Hidden Files can't be shown..[moved from xp]

naj113 · 11-04-2008, 04:22 AM

Hello guys,

I have a problem where my hidden files and folders can't be shown although i had try to set it at folder option as show hidden files.

But, it automatically change back to do not show hidden files.

I have run the HijackThis software and this is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:44 PM, on 11/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5335.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\GizmoPlugin\GizmoPlugin.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\acer\Wireless\Utility\WlanUtil.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\tsnp2std.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\mozilla stuffs\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.128.11:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.elearning.edu.my;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [acerWireless] C:\Program Files\acer\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: Wallpaper Calendar.lnk = C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/activex..._v1-0-3-18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176011468640
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://www.innotive.com/download/cibrowser11.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 15399 bytes

Please someone help me...I had done a lot of thing like antivirus scanning..but it doesn't work at all..

**Dunedin** · 11-04-2008, 04:37 AM

Hello naj113

Yes, I think you have a virus there.

Please read this article; "New Instructions” follow the instructions very carefully; then, post all the requested logs and information; as instructed, in this same thread. I will get someone to move the thread to the HJT Help Forum.
When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Don`t try to fix this yourself as you could do damage and lose all access to your system

Please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

.

naj113 · 11-04-2008, 10:53 AM

Thanks dunedin

Here is my log.txt log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by legolas at 2008-11-05 01:47:34
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (9%) free of 29 GB
Total RAM: 1526 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:37 AM, on 11/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5335.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\GizmoPlugin\GizmoPlugin.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\acer\Wireless\Utility\WlanUtil.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\tsnp2std.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Program Files\TechSmith\Camtasia Studio 5\TSCHelp.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\cidaemon.exe
D:\mozilla stuffs\RSIT.exe
D:\mozilla stuffs\legolas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.128.11:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.elearning.edu.my;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [acerWireless] C:\Program Files\acer\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: Wallpaper Calendar.lnk = C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/activex..._v1-0-3-18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176011468640
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://www.innotive.com/download/cibrowser11.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 15701 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2006-09-26 67256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-08-01 1933256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll [2001-08-10 388608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}]
CoTGT_BHO Class - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll [2006-05-10 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 1164600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-08-01 1933256]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 1164600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-08 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-08 688218]
"acerWireless"=C:\Program Files\acer\Wireless\Utility\WlanUtil.exe [2004-06-09 417792]
"ACU"=C:\Program Files\Atheros\ACU.exe [2005-01-31 253952]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-15 385024]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2004-10-15 356352]
"LManager"=C:\Program Files\Launch Manager\QtZgAcer.EXE [2005-03-28 319488]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-04 110592]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"RegistryMechanic"= []
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"WinDVR SchSvr"=C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe [2004-09-08 106496]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-02-19 49152]
"tsnp2std"=C:\WINDOWS\tsnp2std.exe [2005-11-03 106496]
"snp2std"=C:\WINDOWS\vsnp2std.exe [2005-08-16 339968]
"QuickTime Task"=C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [2008-01-31 385024]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2008-03-27 111928]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe [2007-08-30 61440]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-05-13 79224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-25 1372160]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"Yahoo! Pager"=~C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet []
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SRS Audio Sandbox"=C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [2007-11-25 481280]
"kamsoft"=C:\WINDOWS\system32\ckvo.exe [2008-11-03 104448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
VersionTrackerPro.lnk - C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Documents and Settings\legolas\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe
Wallpaper Calendar.lnk - C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-10-15 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll [2006-03-17 5384192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSecurityTab"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Mozilla Firefox\FIREFOX.EXE"="C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ecc1f42-4632-11db-8bab-806d6172696f}]
shell\AutoRun\command - C:\xih9.cmd
shell\explore\command - C:\xih9.cmd
shell\open\command - C:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ecc1f43-4632-11db-8bab-806d6172696f}]
shell\AutoRun\command - D:\xih9.cmd
shell\explore\command - D:\xih9.cmd
shell\open\command - D:\xih9.cmd

