg.dat
2008-07-12 18:56:52 0 d-------- C:\Program Files\Maxis
2008-06-22 14:07:58 0 d-------- C:\Program Files\Virtools
2008-06-15 12:31:41 23 --a------ C:\WINDOWS\popcinfot.dat
2008-06-14 22:01:05 0 --a------ C:\WINDOWS\popcreg.dat
2008-06-09 17:03:53 1350 --a------ C:\WINDOWS\mozver.dat
2008-05-24 19:44:17 146 --a------ C:\profile
2008-05-22 15:09:12 729088 --a----c- C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0603D38B-C4FF-458D-9E9A-C0FD113FAEC3}]
08/17/2008 08:24 PM 45056 --a------ C:\WINDOWS\system32\avideo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{098716A9-0310-4CBE-BD64-B790A9761158}]
08/16/2008 09:11 AM 147456 --a------ C:\WINDOWS\system32\RichVideoCodec.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [03/08/2005 03:33 AM C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [11/01/2005 04:15 AM C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [11/11/2005 02:07 PM C:\WINDOWS\soundman.exe]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [10/11/2004 02:54 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [04/18/2008 08:33 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [06/28/2004 09:29 PM]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [01/21/2003 03:19 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [12/15/2006 03:23 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [09/01/2004 08:00 AM]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [11/25/2002 08:44 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/29/2002 12:39 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/29/2002 12:39 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/29/2002 12:39 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/29/2004 04:50 PM]
"nwiz"="nwiz.exe" [10/29/2004 04:50 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/29/2004 04:50 PM]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [07/27/2007 09:39 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/20/2007 12:02 AM]
"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL" [12/01/2007 02:23 PM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [12/01/2007 02:23 PM]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [03/18/2005 07:18 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM C:\WINDOWS\system32\bthprops.cpl]
"FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM]
"Windows Logon Applicationedc"="C:\Documents and Settings\Mama\winlogon.exe" [08/16/2008 09:54 PM]
"lphc36uj0e92r"="C:\WINDOWS\system32\lphc36uj0e92r.exe" [08/17/2008 08:25 PM]
"SMrhc76uj0e92r"="C:\Program Files\rhc76uj0e92r\rhc76uj0e92r.exe" [08/17/2008 12:42 AM]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [01/19/2008 08:23 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/14/2004 12:24 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/10/2007 11:02:54 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 8:05:56 PM]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [7/25/2006 10:04:55 PM]
Nokia Device Manager.lnk - C:\Program Files\Nokia\PC Suite for the Nokia 6708\Device Manager\audevicemgr.exe [3/20/2006 3:27:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-08-17 23:03:57 ------------
BloodyFrmFl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-21-2008, 12:44 PM   #4 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Antivirus XP 2008 problem
Hello,

Please read this sticky regarding the use of Deckard System Scanner(dss.exe).
http://www.techsupportforum.com/secu...r-dss-exe.html

Hijackthis Uninstall List

* Start HijackThis
* Click on the Config button
* Click on the Misc Tools button
* Click on the Open Uninstall Manager button.
* You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your next reply.

Also post a new Hijackthis Log.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-21-2008, 01:11 PM   #5 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: Windows xP


Re: Antivirus XP 2008 problem
Hello TheBruce1,

Thanks for showing me the stickied DSS.exe I didnt know it before.
For your information,I have scanned my computer using Malwarebytes anti-malware and it seems to have solve the problem with the antivirus xp 2008 but i am not sure if the virus is still hiding somewhere in my computer so I hope that you can help me to make sure that my computer is free from the virus..
here is the uninstall_list from hijackthis:

Acrobat.com
Acrobat.com
Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 9
Adobe Shockwave Player
ArcSoft Panorama Maker 3.0
ArcSoft PhotoStudio 2000
Ariel's Story Studio
AVG Free Edition
Barbie as The Island Princess
Cake Mania 2
Canon iP1600
Canon ScanGear Toolbox CS 2.2
ChessProgram9
DAEMON Tools
Disc2Phone
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Easy-WebPrint
FairyLand
FinePrint
Fonts Installation
Form Fill (Windows Live Toolbar)
FW LiveUpdate
Garena
Google Toolbar for Internet Explorer
Hamster Heroes
Here Kitty Kitty
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
Image Resizer Powertoy for Windows XP
Impossible Creatures
IObit SmartDefrag Beta3.1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_02
Junior 10
Juniper Networks Network Connect 6.0.0
LaserJet 1020 series
LiveUpdate BVRP Software
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Flash MX
MAGIX Media Manager silver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Office 2000 Professional
Microsoft Office Professional Edition 2003
Microsoft Phishing Filter Add-in
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
mobile PhoneTools
Monopoly Tycoon
Mozilla Firefox (2.0.0.16)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero OEM
Nero Suite
Network Play System (Patching)
Nikon View 6
Nokia 6708 Software
Norton PartitionMagic 8.0
Norton SystemWorks 2006 (Symantec Corporation)
NVIDIA Drivers
O2Jam (e-Games) v.3.50
O2Jam Alpha 2006 DVD Edition
OmniPage Pro 9.0
OrderReminder HP LaserJet 1020
Panda ActiveScan 2.0
PC Suite for the Nokia 6708
PhotoScape
PowerDirector Express
PowerDVD
PowerProducer
Princess Magical Dress-Up
Project64 1.6
QuickTime
Ragnarok Sakray
RealPlayer
Realtek AC'97 Audio
Registry Mechanic 7.0
Rhapsody Player Engine
Ripmax RC Simulator
Rise Of Legends
Scan Manager 5.2
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Singles2
Sketchpad
Spyware Doctor 5.0
SpywareBlaster 4.1
Tabbed Browsing (Windows Live Toolbar)
The KMPlayer (remove only)
The Sims
Theme Hospital
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USB PC Camera 301P
USB Storage Driver
VeohTV BETA
VIA Platform Device Manager
VIA/S3G Display Driver
VideoLAN VLC media player 0.8.6a
Virtual Villagers (remove only)
Virtual Villagers 2
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format Runtime
Windows Media Player 10
Windows Rights Management Client
Windows Rights Management Client Backwards Compatibility
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885932
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinRAR archiver
X-Men(TM) Legends 2
Yahoo! Messenger
YAWLE 0.5b

And this is a new hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:51 AM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Nokia\PC Suite for the Nokia 6708\Device Manager\audevicemgr.exe
C:\PROGRA~1\Nokia\PCSUIT~1\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Nokia\PC Suite for the Nokia 6708\Sync ML Desktop Server\SyncController.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /runonce
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1275210071-220523388-682003330-1017\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Mohd Hafiz')
O4 - HKUS\S-1-5-21-1275210071-220523388-682003330-1017\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User 'Mohd Hafiz')
O4 - HKUS\S-1-5-21-1275210071-220523388-682003330-1017\..\Run: [] (User 'Mohd Hafiz')
O4 - HKUS\S-1-5-21-1275210071-220523388-682003330-1017\..\Run: [ares] "F:\Program Files\Ares\Ares.exe" -h (User 'Mohd Hafiz')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Nokia Device Manager.lnk = C:\Program Files\Nokia\PC Suite for the Nokia 6708\Device Manager\audevicemgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1221c56444b54511a60f041273c3dee2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1221c56444b54511a60f041273c3dee2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://securevpn.tm.com.my/dana-cac...erSetupSP1.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 11128 bytes