======File associations======

.reg - open - "%1" %*
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2008-11-05 01:47:34 ----D---- C:\rsit
2008-11-05 01:33:35 ----A---- C:\WINDOWS\gmer.ini
2008-11-05 01:33:34 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-05 01:33:33 ----A---- C:\WINDOWS\gmer.exe
2008-11-05 01:33:33 ----A---- C:\WINDOWS\gmer.dll
2008-11-04 17:47:50 ----D---- C:\WINDOWS\pss
2008-11-03 21:26:45 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-03 21:26:43 ----D---- C:\Program Files\Alwil Software
2008-11-03 21:17:12 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-03 21:17:00 ----HD---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-03 21:16:49 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-03 21:16:37 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-03 21:16:24 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-03 21:16:03 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-03 21:15:51 ----HD---- C:\WINDOWS\$NtUninstallKB954156_WM9L$
2008-11-03 21:15:37 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-03 20:38:41 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-03 10:04:06 ----RSH---- C:\WINDOWS\system32\ckvo1.dll
2008-11-02 20:43:40 ----RSH---- C:\xih9.cmd
2008-11-02 19:32:46 ----RSH---- C:\WINDOWS\system32\ckvo0.dll
2008-11-02 19:32:46 ----RSH---- C:\WINDOWS\system32\ckvo.exe
2008-10-26 20:12:35 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-26 20:10:59 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-26 19:20:49 ----D---- C:\Documents and Settings\All Users\Application Data\Avira(2)
2008-10-26 19:20:23 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-26 05:18:06 ----D---- C:\WINDOWS\Minidump
2008-10-26 05:16:20 ----SHD---- C:\FOUND.027
2008-10-23 00:42:33 ----D---- C:\Star Wars Jedi Knight - Jedi Academy (2 Cds)

======List of files/folders modified in the last 1 months======

2008-11-05 01:31:04 ----A---- C:\WINDOWS\IDMan.INI
2008-11-05 00:04:30 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-04 19:03:20 ----A---- C:\WINDOWS\WCal.tmp
2008-11-04 18:51:34 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-04 18:13:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-03 21:17:06 ----A---- C:\WINDOWS\imsins.BAK
2008-11-03 21:12:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-16 00:57:56 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-08 15:43:08 ----A---- C:\YServer.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-05-13 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-13 77904]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-05-13 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-09-17 17801]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-13 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-05-13 94416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-05-13 23152]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2006-06-23 31488]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2005-08-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2006-01-19 10068]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [2005-07-30 11988]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-06-25 34048]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-06-25 276480]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-12-08 16896]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-01-25 1038208]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-01-25 207616]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter.sys [2006-11-20 34176]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-08 185824]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2006-09-17 223128]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2006-02-28 84836]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-01-25 703616]
S3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-06-06 974464]
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2006-07-16 23040]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 CAM1690;USB PC CAMERA 301P; C:\WINDOWS\System32\Drivers\cam1690.sys [2007-09-20 177280]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\Drivers\epm-shd.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-05 85969]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2004-08-03 25600]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MR97310_VGA_DUAL_CAMERA;Digital Camera; C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2002-07-03 115790]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-09-21 8816128]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usb2vcom;USB Data Cable; C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-12-21 29152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys [2005-07-29 11736]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576]
S3 WINIO;WINIO; \??\C:\WINDOWS\system32\winio.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2004-12-27 36864]
R2 Akamai;Akamai; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-05-13 17272]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-05-13 144760]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
R2 Gizmo Plugin;Gizmo VoIP Service; C:\Program Files\GizmoPlugin\GizmoPlugin.exe [2008-01-13 962048]
R2 OwnershipProtocol;OwnershipProtocol; C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe [2004-10-15 98304]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-25 372736]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-05-13 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-05-13 345464]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S2 NPFMntor;Norton AntiVirus Firewall Monitor Service; C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-09-19 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-03-02 74360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SRS Labs License Service;SRS Labs License Service; C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe [2007-05-30 72704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-09 823808]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