Thanks again for willing to help ^^
BloodyFrmFl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-21-2008, 03:07 PM   #6 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Antivirus XP 2008 problem
Hello again


Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

==========

JAVA OUTDATED


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

============

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

============
Logs Required
C:\Combofix.txt
Hijackthis Log
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-21-2008, 10:26 PM   #7 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: Windows xP


Re: Antivirus XP 2008 problem
ok TheBruce1 sorry for the late reply..I was sleeping at that time.
anyway I have done the thing u asked for and this is the log for both combofix and hijackthis

combofix:
ComboFix 08-08-21.02 - Mama 2008-08-22 11:34:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.429 [GMT 8:00]
Running from: C:\Documents and Settings\Mama\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mama\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mama\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Mohd Hafiz.YUNOS1\Application Data\macromedia\Flash Player\#SharedObjects\6HNQSUDZ\iforex.com
C:\Documents and Settings\Mohd Hafiz.YUNOS1\Application Data\macromedia\Flash Player\#SharedObjects\6HNQSUDZ\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Mohd Hafiz.YUNOS1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Mohd Hafiz.YUNOS1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Mohd Hafiz\Application Data\FunWebProducts
C:\Documents and Settings\Mohd Hafiz\Application Data\FunWebProducts\Data\Mohd Hafiz\avatar.dat
C:\Documents and Settings\Mohd Hafiz\Application Data\macromedia\Flash Player\#SharedObjects\EVUL4YXY\interclick.com
C:\Documents and Settings\Mohd Hafiz\Application Data\macromedia\Flash Player\#SharedObjects\EVUL4YXY\interclick.com\ud.sol
C:\Documents and Settings\Mohd Hafiz\Application Data\macromedia\Flash Player\#SharedObjects\EVUL4YXY\static.youku.com
C:\Documents and Settings\Mohd Hafiz\Application Data\macromedia\Flash Player\#SharedObjects\EVUL4YXY\static.youku.com\v1.0.0272\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Mohd Hafiz\Application Data\macromedia\Flash Player\#SharedObjects\EVUL4YXY\static.youku.com\v1.0.0279\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Mohd Hafiz\Application Data\macromedia\Flash Player\#SharedObjects\EVUL4YXY\static.youku.com\v1.0.0288\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Mohd Hafiz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Mohd Hafiz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Mohd Hafiz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\Mohd Hafiz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\WINDOWS\msettings.ini
C:\WINDOWS\system32\setup.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDHCPSVC


((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 )))))))))))))))))))))))))))))))
.

2008-08-18 23:11 . 2008-08-18 23:28 <DIR> d-------- C:\Documents and Settings\Mohd Hafiz\.frugoo_file_store_32
2008-08-18 22:04 . 2008-08-18 22:04 <DIR> d-------- C:\Documents and Settings\Mohd Hafiz\Application Data\Leadertech
2008-08-18 17:32 . 2008-08-18 17:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-18 17:32 . 2008-08-18 17:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-18 09:46 . 2008-08-18 09:46 <DIR> d-------- C:\Documents and Settings\Mohd Hafiz\Application Data\Malwarebytes
2008-08-18 01:02 . 2008-08-18 01:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 01:02 . 2008-08-18 01:02 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\Malwarebytes
2008-08-18 01:02 . 2008-08-18 01:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-18 01:02 . 2008-07-30 20:14 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-18 01:02 . 2008-07-30 20:14 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-17 23:37 . 2008-08-17 23:37 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\Leadertech
2008-08-17 22:15 . 2008-08-18 00:52 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-17 21:43 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-17 21:41 . 2008-08-17 21:41 <DIR> d-------- C:\Program Files\Panda Security
2008-08-17 21:10 . 2008-08-17 21:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-17 21:00 . 2008-08-17 21:00 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\Talkback
2008-08-17 20:14 . 2008-08-17 20:27 <DIR> d-------- C:\Documents and Settings\Mohd Hafiz\Application Data\LimeWire
2008-08-17 01:43 . 2008-08-17 01:43 <DIR> d-------- C:\Program Files\Virtual Villagers 2
2008-08-17 01:34 . 2008-08-17 01:34 <DIR> d-------- C:\Program Files\BFG
2008-08-16 01:00 . 2008-08-16 01:00 <DIR> d-------- C:\Documents and Settings\Mohd Hafiz\Application Data\Microsoft Games
2008-08-13 21:35 . 2008-08-13 21:35 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> dr------- C:\Temp\Program Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 20:19 --------- d-----w C:\Program Files\ChessBase
2008-08-21 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-08-20 06:53 --------- d-----w C:\Documents and Settings\Mohd Hafiz\Application Data\AVG7
2008-08-18 14:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-18 14:04 --------- d-----w C:\Program Files\QuickTime
2008-08-17 17:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-16 16:35 --------- d-----w C:\Program Files\PopCap Games
2008-07-19 12:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-19 12:56 --------- d-----w C:\Documents and Settings\Mohd Hafiz\Application Data\Microsoft Web Folders
2008-07-19 12:14 --------- d-----w C:\Documents and Settings\Mohd Hafiz\Application Data\InstallShield
2008-07-19 05:30 --------- d-----w C:\Program Files\Garena
2008-07-18 21:07 --------- d-----w C:\Program Files\NOS
2008-07-18 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-07-18 15:20 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-18 15:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-18 15:06 --------- d-----w C:\Documents and Settings\Mohd Hafiz\Application Data\AdobeUM
2008-07-12 19:12 --------- d-----w C:\Program Files\Spyware Doctor
2008-07-12 10:56 --------- d-----w C:\Program Files\Maxis
2008-06-22 06:07 --------- d-----w C:\Program Files\Virtools
2008-05-22 07:09 729,088 -c--a-w C:\WINDOWS\iun6002.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2004-10-11 14:54 589824]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-18 20:33 579584]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-28 21:29 32768]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2003-01-21 15:19 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-09-01 08:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-11-25 20:44 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 12:39 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 12:39 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 12:39 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 16:50 4620288]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 16:50 86016]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2007-07-27 21:39 3647656]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-20 00:02 185896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 19:18 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-01 04:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2004-10-29 16:50 921600 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 20:34 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-10 23:02:54 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2006-07-25 22:04:55 233472]
Nokia Device Manager.lnk - C:\Program Files\Nokia\PC Suite for the Nokia 6708\Device Manager\audevicemgr.exe [2006-03-20 15:27:26 802304]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"Game.exe"= Game.exe:*:Ena
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"F:\\Program Files\\Activision\\X-Men Legends 2\\XMen2.exe"=
"F:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"F:\\Battle Realms\\Battle_Realms_F.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-10-03 07:32]
R3 komiceb;Nokia 6708 Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\komiceb.sys [2006-04-25 12:23]
S3 komibus;Nokia 6708 Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\komibus.sys [2006-04-25 12:22]
S3 komimdfl;Nokia 6708 VSC Modem (WDM) (Filter);C:\WINDOWS\system32\DRIVERS\komimdfl.sys [2006-04-25 12:27]
S3 komimdmc;Nokia 6708 mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\komimdmc.sys [2006-04-25 12:27]
S3 komisce;Nokia 6708 VSC Modem (WDM);C:\WINDOWS\system32\DRIVERS\komisce.sys [2006-04-25 12:25]
S3 npkycryp;npkycryp;F:\Program Files\Gravity\EuphRO\npkycryp.sys []
S3 XDva039;XDva039;C:\WINDOWS\system32\XDva039.sys []
S3 XDva132;XDva132;C:\WINDOWS\system32\XDva132.sys []
S3 XDva158;XDva158;C:\WINDOWS\system32\XDva158.sys []
S3 XDva165;XDva165;C:\WINDOWS\system32\XDva165.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-08-22 C:\WINDOWS\Tasks\SmartDefrag.job
- C:\Program Files\IObit\IObit SmartDefrag\schedule.exe [2007-07-27 21:40]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-FinePrint Dispatcher v5 - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\86b8vqr8.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 11:43:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\PCSUIT~1\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Nokia\PC Suite for the Nokia 6708\Sync ML Desktop Server\SyncController.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-08-22 11:51:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-22 03:51:01