naj113 · 11-14-2008, 09:38 PM

BUMP

Please someone help my problem...tq

Ried · 11-15-2008, 12:28 AM

Hello naj113,

It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

naj113 · 11-15-2008, 08:30 PM

Thanks Reid, here is my Combofix log

ComboFix 08-11-13.02 - legolas 2008-11-16 11:11:31.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.907 [GMT 8:00]
Running from: d:\my documents\Downloads\Programs\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\docume~1\legolas\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\legolas\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\legolas\Favorites\Online Security Test.url
C:\nq0cq.cmd
c:\windows\system32\ckvo.exe
c:\windows\system32\ckvo0.dll
c:\windows\system32\ckvo1.dll
c:\windows\system32\setting.ini
C:\xih9.cmd
D:\Autorun.inf
D:\nq0cq.cmd
D:\xih9.cmd

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PASSWORD

((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-15 17:21 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis
2008-11-15 14:54 . 2008-11-14 03:11 99,670 -r-hs---- C:\lky.exe
2008-11-15 13:50 . 2008-11-15 13:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-14 03:11 . 2008-11-14 03:11 85,504 -r-hs---- c:\windows\system32\gasretyw1.dll
2008-11-13 18:54 . 2008-11-14 03:11 99,670 -r-hs---- c:\windows\system32\kamsoft.exe
2008-11-13 18:54 . 2008-11-16 10:15 85,504 -r-hs---- c:\windows\system32\gasretyw0.dll
2008-11-07 17:33 . 2008-11-07 17:33 109,879 -r-hs---- C:\sq.com
2008-11-05 01:47 . 2008-11-05 01:47 <DIR> d-------- C:\rsit
2008-11-05 01:33 . 2008-11-05 01:34 250 --a------ c:\windows\gmer.ini
2008-11-03 21:27 . 2008-11-03 21:27 37,473 --a------ c:\windows\system32\muzika.xm
2008-11-03 21:26 . 2008-11-03 21:26 <DIR> d-------- c:\program files\Alwil Software
2008-11-03 13:40 . 2001-08-17 13:52 18,688 --a------ c:\windows\system32\drivers\cdaudio.sys
2008-11-03 13:40 . 2001-08-17 13:52 18,688 --a------ c:\windows\system32\dllcache\cdaudio.sys
2008-10-26 20:10 . 2008-10-26 20:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-10-26 19:20 . 2008-10-26 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira(2)
2008-10-26 14:58 . 2008-11-09 02:05 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-26 14:58 . 2008-10-26 14:58 1,409 --a------ c:\windows\QTFont.for
2008-10-26 05:16 . 2008-10-26 05:16 <DIR> d--hs---- C:\FOUND.027
2008-10-23 00:42 . 2008-10-23 00:42 <DIR> d-------- C:\Star Wars Jedi Knight - Jedi Academy (2 Cds)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-09-29 14:20 --------- d-----w c:\documents and settings\legolas\Application Data\Metacafe
2008-09-29 14:16 --------- d-----w c:\program files\Metacafe
2008-09-29 14:16 --------- d-----w c:\program files\Common Files\Akamai
2008-09-17 12:34 --------- d-----w c:\documents and settings\legolas\Application Data\Sony Corporation
2008-09-17 12:26 --------- d-----w c:\program files\Sony
2008-09-17 12:25 --------- d-----w c:\documents and settings\legolas\Application Data\InstallShield
2008-09-17 05:16 --------- d-----w c:\program files\MSECache
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-25 1372160]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-11-25 481280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-01-31 253952]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 319488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-09-08 106496]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-19 49152]
"tsnp2std"="c:\windows\tsnp2std.exe" [2005-11-03 106496]
"snp2std"="c:\windows\vsnp2std.exe" [2005-08-16 339968]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-01-31 385024]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

c:\documents and settings\legolas\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]
Wallpaper Calendar.lnk - c:\program files\zepsoft\Wallpaper Calendar\WallCal3.exe [2002-10-20 1226752]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-03-16 10872]
VersionTrackerPro.lnk - c:\windows\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2008-07-09 53248]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 626176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 11:27 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25350:TCP"= 25350:TCP:BitComet 25350 TCP
"25350:UDP"= 25350:UDP:BitComet 25350 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 14336]
R2 Gizmo Plugin;Gizmo VoIP Service;"c:\program files\GizmoPlugin\GizmoPlugin.exe" [2008-01-13 962048]
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-09-17 974464]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [2008-11-03 18688]
S3 CAM1690;USB PC CAMERA 301P;c:\windows\system32\Drivers\cam1690.sys [2007-09-20 177280]
S3 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\Drivers\epm-shd.sys []
S3 MR97310_VGA_DUAL_CAMERA;Digital Camera;c:\windows\system32\DRIVERS\mr97310v.sys [2007-12-28 115790]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);c:\windows\system32\DRIVERS\snp2sxp.sys [2007-12-12 8816128]
S3 usb2vcom;USB Data Cable;c:\windows\system32\DRIVERS\usb2vcom.sys [2007-10-21 29152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\lky.exe
\Shell\explore\Command - C:\lky.exe
\Shell\open\Command - C:\lky.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\lky.exe
\Shell\explore\Command - D:\lky.exe
\Shell\open\Command - D:\lky.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c146a76-4f06-11dd-9d97-001167061156}]
\Shell\AutoRun\command - G:\lky.exe
\Shell\explore\Command - G:\lky.exe
\Shell\open\Command - G:\lky.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3905910-ff15-11dc-9d41-001167061156}]
\Shell\AutoRun\command - H:\sq.com
\Shell\explore\Command - H:\sq.com
\Shell\open\Command - H:\sq.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3905911-ff15-11dc-9d41-001167061156}]
\Shell\AutoRun\command - G:\sq.com
\Shell\explore\Command - G:\sq.com
\Shell\open\Command - G:\sq.com

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"c:\program files\Internet Explorer\iexplore.exe" -userconfig
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Yahoo! Pager - ~c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
HKLM-Run-RegistryMechanic - (no file)
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\legolas\Application Data\Mozilla\Firefox\Profiles\cnbdkcak.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com.my
FF -: plugin - c:\progra~1\YAHOO!\COMMON\npyaxmpb.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 11:16:39
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3447.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3447.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Intel\Wireless\Bin\OProtSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MICROS~3\rapimgr.exe
.
**************************************************************************
.
Completion time: 2008-11-16 11:20:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-16 03:20:30

Pre-Run: 3,548,807,168 bytes free
Post-Run: 4,887,363,584 bytes free

257 --- E O F --- 2008-11-13 19:01:11

Ried · 11-15-2008, 09:07 PM

Before we continue, why did the Recovery Console not install? Did you receive an error messages?

naj113 · 11-15-2008, 09:45 PM

Sorry Reid..i forgot to download it..here is the latest log:

ComboFix 08-11-13.02 - legolas 2008-11-16 12:34:17.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.983 [GMT 8:00]
Running from: d:\my documents\Downloads\Programs\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-15 17:21 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis
2008-11-15 14:54 . 2008-11-14 03:11 99,670 -r-hs---- C:\lky.exe
2008-11-15 13:50 . 2008-11-15 13:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-14 03:11 . 2008-11-14 03:11 85,504 -r-hs---- c:\windows\system32\gasretyw1.dll
2008-11-13 18:54 . 2008-11-14 03:11 99,670 -r-hs---- c:\windows\system32\kamsoft.exe
2008-11-13 18:54 . 2008-11-16 10:15 85,504 -r-hs---- c:\windows\system32\gasretyw0.dll
2008-11-07 17:33 . 2008-11-07 17:33 109,879 -r-hs---- C:\sq.com
2008-11-05 01:47 . 2008-11-05 01:47 <DIR> d-------- C:\rsit
2008-11-05 01:33 . 2008-11-05 01:34 250 --a------ c:\windows\gmer.ini
2008-11-03 21:27 . 2008-11-03 21:27 37,473 --a------ c:\windows\system32\muzika.xm
2008-11-03 21:26 . 2008-11-03 21:26 <DIR> d-------- c:\program files\Alwil Software
2008-11-03 13:40 . 2001-08-17 13:52 18,688 --a------ c:\windows\system32\drivers\cdaudio.sys
2008-11-03 13:40 . 2001-08-17 13:52 18,688 --a------ c:\windows\system32\dllcache\cdaudio.sys
2008-10-26 20:10 . 2008-10-26 20:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-10-26 19:20 . 2008-10-26 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira(2)
2008-10-26 14:58 . 2008-11-09 02:05 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-26 14:58 . 2008-10-26 14:58 1,409 --a------ c:\windows\QTFont.for
2008-10-26 05:16 . 2008-10-26 05:16 <DIR> d--hs---- C:\FOUND.027
2008-10-23 00:42 . 2008-10-23 00:42 <DIR> d-------- C:\Star Wars Jedi Knight - Jedi Academy (2 Cds)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-09-29 14:20 --------- d-----w c:\documents and settings\legolas\Application Data\Metacafe
2008-09-29 14:16 --------- d-----w c:\program files\Metacafe
2008-09-29 14:16 --------- d-----w c:\program files\Common Files\Akamai
2008-09-17 12:34 --------- d-----w c:\documents and settings\legolas\Application Data\Sony Corporation
2008-09-17 12:26 --------- d-----w c:\program files\Sony
2008-09-17 12:25 --------- d-----w c:\documents and settings\legolas\Application Data\InstallShield
2008-09-17 05:16 --------- d-----w c:\program files\MSECache
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-16_11.19.49.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-16 03:18:32 3,700 ----a-w c:\windows\SoftwareDistribution\EventCache\{51247BA0-12C9-4154-8D85-D1B112CF4F4E}.bin
- 2008-11-03 13:12:24 63,590 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-16 03:20:20 63,590 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-03 13:12:24 404,536 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-16 03:20:20 404,536 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-25 1372160]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-11-25 481280]
"Yahoo! Pager"="~c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-01-31 253952]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 319488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-09-08 106496]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-19 49152]
"tsnp2std"="c:\windows\tsnp2std.exe" [2005-11-03 106496]
"snp2std"="c:\windows\vsnp2std.exe" [2005-08-16 339968]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-01-31 385024]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

c:\documents and settings\legolas\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]
Wallpaper Calendar.lnk - c:\program files\zepsoft\Wallpaper Calendar\WallCal3.exe [2002-10-20 1226752]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-03-16 10872]
VersionTrackerPro.lnk - c:\windows\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2008-07-09 53248]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 626176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 11:27 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25350:TCP"= 25350:TCP:BitComet 25350 TCP
"25350:UDP"= 25350:UDP:BitComet 25350 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 14336]
R2 Gizmo Plugin;Gizmo VoIP Service;"c:\program files\GizmoPlugin\GizmoPlugin.exe" [2008-01-13 962048]
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-09-17 974464]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [2008-11-03 18688]
S3 CAM1690;USB PC CAMERA 301P;c:\windows\system32\Drivers\cam1690.sys [2007-09-20 177280]
S3 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\Drivers\epm-shd.sys []
S3 MR97310_VGA_DUAL_CAMERA;Digital Camera;c:\windows\system32\DRIVERS\mr97310v.sys [2007-12-28 115790]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);c:\windows\system32\DRIVERS\snp2sxp.sys [2007-12-12 8816128]
S3 usb2vcom;USB Data Cable;c:\windows\system32\DRIVERS\usb2vcom.sys [2007-10-21 29152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\lky.exe
\Shell\explore\Command - C:\lky.exe
\Shell\open\Command - C:\lky.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\lky.exe
\Shell\explore\Command - D:\lky.exe
\Shell\open\Command - D:\lky.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c146a76-4f06-11dd-9d97-001167061156}]
\Shell\AutoRun\command - G:\lky.exe
\Shell\explore\Command - G:\lky.exe
\Shell\open\Command - G:\lky.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3905910-ff15-11dc-9d41-001167061156}]
\Shell\AutoRun\command - H:\sq.com
\Shell\explore\Command - H:\sq.com
\Shell\open\Command - H:\sq.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3905911-ff15-11dc-9d41-001167061156}]
\Shell\AutoRun\command - G:\sq.com
\Shell\explore\Command - G:\sq.com
\Shell\open\Command - G:\sq.com