Pre-Run: 613,421,056 bytes free
Post-Run: 3,704,954,880 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

199 --- E O F --- 2008-08-21 19:05:41

Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:47 PM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Nokia\PC Suite for the Nokia 6708\Device Manager\audevicemgr.exe
C:\PROGRA~1\Nokia\PCSUIT~1\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Nokia\PC Suite for the Nokia 6708\Sync ML Desktop Server\SyncController.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Nokia Device Manager.lnk = C:\Program Files\Nokia\PC Suite for the Nokia 6708\Device Manager\audevicemgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1221c56444b54511a60f041273c3dee2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1221c56444b54511a60f041273c3dee2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://securevpn.tm.com.my/dana-cac...erSetupSP1.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 10514 bytes

Thanks again
BloodyFrmFl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-22-2008, 05:03 AM   #8 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Antivirus XP 2008 problem
Hello again

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Please remember to close all other windows, including browsers then click Fix checked.

==========

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
SkipFix::
File::
C:\WINDOWS\iun6002.exe
Folder::
C:\Program Files\Java\jre1.5.0_11
C:\Program Files\Java\j2re1.4.2_02
Save this as CFscript







Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=========

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

This animation will guide you through the process:




To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


==========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=========
Logs Required
C:\Combofix.txt
Kaspersky Scan Report
Hijackthis Log
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-22-2008, 07:05 PM   #9 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: Windows xP


Re: Antivirus XP 2008 problem
allright Bruce.. sorry for this very late reply again..that kaspersky scan took longer than what I expected..3 hours and still at 46% xD..
Anyway heres the log that u asked for

Combofix:

ComboFix 08-08-21.02 - Mama 2008-08-22 21:36:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.448 [GMT 8:00]
Running from: C:\Documents and Settings\Mama\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mama\Desktop\CFscript.txt
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
C:\WINDOWS\iun6002.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Java\j2re1.4.2_02
C:\Program Files\Java\j2re1.4.2_02\bin\awt.dll
C:\Program Files\Java\j2re1.4.2_02\bin\axbridge.dll
C:\Program Files\Java\j2re1.4.2_02\bin\client\jvm.dll
C:\Program Files\Java\j2re1.4.2_02\bin\client\Xusage.txt
C:\Program Files\Java\j2re1.4.2_02\bin\cmm.dll
C:\Program Files\Java\j2re1.4.2_02\bin\dcpr.dll
C:\Program Files\Java\j2re1.4.2_02\bin\dt_shmem.dll
C:\Program Files\Java\j2re1.4.2_02\bin\dt_socket.dll
C:\Program Files\Java\j2re1.4.2_02\bin\eula.dll
C:\Program Files\Java\j2re1.4.2_02\bin\fontmanager.dll
C:\Program Files\Java\j2re1.4.2_02\bin\hpi.dll
C:\Program Files\Java\j2re1.4.2_02\bin\hprof.dll
C:\Program Files\Java\j2re1.4.2_02\bin\ioser12.dll
C:\Program Files\Java\j2re1.4.2_02\bin\jaas_nt.dll
C:\Program Files\Java\j2re1.4.2_02\bin\java.dll
C:\Program Files\Java\j2re1.4.2_02\bin\java.exe
C:\Program Files\Java\j2re1.4.2_02\bin\javaw.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jawt.dll
C:\Program Files\Java\j2re1.4.2_02\bin\jcov.dll
C:\Program Files\Java\j2re1.4.2_02\bin\JdbcOdbc.dll
C:\Program Files\Java\j2re1.4.2_02\bin\jdwp.dll
C:\Program Files\Java\j2re1.4.2_02\bin\jpeg.dll
C:\Program Files\Java\j2re1.4.2_02\bin\jpicom32.dll
C:\Program Files\Java\j2re1.4.2_02\bin\jpicpl32.cpl
C:\Program Files\Java\j2re1.4.2_02\bin\jpicpl32.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jpiexp32.dll
C:\Program Files\Java\j2re1.4.2_02\bin\jpins4.dll
C:\Program Files\Java\j2re1.4.2_02\bin\jpins6.dll
C:\Program Files\Java\j2re1.4.2_02\bin\jpins7.dll
C:\Program Files\Java\j2re1.4.2_02\bin\jpinsp.dll
C:\Program Files\Java\j2re1.4.2_02\bin\jpishare.dll
C:\Program Files\Java\j2re1.4.2_02\bin\jsound.dll
C:\Program Files\Java\j2re1.4.2_02\bin\jucheck.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_02\bin\keytool.exe
C:\Program Files\Java\j2re1.4.2_02\bin\kinit.exe
C:\Program Files\Java\j2re1.4.2_02\bin\klist.exe
C:\Program Files\Java\j2re1.4.2_02\bin\ktab.exe
C:\Program Files\Java\j2re1.4.2_02\bin\msvcrt.dll
C:\Program Files\Java\j2re1.4.2_02\bin\net.dll
C:\Program Files\Java\j2re1.4.2_02\bin\nio.dll
C:\Program Files\Java\j2re1.4.2_02\bin\NPJava11.dll
C:\Program Files\Java\j2re1.4.2_02\bin\NPJava12.dll
C:\Program Files\Java\j2re1.4.2_02\bin\NPJava13.dll
C:\Program Files\Java\j2re1.4.2_02\bin\NPJava14.dll
C:\Program Files\Java\j2re1.4.2_02\bin\NPJava32.dll
C:\Program Files\Java\j2re1.4.2_02\bin\NPJPI142_02.dll
C:\Program Files\Java\j2re1.4.2_02\bin\NPOJI610.dll
C:\Program Files\Java\j2re1.4.2_02\bin\orbd.exe
C:\Program Files\Java\j2re1.4.2_02\bin\policytool.exe
C:\Program Files\Java\j2re1.4.2_02\bin\RegUtils.dll
C:\Program Files\Java\j2re1.4.2_02\bin\rmi.dll
C:\Program Files\Java\j2re1.4.2_02\bin\rmid.exe
C:\Program Files\Java\j2re1.4.2_02\bin\rmiregistry.exe
C:\Program Files\Java\j2re1.4.2_02\bin\servertool.exe
C:\Program Files\Java\j2re1.4.2_02\bin\tnameserv.exe
C:\Program Files\Java\j2re1.4.2_02\bin\verify.dll
C:\Program Files\Java\j2re1.4.2_02\bin\w2k_lsa_auth.dll
C:\Program Files\Java\j2re1.4.2_02\bin\zip.dll
C:\Program Files\Java\j2re1.4.2_02\CHANGES
C:\Program Files\Java\j2re1.4.2_02\COPYRIGHT
C:\Program Files\Java\j2re1.4.2_02\javaws\cacerts
C:\Program Files\Java\j2re1.4.2_02\javaws\JavaCup.ico
C:\Program Files\Java\j2re1.4.2_02\javaws\javalogo52x88.gif
C:\Program Files\Java\j2re1.4.2_02\javaws\JavaWebStart.dll
C:\Program Files\Java\j2re1.4.2_02\javaws\javaws-l10n.jar
C:\Program Files\Java\j2re1.4.2_02\javaws\javaws-license.txt
C:\Program Files\Java\j2re1.4.2_02\javaws\javaws.exe
C:\Program Files\Java\j2re1.4.2_02\javaws\javaws.jar
C:\Program Files\Java\j2re1.4.2_02\javaws\javaws.policy
C:\Program Files\Java\j2re1.4.2_02\javaws\javawspl.dll
C:\Program Files\Java\j2re1.4.2_02\javaws\Readme.html
C:\Program Files\Java\j2re1.4.2_02\javaws\Readme_de.html
C:\Program Files\Java\j2re1.4.2_02\javaws\Readme_es.html
C:\Program Files\Java\j2re1.4.2_02\javaws\Readme_fr.html
C:\Program Files\Java\j2re1.4.2_02\javaws\Readme_it.html
C:\Program Files\Java\j2re1.4.2_02\javaws\Readme_ja.html
C:\Program Files\Java\j2re1.4.2_02\javaws\Readme_ko.html
C:\Program Files\Java\j2re1.4.2_02\javaws\Readme_sv.html
C:\Program Files\Java\j2re1.4.2_02\javaws\Readme_zh_CN.html
C:\Program Files\Java\j2re1.4.2_02\javaws\Readme_zh_TW.html
C:\Program Files\Java\j2re1.4.2_02\javaws\resources\copyright.jpg
C:\Program Files\Java\j2re1.4.2_02\javaws\resources\messages.properties
C:\Program Files\Java\j2re1.4.2_02\javaws\resources\messages_de.properties
C:\Program Files\Java\j2re1.4.2_02\javaws\resources\messages_es.properties
C:\Program Files\Java\j2re1.4.2_02\javaws\resources\messages_fr.properties
C:\Program Files\Java\j2re1.4.2_02\javaws\resources\messages_it.properties
C:\Program Files\Java\j2re1.4.2_02\javaws\resources\messages_ja.properties
C:\Program Files\Java\j2re1.4.2_02\javaws\resources\messages_ko.properties
C:\Program Files\Java\j2re1.4.2_02\javaws\resources\messages_sv.properties
C:\Program Files\Java\j2re1.4.2_02\javaws\resources\messages_zh_CN.properties
C:\Program Files\Java\j2re1.4.2_02\javaws\resources\messages_zh_TW.properties
C:\Program Files\Java\j2re1.4.2_02\javaws\resources\miniSplash.jpg
C:\Program Files\Java\j2re1.4.2_02\javaws\resources\splash.jpg
C:\Program Files\Java\j2re1.4.2_02\javaws\sunlogo64x30.gif
C:\Program Files\Java\j2re1.4.2_02\lib\charsets.jar
C:\Program Files\Java\j2re1.4.2_02\lib\cmm\CIEXYZ.pf
C:\Program Files\Java\j2re1.4.2_02\lib\cmm\GRAY.pf
C:\Program Files\Java\j2re1.4.2_02\lib\cmm\LINEAR_RGB.pf
C:\Program Files\Java\j2re1.4.2_02\lib\cmm\sRGB.pf
C:\Program Files\Java\j2re1.4.2_02\lib\content-types.properties
C:\Program Files\Java\j2re1.4.2_02\lib\ext\dnsns.jar
C:\Program Files\Java\j2re1.4.2_02\lib\ext\ldapsec.jar
C:\Program Files\Java\j2re1.4.2_02\lib\ext\localedata.jar
C:\Program Files\Java\j2re1.4.2_02\lib\ext\sunjce_provider.jar
C:\Program Files\Java\j2re1.4.2_02\lib\flavormap.properties
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.CP1250
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.CP1251
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.CP1253
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.CP1254
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.CP1256
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.CP1257
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.hi
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.iw
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.ja
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.ko
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.MS950_HKSCS
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.ru
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.th
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.zh
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.zh.98
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.zh_CN_GB18030
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.zh_TW
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.zh_TW.95
C:\Program Files\Java\j2re1.4.2_02\lib\font.properties.zh_TW_MS950_HKSCS
C:\Program Files\Java\j2re1.4.2_02\lib\fonts\LucidaSansRegular.ttf
C:\Program Files\Java\j2re1.4.2_02\lib\i386\jvm.cfg
C:\Program Files\Java\j2re1.4.2_02\lib\im\indicim.jar
C:\Program Files\Java\j2re1.4.2_02\lib\im\thaiim.jar
C:\Program Files\Java\j2re1.4.2_02\lib\images\cursors\cursors.properties
C:\Program Files\Java\j2re1.4.2_02\lib\images\cursors\invalid32x32.gif
C:\Program Files\Java\j2re1.4.2_02\lib\images\cursors\win32_CopyDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_02\lib\images\cursors\win32_CopyNoDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_02\lib\images\cursors\win32_LinkDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_02\lib\images\cursors\win32_LinkNoDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_02\lib\images\cursors\win32_MoveDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_02\lib\images\cursors\win32_MoveNoDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_02\lib\jce.jar
C:\Program Files\Java\j2re1.4.2_02\lib\jsse.jar
C:\Program Files\Java\j2re1.4.2_02\lib\jvm.hprof.txt
C:\Program Files\Java\j2re1.4.2_02\lib\jvm.jcov.txt
C:\Program Files\Java\j2re1.4.2_02\lib\logging.properties
C:\Program Files\Java\j2re1.4.2_02\lib\plugin.jar
C:\Program Files\Java\j2re1.4.2_02\lib\psfont.properties.ja
C:\Program Files\Java\j2re1.4.2_02\lib\psfontj2d.properties
C:\Program Files\Java\j2re1.4.2_02\lib\rt.jar
C:\Program Files\Java\j2re1.4.2_02\lib\security\cacerts
C:\Program Files\Java\j2re1.4.2_02\lib\security\java.policy
C:\Program Files\Java\j2re1.4.2_02\lib\security\java.security
C:\Program Files\Java\j2re1.4.2_02\lib\security\local_policy.jar
C:\Program Files\Java\j2re1.4.2_02\lib\security\US_export_policy.jar
C:\Program Files\Java\j2re1.4.2_02\lib\sunrsasign.jar
C:\Program Files\Java\j2re1.4.2_02\lib\tzmappings
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Abidjan
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Accra
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Addis_Ababa
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Algiers
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Asmera
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Bamako
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Bangui
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Banjul
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Bissau
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Blantyre
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Brazzaville
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Bujumbura
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Cairo
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Casablanca
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Ceuta
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Conakry
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Dakar
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Dar_es_Salaam
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Djibouti
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Douala
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\El_Aaiun
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Freetown
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Gaborone
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Harare
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Johannesburg
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Kampala
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Khartoum
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Kigali
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Kinshasa
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Lagos
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Libreville
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Lome
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Luanda
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Lubumbashi
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Lusaka
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Malabo
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Maputo
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Maseru
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Mbabane
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Mogadishu
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Monrovia
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Nairobi
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Ndjamena
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Niamey
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Nouakchott
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Ouagadougou
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Porto-Novo
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Sao_Tome
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Timbuktu
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Tripoli
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Tunis
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Africa\Windhoek
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Adak
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Anchorage
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Anguilla
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Antigua
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Araguaina
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Aruba
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Asuncion
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Barbados
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Belem
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Belize
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Boa_Vista
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Bogota
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Boise
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Buenos_Aires
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Cambridge_Bay
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Cancun
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Caracas
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Catamarca
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Cayenne
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Cayman
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Chicago
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Chihuahua
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Cordoba
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Costa_Rica
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Cuiaba
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Curacao
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Danmarkshavn
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Dawson
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Dawson_Creek
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Denver
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Detroit
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Dominica
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Edmonton
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Eirunepe
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\El_Salvador
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Fortaleza
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Glace_Bay
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Godthab
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Goose_Bay
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Grand_Turk
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Grenada
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Guadeloupe
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Guatemala
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Guayaquil
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Guyana
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Halifax
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Havana
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Hermosillo
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Indiana\Knox
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Indiana\Marengo
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Indiana\Vevay
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Indianapolis
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Inuvik
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Iqaluit
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Jamaica
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Jujuy
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Juneau
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Kentucky\Monticello
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\La_Paz
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Lima
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Los_Angeles
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Louisville
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Maceio
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Managua
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Manaus
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Martinique
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Mazatlan
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Mendoza
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Menominee
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Merida
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Mexico_City
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Miquelon
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Monterrey
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Montevideo
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Montreal
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Montserrat
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Nassau
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\New_York
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Nipigon
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Nome
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Noronha
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\North_Dakota\Center
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Panama
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Pangnirtung
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Paramaribo
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Phoenix
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Port-au-Prince
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Port_of_Spain
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Porto_Velho
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Puerto_Rico
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Rainy_River
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Rankin_Inlet
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Recife
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Regina
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Rio_Branco
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Santiago
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Santo_Domingo
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Sao_Paulo
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Scoresbysund
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\St_Johns
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\St_Kitts
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\St_Lucia
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\St_Thomas
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\St_Vincent
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Swift_Current
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Tegucigalpa
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Thule
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Thunder_Bay
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Tijuana
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Tortola
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Vancouver
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Whitehorse
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Winnipeg
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Yakutat
C:\Program Files\Java\j2re1.4.2_02\lib\zi\America\Yellowknife
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Antarctica\Casey
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Antarctica\Davis
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Antarctica\DumontDUrville
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Antarctica\Mawson
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Antarctica\McMurdo
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Antarctica\Palmer
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Antarctica\Rothera
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Antarctica\Syowa
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Antarctica\Vostok
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Aden
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Almaty
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Amman
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Anadyr
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Aqtau
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Aqtobe
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Ashgabat
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Baghdad
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Bahrain
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Baku
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Bangkok
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Beirut
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Bishkek
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Brunei
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Calcutta
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Choibalsan
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Chongqing
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Colombo
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Damascus
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Dhaka
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Dili
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Dubai
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Dushanbe
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Gaza
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Harbin
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Hong_Kong
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Hovd
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Irkutsk
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Jakarta
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Jayapura
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Jerusalem
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Kabul
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Kamchatka
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Karachi
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Kashgar
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Katmandu
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Krasnoyarsk
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Kuala_Lumpur
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Kuching
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Kuwait
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Macau
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Magadan
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Makassar
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Manila
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Muscat
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Nicosia
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Novosibirsk
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Omsk
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Oral
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Phnom_Penh
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Pontianak
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Pyongyang
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Qatar
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Qyzylorda
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Rangoon
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Riyadh
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Riyadh87
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Riyadh88
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Riyadh89
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Saigon
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Sakhalin
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Samarkand
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Seoul
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Shanghai
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Singapore
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Taipei
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Tashkent
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Tbilisi
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Tehran
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Thimphu
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Tokyo
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Ulaanbaatar
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Urumqi
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Vientiane
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Vladivostok
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Yakutsk
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Yekaterinburg
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Asia\Yerevan
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Atlantic\Azores
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Atlantic\Bermuda
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Atlantic\Canary
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Atlantic\Cape_Verde
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Atlantic\Faeroe
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Atlantic\Madeira
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Atlantic\Reykjavik
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Atlantic\South_Georgia
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Atlantic\St_Helena
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Atlantic\Stanley
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Australia\Adelaide
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Australia\Brisbane
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Australia\Broken_Hill
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Australia\Darwin
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Australia\Hobart
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Australia\Lindeman
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Australia\Lord_Howe
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Australia\Melbourne
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Australia\Perth
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Australia\Sydney
C:\Program Files\Java\j2re1.4.2_02\lib\zi\CET
C:\Program Files\Java\j2re1.4.2_02\lib\zi\EET
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT-1
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT-10
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT-11
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT-12
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT-13
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT-14
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT-2
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT-3
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT-4
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT-5
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT-6
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT-7
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT-8
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT-9
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT+1
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT+10
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT+11
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT+12
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT+2
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT+3
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT+4
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT+5
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT+6
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT+7
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT+8
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\GMT+9
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\UCT
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Etc\UTC
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Amsterdam
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Andorra
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Athens
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Belfast
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Belgrade
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Berlin
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Brussels
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Bucharest
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Budapest
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Chisinau
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Copenhagen
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Dublin
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Gibraltar
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Helsinki
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Istanbul
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Kaliningrad
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Kiev
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Lisbon
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\London
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Luxembourg
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Madrid
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Malta
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Minsk
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Monaco
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Moscow
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Oslo
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Paris
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Prague
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Riga
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Rome
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Samara
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Simferopol
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Sofia
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Stockholm
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Tallinn
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Tirane
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Uzhgorod
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Vaduz
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Vienna
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Vilnius
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Warsaw
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Zaporozhye
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Europe\Zurich
C:\Program Files\Java\j2re1.4.2_02\lib\zi\GMT
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Indian\Antananarivo
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Indian\Chagos
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Indian\Christmas
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Indian\Cocos
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Indian\Comoro
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Indian\Kerguelen
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Indian\Mahe
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Indian\Maldives
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Indian\Mauritius
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Indian\Mayotte
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Indian\Reunion
C:\Program Files\Java\j2re1.4.2_02\lib\zi\MET
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Apia
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Auckland
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Chatham
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Easter
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Efate
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Enderbury
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Fakaofo
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Fiji
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Funafuti
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Galapagos
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Gambier
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Guadalcanal
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Guam
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Honolulu
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Johnston
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Kiritimati
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Kosrae
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Kwajalein
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Majuro
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Marquesas
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Midway
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Nauru
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Niue
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Norfolk
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Noumea
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Pago_Pago
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Palau
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Pitcairn
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Ponape
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Port_Moresby
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Rarotonga
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Saipan
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Tahiti
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Tarawa
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Tongatapu
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Truk
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Wake
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Wallis
C:\Program Files\Java\j2re1.4.2_02\lib\zi\Pacific\Yap
C:\Program Files\Java\j2re1.4.2_02\lib\zi\WET
C:\Program Files\Java\j2re1.4.2_02\lib\zi\ZoneInfoMappings
C:\Program Files\Java\j2re1.4.2_02\LICENSE
C:\Program Files\Java\j2re1.4.2_02\LICENSE.rtf
C:\Program Files\Java\j2re1.4.2_02\LICENSE_de.rtf
C:\Program Files\Java\j2re1.4.2_02\LICENSE_es.rtf
C:\Program Files\Java\j2re1.4.2_02\LICENSE_fr.rtf
C:\Program Files\Java\j2re1.4.2_02\LICENSE_it.rtf
C:\Program Files\Java\j2re1.4.2_02\LICENSE_ja.rtf
C:\Program Files\Java\j2re1.4.2_02\LICENSE_ko.rtf
C:\Program Files\Java\j2re1.4.2_02\LICENSE_sv.rtf
C:\Program Files\Java\j2re1.4.2_02\LICENSE_zh_CN.rtf
C:\Program Files\Java\j2re1.4.2_02\LICENSE_zh_TW.rtf
C:\Program Files\Java\j2re1.4.2_02\README.txt
C:\Program Files\Java\j2re1.4.2_02\THIRDPARTYLICENSEREADME.txt
C:\Program Files\Java\j2re1.4.2_02\Welcome.html
C:\WINDOWS\iun6002.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 )))))))))))))))))))))))))))))))
.