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"c:\program files\Internet Explorer\iexplore.exe" -userconfig
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\legolas\Application Data\Mozilla\Firefox\Profiles\cnbdkcak.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com.my
FF -: plugin - c:\progra~1\YAHOO!\COMMON\npyaxmpb.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 12:35:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3447.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3447.dll"
.
Completion time: 2008-11-16 12:36:11
ComboFix-quarantined-files.txt 2008-11-16 04:36:08
ComboFix3.txt 2008-11-16 03:20:38
ComboFix2.txt 2008-11-16 04:15:00

Pre-Run: 4,906,647,552 bytes free
Post-Run: 4,887,642,112 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (bootscreen)" /noexecute=optin /fastdetect /KERNEL=kernel1.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

232 --- E O F --- 2008-11-13 19:01:11

Ried · 11-15-2008, 11:11 PM

Thank you. : )

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Locate what are typically your G: and H: drives as they are infected and will reinfect this system, as well as any other system they are ever connected to.

Download Flash_Disinfector.exe and save it to your desktop.

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.

The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

--------------------------------------------------------

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/309347-hidden-files-can-t-shown-moved-xp-post1805965.html#post1805965

Collect::
c:\windows\system32\gasretyw1.dll
c:\windows\system32\kamsoft.exe
C:\sq.com

File::
c:\windows\system32\gasretyw0.dll
G:\lky.exe
H:\sq.com
G:\sq.com

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c146a76-4f06-11dd-9d97-001167061156}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3905910-ff15-11dc-9d41-001167061156}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3905911-ff15-11dc-9d41-001167061156}]

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.
A browser will open.
Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------

Please return with the C:\ComboFix.txt and an update on system behavior.

naj113 · 11-16-2008, 10:40 AM

Ok, I already do all the things u ask..and my hidden files can be viewed now..Thanks Ried..This is the Combofix log:

ComboFix 08-11-13.02 - legolas 2008-11-17 1:28:30.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.926 [GMT 8:00]
Running from: d:\software\ComboFix.exe
Command switches used :: d:\software\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\gasretyw0.dll
G:\lky.exe
G:\sq.com
H:\sq.com
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sq.com
c:\windows\system32\gasretyw0.dll
c:\windows\system32\gasretyw1.dll
c:\windows\system32\kamsoft.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-15 17:21 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis
2008-11-15 14:54 . 2008-11-14 03:11 99,670 -r-hs---- C:\lky.exe
2008-11-15 13:50 . 2008-11-15 13:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-05 01:47 . 2008-11-05 01:47 <DIR> d-------- C:\rsit
2008-11-05 01:33 . 2008-11-05 01:34 250 --a------ c:\windows\gmer.ini
2008-11-03 21:27 . 2008-11-03 21:27 37,473 --a------ c:\windows\system32\muzika.xm
2008-11-03 21:26 . 2008-11-03 21:26 <DIR> d-------- c:\program files\Alwil Software
2008-11-03 13:40 . 2001-08-17 13:52 18,688 --a------ c:\windows\system32\drivers\cdaudio.sys
2008-11-03 13:40 . 2001-08-17 13:52 18,688 --a------ c:\windows\system32\dllcache\cdaudio.sys
2008-10-26 20:10 . 2008-10-26 20:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-10-26 19:20 . 2008-10-26 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira(2)
2008-10-26 05:16 . 2008-10-26 05:16 <DIR> d--hs---- C:\FOUND.027
2008-10-23 00:42 . 2008-10-23 00:42 <DIR> d-------- C:\Star Wars Jedi Knight - Jedi Academy (2 Cds)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-09-29 14:20 --------- d-----w c:\documents and settings\legolas\Application Data\Metacafe
2008-09-29 14:16 --------- d-----w c:\program files\Metacafe
2008-09-29 14:16 --------- d-----w c:\program files\Common Files\Akamai
2008-09-17 12:34 --------- d-----w c:\documents and settings\legolas\Application Data\Sony Corporation
2008-09-17 12:26 --------- d-----w c:\program files\Sony
2008-09-17 12:25 --------- d-----w c:\documents and settings\legolas\Application Data\InstallShield
2008-09-17 05:16 --------- d-----w c:\program files\MSECache
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-16_11.19.49.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-03 13:12:24 63,590 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-16 03:20:20 63,590 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-03 13:12:24 404,536 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-16 03:20:20 404,536 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-25 1372160]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-11-25 481280]
"Yahoo! Pager"="~c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-01-31 253952]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 319488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-09-08 106496]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-19 49152]
"tsnp2std"="c:\windows\tsnp2std.exe" [2005-11-03 106496]
"snp2std"="c:\windows\vsnp2std.exe" [2005-08-16 339968]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-01-31 385024]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

c:\documents and settings\legolas\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]
Wallpaper Calendar.lnk - c:\program files\zepsoft\Wallpaper Calendar\WallCal3.exe [2002-10-20 1226752]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-03-16 10872]
VersionTrackerPro.lnk - c:\windows\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2008-07-09 53248]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 626176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 11:27 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25350:TCP"= 25350:TCP:BitComet 25350 TCP
"25350:UDP"= 25350:UDP:BitComet 25350 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 14336]
R2 Gizmo Plugin;Gizmo VoIP Service;"c:\program files\GizmoPlugin\GizmoPlugin.exe" [2008-01-13 962048]
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-09-17 974464]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [2008-11-03 18688]
S3 CAM1690;USB PC CAMERA 301P;c:\windows\system32\Drivers\cam1690.sys [2007-09-20 177280]
S3 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\Drivers\epm-shd.sys []
S3 MR97310_VGA_DUAL_CAMERA;Digital Camera;c:\windows\system32\DRIVERS\mr97310v.sys [2007-12-28 115790]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);c:\windows\system32\DRIVERS\snp2sxp.sys [2007-12-12 8816128]
S3 usb2vcom;USB Data Cable;c:\windows\system32\DRIVERS\usb2vcom.sys [2007-10-21 29152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"c:\program files\Internet Explorer\iexplore.exe" -userconfig
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 01:30:45
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3447.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3447.dll"
.
Completion time: 2008-11-17 1:31:16
ComboFix-quarantined-files.txt 2008-11-16 17:31:14
ComboFix4.txt 2008-11-16 03:20:38
ComboFix3.txt 2008-11-16 04:15:00
ComboFix2.txt 2008-11-16 04:36:14

Pre-Run: 4,855,234,560 bytes free
Post-Run: 4,857,348,096 bytes free

189 --- E O F --- 2008-11-13 19:01:11

Ried · 11-16-2008, 10:54 AM

My apologies..I inadvertently omitted 2 files that need to be deleted.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/309347-hidden-files-can-t-shown-moved-xp-post1806775.html#post1806775

Collect::
C:\lky.exe

DirLook::
C:\ckis

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.
A browser will open.
Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------