2008-08-22 12:22 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-18 23:11 . 2008-08-18 23:28 <DIR> d-------- C:\Documents and Settings\Mohd Hafiz\.frugoo_file_store_32
2008-08-18 22:04 . 2008-08-18 22:04 <DIR> d-------- C:\Documents and Settings\Mohd Hafiz\Application Data\Leadertech
2008-08-18 17:32 . 2008-08-18 17:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-18 17:32 . 2008-08-18 17:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-18 09:46 . 2008-08-18 09:46 <DIR> d-------- C:\Documents and Settings\Mohd Hafiz\Application Data\Malwarebytes
2008-08-18 01:02 . 2008-08-18 01:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 01:02 . 2008-08-18 01:02 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\Malwarebytes
2008-08-18 01:02 . 2008-08-18 01:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-18 01:02 . 2008-07-30 20:14 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-18 01:02 . 2008-07-30 20:14 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-17 23:37 . 2008-08-17 23:37 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\Leadertech
2008-08-17 22:15 . 2008-08-18 00:52 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-17 21:43 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-17 21:41 . 2008-08-17 21:41 <DIR> d-------- C:\Program Files\Panda Security
2008-08-17 21:10 . 2008-08-17 21:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-17 21:00 . 2008-08-17 21:00 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\Talkback
2008-08-17 20:14 . 2008-08-17 20:27 <DIR> d-------- C:\Documents and Settings\Mohd Hafiz\Application Data\LimeWire
2008-08-17 01:43 . 2008-08-17 01:43 <DIR> d-------- C:\Program Files\Virtual Villagers 2
2008-08-17 01:34 . 2008-08-17 01:34 <DIR> d-------- C:\Program Files\BFG
2008-08-16 01:00 . 2008-08-16 01:00 <DIR> d-------- C:\Documents and Settings\Mohd Hafiz\Application Data\Microsoft Games
2008-08-13 21:35 . 2008-08-13 21:35 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> dr------- C:\Temp\Program Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 13:38 --------- d-----w C:\Program Files\Java
2008-08-21 20:19 --------- d-----w C:\Program Files\ChessBase
2008-08-21 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-08-20 06:53 --------- d-----w C:\Documents and Settings\Mohd Hafiz\Application Data\AVG7
2008-08-18 14:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-18 14:04 --------- d-----w C:\Program Files\QuickTime
2008-08-17 17:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-16 16:35 --------- d-----w C:\Program Files\PopCap Games
2008-07-19 12:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-19 12:56 --------- d-----w C:\Documents and Settings\Mohd Hafiz\Application Data\Microsoft Web Folders
2008-07-19 12:14 --------- d-----w C:\Documents and Settings\Mohd Hafiz\Application Data\InstallShield
2008-07-19 05:30 --------- d-----w C:\Program Files\Garena
2008-07-18 21:07 --------- d-----w C:\Program Files\NOS
2008-07-18 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-07-18 15:20 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-18 15:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-18 15:06 --------- d-----w C:\Documents and Settings\Mohd Hafiz\Application Data\AdobeUM
2008-07-12 19:12 --------- d-----w C:\Program Files\Spyware Doctor
2008-07-12 10:56 --------- d-----w C:\Program Files\Maxis
2008-06-22 06:07 --------- d-----w C:\Program Files\Virtools
.

((((((((((((((((((((((((((((( snapshot@2008-08-22_11.50.34.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-12-14 17:30:58 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 17:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-12-14 17:31:06 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 17:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-12-14 19:09:14 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-09 18:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2004-10-11 14:54 589824]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-18 20:33 579584]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-28 21:29 32768]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2003-01-21 15:19 40960]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-09-01 08:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-11-25 20:44 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 12:39 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 12:39 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 12:39 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 16:50 4620288]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 16:50 86016]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2007-07-27 21:39 3647656]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-20 00:02 185896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 19:18 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-01 04:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2004-10-29 16:50 921600 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 20:34 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-10 23:02:54 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2006-07-25 22:04:55 233472]
Nokia Device Manager.lnk - C:\Program Files\Nokia\PC Suite for the Nokia 6708\Device Manager\audevicemgr.exe [2006-03-20 15:27:26 802304]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"Game.exe"= Game.exe:*:Ena
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"F:\\Program Files\\Activision\\X-Men Legends 2\\XMen2.exe"=
"F:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"F:\\Battle Realms\\Battle_Realms_F.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-10-03 07:32]
R3 komiceb;Nokia 6708 Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\komiceb.sys [2006-04-25 12:23]
S3 komibus;Nokia 6708 Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\komibus.sys [2006-04-25 12:22]
S3 komimdfl;Nokia 6708 VSC Modem (WDM) (Filter);C:\WINDOWS\system32\DRIVERS\komimdfl.sys [2006-04-25 12:27]
S3 komimdmc;Nokia 6708 mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\komimdmc.sys [2006-04-25 12:27]
S3 komisce;Nokia 6708 VSC Modem (WDM);C:\WINDOWS\system32\DRIVERS\komisce.sys [2006-04-25 12:25]
S3 npkycryp;npkycryp;F:\Program Files\Gravity\EuphRO\npkycryp.sys []
S3 XDva039;XDva039;C:\WINDOWS\system32\XDva039.sys []
S3 XDva132;XDva132;C:\WINDOWS\system32\XDva132.sys []
S3 XDva158;XDva158;C:\WINDOWS\system32\XDva158.sys []
S3 XDva165;XDva165;C:\WINDOWS\system32\XDva165.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-08-22 C:\WINDOWS\Tasks\SmartDefrag.job
- C:\Program Files\IObit\IObit SmartDefrag\schedule.exe [2007-07-27 21:40]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 21:42:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\PCSUIT~1\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Nokia\PC Suite for the Nokia 6708\Sync ML Desktop Server\SyncController.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-22 21:50:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-22 13:50:53
ComboFix2.txt 2008-08-22 03:51:07

Pre-Run: 4,037,218,304 bytes free
Post-Run: 4,061,184,000 bytes free

748 --- E O F --- 2008-08-21 19:05:41

Kaspersky :

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, August 23, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 22, 2008 14:36:53
Records in database: 1123713
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\

Scan statistics:
Files scanned: 140445
Threat name: 13
Infected objects: 14
Suspicious objects: 0
Duration of the scan: 05:51:45


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B7B6047.dll Infected: not-a-virus:AdWare.Win32.BHO.cz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C1F6C6E.exe Infected: not-a-virus:Dialer.Win32.Agent.k 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54565EF7.dll Infected: not-a-virus:Downloader.Win32.PopCap.b 1
C:\Program Files\a-squared Anti-Malware\Quarantine\175de184a2d825fd73df0244a419dd3d.a2q Infected: Trojan-Downloader.Win32.Small.cxx 1
C:\Program Files\a-squared Anti-Malware\Quarantine\6b82475501597102c976873072cf6773.a2q Infected: Trojan-Downloader.Win32.Small.cxx 1
C:\Program Files\a-squared Anti-Malware\Quarantine\7f05788b9abbfa2f22e6bafdffd83047.a2q Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Program Files\a-squared Anti-Malware\Quarantine\81621b7a0fe31a51861874007d319c97.a2q Infected: Trojan-Downloader.Win32.Small.dgk 1
C:\Program Files\a-squared Anti-Malware\Quarantine\be7163a6956729686a1db8463aa7663e.a2q Infected: Email-Worm.Win32.Luder.a 1
C:\Program Files\a-squared Anti-Malware\Quarantine\c7d08e522f95205876f24b4c2400f8b6.a2q Infected: not-a-virus:RiskTool.Win32.HideWindows 1
C:\Program Files\a-squared Anti-Malware\Quarantine\f8440c862febc59224f4e30826cbf0c5.a2q Infected: Trojan-Downloader.Win32.Small.cpt 1
C:\Program Files\MSN Messenger\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1
C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
E:\WINDOWS\psshutdown.exe Infected: not-a-virus:RiskTool.Win32.PsKill.au 1
F:\Anime\Downloads\mirc621.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

The selected area was scanned.

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:47 AM, on 8/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Nokia\PC Suite for the Nokia 6708\Device Manager\audevicemgr.exe
C:\PROGRA~1\Nokia\PCSUIT~1\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Nokia\PC Suite for the Nokia 6708\Sync ML Desktop Server\SyncController.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Nokia Device Manager.lnk = C:\Program Files\Nokia\PC Suite for the Nokia 6708\Device Manager\audevicemgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1221c56444b54511a60f041273c3dee2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1221c56444b54511a60f041273c3dee2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://securevpn.tm.com.my/dana-cac...erSetupSP1.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 10429 bytes

Things are getting better now..my machine is faster all thanks to you bruce.
By the way I might be away to University and I dont know when I will be back home though cause I stay at the dorm there..anyway when I have the chance I will drop by doing the things u asked for until its all clear
BloodyFrmFl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-23-2008, 11:57 AM   #10 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Antivirus XP 2008 problem
Hello again

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
Folder::
C:\Program Files\a-squared Anti-Malware
C:\Documents and Settings\All Users\Application Data\Symantec
File::
C:\Program Files\MSN Messenger\msimg32.dll
C:\Program Files\MSN Messenger\riched20.dll
E:\WINDOWS\psshutdown.exe
F:\Anime\Downloads\mirc621.exe
Save this as CFscript







Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=========
Logs Required
C:\Combofix.txt
Hijackthis Log
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-29-2008, 04:19 PM   #11 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: Windows xP


Re: Antivirus XP 2008 problem
Hello Bruce,

First of all sorry for the very late reply..Its because I;ve been away for the whole week..very sorry..

Combofix:
ComboFix 08-08-29.02 - Mama 2008-08-30 653.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.434 [GMT 8:00]
Running from: C:\Documents and Settings\Mama\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mama\Desktop\CFscript.txt
* Created a new restore point

FILE ::
C:\Program Files\MSN Messenger\msimg32.dll
C:\Program Files\MSN Messenger\riched20.dll
E:\WINDOWS\psshutdown.exe
F:\Anime\Downloads\mirc621.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate
C:\Documents and Settings\Mama\Application Data\macromedia\Flash Player\#SharedObjects\CS7E6WZ3\bin.clearspring.com
C:\Documents and Settings\Mama\Application Data\macromedia\Flash Player\#SharedObjects\CS7E6WZ3\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Mama\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Mama\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Mohd Hafiz\Application Data\macromedia\Flash Player\#SharedObjects\EVUL4YXY\bin.clearspring.com
C:\Documents and Settings\Mohd Hafiz\Application Data\macromedia\Flash Player\#SharedObjects\EVUL4YXY\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Mohd Hafiz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Mohd Hafiz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Mohd Hafiz\Cookies\mohd hafiz@a.hasbro[2].txt
C:\Documents and Settings\Mohd Hafiz\Cookies\mohd hafiz@ad.yieldmanager[2].txt
C:\Program Files\a-squared Anti-Malware
C:\Program Files\MSN Messenger\msimg32.dll
C:\Program Files\MSN Messenger\riched20.dll
E:\WINDOWS\psshutdown.exe
F:\Anime\Downloads\mirc621.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.

2008-08-22 12:22 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-18 23:11 . 2008-08-18 23:28 <DIR> d-------- C:\Documents and Settings\Mohd Hafiz\.frugoo_file_store_32
2008-08-18 22:04 . 2008-08-18 22:04 <DIR> d-------- C:\Documents and Settings\Mohd Hafiz\Application Data\Leadertech
2008-08-18 17:32 . 2008-08-27 15:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-18 17:32 . 2008-08-18 17:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-18 09:46 . 2008-08-18 09:46 <DIR> d-------- C:\Documents and Settings\Mohd Hafiz\Application Data\Malwarebytes
2008-08-18 01:02 . 2008-08-18 01:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 01:02 . 2008-08-18 01:02 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\Malwarebytes
2008-08-18 01:02 . 2008-08-18 01:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-18 01:02 . 2008-07-30 20:14 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-18 01:02 . 2008-07-30 20:14 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-17 23:37 . 2008-08-17 23:37 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\Leadertech
2008-08-17 22:15 . 2008-08-18 00:52 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-17 21:43 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-17 21:41 . 2008-08-17 21:41 <DIR> d-------- C:\Program Files\Panda Security
2008-08-17 21:10 . 2008-08-17 21:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-17 21:00 . 2008-08-17 21:00 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\Talkback
2008-08-17 20:14 . 2008-08-17 20:27 <DIR> d-------- C:\Documents and Settings\Mohd Hafiz\Application Data\LimeWire
2008-08-17 01:43 . 2008-08-17 01:43 <DIR> d-------- C:\Program Files\Virtual Villagers 2
2008-08-17 01:34 . 2008-08-17 01:34 <DIR> d-------- C:\Program Files\BFG
2008-08-16 01:00 . 2008-08-16 01:00 <DIR> d-------- C:\Documents and Settings\Mohd Hafiz\Application Data\Microsoft Games
2008-08-13 21:35 . 2008-08-13 21:35 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> dr------- C:\Temp\Program Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 22:07 --------- d-----w C:\Program Files\MSN Messenger
2008-08-29 21:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-29 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-08-25 12:06 --------- d-----w C:\Documents and Settings\Mohd Hafiz\Application Data\Cyberlink
2008-08-22 13:38 --------- d-----w C:\Program Files\Java
2008-08-21 20:19 --------- d-----w C:\Program Files\ChessBase
2008-08-20 06:53 --------- d-----w C:\Documents and Settings\Mohd Hafiz\Application Data\AVG7
2008-08-18 14:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-18 14:04 --------- d-----w C:\Program Files\QuickTime
2008-08-16 16:35 --------- d-----w C:\Program Files\PopCap Games
2008-07-19 12:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-19 12:56 --------- d-----w C:\Documents and Settings\Mohd Hafiz\Application Data\Microsoft Web Folders
2008-07-19 12:14 --------- d-----w C:\Documents and Settings\Mohd Hafiz\Application Data\InstallShield
2008-07-19 05:30 --------- d-----w C:\Program Files\Garena
2008-07-18 21:07 --------- d-----w C:\Program Files\NOS
2008-07-18 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-07-18 15:20 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-18 15:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-18 15:06 --------- d-----w C:\Documents and Settings\Mohd Hafiz\Application Data\AdobeUM
2008-07-18 14:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 14:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 14:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 14:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 14:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 14:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 14:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 14:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 14:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 14:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-12 19:12 --------- d-----w C:\Program Files\Spyware Doctor
2008-07-12 10:56 --------- d-----w C:\Program Files\Maxis
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-22_11.50.34.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-20 16:22:11 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-08-29 21:45:57 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-08-20 16:22:11 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-08-29 21:45:57 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-08-20 16:22:11 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-08-29 21:45:57 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-08-20 16:22:11 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-08-29 21:45:57 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-08-20 16:22:12 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-08-29 21:45:57 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-08-20 16:22:12 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-08-29 21:45:58 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-08-20 16:22:12 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-08-29 21:45:58 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-08-20 16:22:12 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-08-29 21:45:58 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-08-20 16:22:11 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-08-29 21:45:57 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-08-20 16:22:11 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-08-29 21:45:57 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-08-20 16:22:12 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-08-29 21:45:58 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-08-20 16:22:11 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-08-29 21:45:57 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-08-20 16:22:11 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-08-29 21:45:57 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-12-14 17:30:58 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 17:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-12-14 17:31:06 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 17:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-12-14 19:09:14 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-09 18:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-08-29 03:43:45 53,248 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2004-10-11 14:54 589824]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-18 20:33 579584]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-28 21:29 32768]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2003-01-21 15:19 40960]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-09-01 08:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-11-25 20:44 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 12:39 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 12:39 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 12:39 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 16:50 4620288]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 16:50 86016]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2007-07-27 21:39 3647656]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-20 00:02 185896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 19:18 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-01 04:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2004-10-29 16:50 921600 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 20:34 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-10 23:02:54 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2006-07-25 22:04:55 233472]
Nokia Device Manager.lnk - C:\Program Files\Nokia\PC Suite for the Nokia 6708\Device Manager\audevicemgr.exe [2006-03-20 15:27:26 802304]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"Game.exe"= Game.exe:*:Ena
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"F:\\Program Files\\Activision\\X-Men Legends 2\\XMen2.exe"=
"F:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"F:\\Battle Realms\\Battle_Realms_F.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-10-03 07:32]
R3 komiceb;Nokia 6708 Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\komiceb.sys [2006-04-25 12:23]
S3 komibus;Nokia 6708 Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\komibus.sys [2006-04-25 12:22]
S3 komimdfl;Nokia 6708 VSC Modem (WDM) (Filter);C:\WINDOWS\system32\DRIVERS\komimdfl.sys [2006-04-25 12:27]
S3 komimdmc;Nokia 6708 mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\komimdmc.sys [2006-04-25 12:27]
S3 komisce;Nokia 6708 VSC Modem (WDM);C:\WINDOWS\system32\DRIVERS\komisce.sys [2006-04-25 12:25]
S3 npkycryp;npkycryp;F:\Program Files\Gravity\EuphRO\npkycryp.sys []
S3 XDva039;XDva039;C:\WINDOWS\system32\XDva039.sys []
S3 XDva132;XDva132;C:\WINDOWS\system32\XDva132.sys []
S3 XDva158;XDva158;C:\WINDOWS\system32\XDva158.sys []
S3 XDva165;XDva165;C:\WINDOWS\system32\XDva165.sys []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-29 C:\WINDOWS\Tasks\SmartDefrag.job
- C:\Program Files\IObit\IObit SmartDefrag\schedule.exe [2007-07-27 21:40]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 06:12:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-30 6:16:03
ComboFix-quarantined-files.txt 2008-08-29 22:15:02
ComboFix2.txt 2008-08-22 13:51:00
ComboFix3.txt 2008-08-22 03:51:07

Pre-Run: 2,975,531,008 bytes free
Post-Run: 3,509,395,456 bytes free

219 --- E O F --- 2008-08-29 21:46:03

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:18:04 AM, on 8/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Nokia\PC Suite for the Nokia 6708\Device Manager\audevicemgr.exe
C:\PROGRA~1\Nokia\PCSUIT~1\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Nokia\PC Suite for the Nokia 6708\Sync ML Desktop Server\SyncController.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Nokia Device Manager.lnk = C:\Program Files\Nokia\PC Suite for the Nokia 6708\Device Manager\audevicemgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1221c56444b54511a60f041273c3dee2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1221c56444b54511a60f041273c3dee2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://securevpn.tm.com.my/dana-cac...erSetupSP1.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 10224 bytes
BloodyFrmFl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-31-2008, 02:20 AM   #12 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Antivirus XP 2008 problem
Well done, your logs are clean.

Click start>run>type(or copy/paste command into run box):

ComboFix /u

Click ok.

===========

Clear IE6 cookies

*Open IE and click Tools
*Click on Internet Options
*Click on General Tab
*Click on Delte Temp Files & Cookies buttons.


Clear IE7 cookies

*On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
*On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too].
*Click OK, and then click OK again.


Clear Firefox cookies/cache

• Select "Tools"
• Select "Options".
• Select "Privacy".
• In "Settings" window put the check mark for Cookies,Cache,Browsing history and any others you want.
• Click OK.
• In Private area click "Clear Now".

-------------------------------------------------------------------------------------------

MICROSOFT UPDATES

1.Click Start,Run, type sysdm.cpl, and then press OK.
2.Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended).

Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday".

------------------------------------------------------------------------------------------

Useful Information and Programs to keep you safe.

TrendProtect is a FREE browser plug-in that helps you avoid Web pages with unwanted content and hidden threats. TrendProtect rates the current page and pages listed in Google, MSN, and Yahoo search results. You can use the rating to decide if you want to visit or avoid a given Web page. To rate Web pages, TrendProtect refers to an extensive database that covers the following information for billions of Web pages:

* Content category
* Phishing scam detection
* Site reputation
* Page reputation

WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites.

WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites.
Note:Only compatible with Firefox 1.5 and higher.

--------------------------------------------------------------------------------------

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Avant
Firefox
Opera
K-Meleon

------------------------------------------------------------------------------------------

Free Antispyware Products
SuperAntiSpyware
Malwarebytes ' Anti-Malware

------------------------------------------------------------------

IE-Spyad™ is a freeware utility that places more than 4000 dubious websites and domains in the Internet Explorer Restricted List.

Download and installation instructions for IE-Spyad™ Here

-----------------------------------------

The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

If your having trouble downloading & extracting,see link below for guidance:
http://www.mvps.org/winhelp2002/hosts2.htm

Once you have extracted the host file,double click on it and a new window will open.

Double-click on mvps.batand follow the prompts

---------------------------------------------------------------

Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

----------------------------------------

SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users.

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

==============================================

Also, please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Please reply to this thread once more, as we may mark this as resolved, thanks.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-31-2008, 05:42 AM   #13 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: Windows xP


Re: Antivirus XP 2008 problem
Allright sure you can mark it as resolved
Thanks a lot Bruce for your help I really appreciate it..
also thank you very much for the helpful links~
BloodyFrmFl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-01-2008, 05:33 AM   #14 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Antivirus XP 2008 problem
Your welcome, safe surfing
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:40 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85