Finally, it's very important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Panda ActiveScan

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Click on Scan Your PC Now
A "pop up" window will appear, or a new tab will open.
Click on Register
Choose the option you like most, but we recommend the Free Registration.
Click on Register
Enter your e-mail address, and create a password.
Select "I do not want to receive any type of information". (unless you want to receive such information)
Click on Send
Confirm registration, and continue by entering your user name and password, then click on Enter
Select Full Scan, then Click on Scan Now
Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
Please ignore the offer to buy the program. Click on Export To
Export the log and save it to your desktop.
Please attach the contents of that log in your next reply.

Please include the following in your next reply:

C:\ComboFix.txt
attached Panda scan results

naj113 · 11-18-2008, 12:51 AM

Ok Ried, here is my log,

Combofix log:

ComboFix 08-11-13.02 - legolas 2008-11-17 11:03:10.7 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1040 [GMT 8:00]
Running from: d:\software\ComboFix.exe
Command switches used :: d:\software\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
?:\windows\system32\ntdll.dll
C:\lky.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.

2008-11-17 10:29 . 2008-11-17 10:29 <DIR> d--hs---- C:\FOUND.028
2008-11-15 17:21 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis
2008-11-15 13:50 . 2008-11-15 13:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-05 01:47 . 2008-11-05 01:47 <DIR> d-------- C:\rsit
2008-11-05 01:33 . 2008-11-05 01:34 250 --a------ c:\windows\gmer.ini
2008-11-03 21:27 . 2008-11-03 21:27 37,473 --a------ c:\windows\system32\muzika.xm
2008-11-03 21:26 . 2008-11-03 21:26 <DIR> d-------- c:\program files\Alwil Software
2008-11-03 13:40 . 2001-08-17 13:52 18,688 --a------ c:\windows\system32\drivers\cdaudio.sys
2008-11-03 13:40 . 2001-08-17 13:52 18,688 --a------ c:\windows\system32\dllcache\cdaudio.sys
2008-10-26 20:10 . 2008-10-26 20:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-10-26 19:20 . 2008-10-26 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira(2)
2008-10-26 05:16 . 2008-10-26 05:16 <DIR> d--hs---- C:\FOUND.027
2008-10-23 00:42 . 2008-10-23 00:42 <DIR> d-------- C:\Star Wars Jedi Knight - Jedi Academy (2 Cds)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-09-29 14:20 --------- d-----w c:\documents and settings\legolas\Application Data\Metacafe
2008-09-29 14:16 --------- d-----w c:\program files\Metacafe
2008-09-29 14:16 --------- d-----w c:\program files\Common Files\Akamai
2008-09-17 12:34 --------- d-----w c:\documents and settings\legolas\Application Data\Sony Corporation
2008-09-17 12:26 --------- d-----w c:\program files\Sony
2008-09-17 12:25 --------- d-----w c:\documents and settings\legolas\Application Data\InstallShield
2008-09-17 05:16 --------- d-----w c:\program files\MSECache
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\ckis ----

2006-05-14 01:02 112504 -rah----- c:\ckis\crack.lst

((((((((((((((((((((((((((((( snapshot@2008-11-16_11.19.49.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-17 01:38:44 6,658 ----a-w c:\windows\SoftwareDistribution\EventCache\{51247BA0-12C9-4154-8D85-D1B112CF4F4E}.bin
- 2008-11-03 13:12:24 63,590 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-16 03:20:20 63,590 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-03 13:12:24 404,536 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-16 03:20:20 404,536 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-25 1372160]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-11-25 481280]
"Yahoo! Pager"="~c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-01-31 253952]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 319488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-09-08 106496]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-19 49152]
"tsnp2std"="c:\windows\tsnp2std.exe" [2005-11-03 106496]
"snp2std"="c:\windows\vsnp2std.exe" [2005-08-16 339968]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-01-31 385024]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

c:\documents and settings\legolas\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]
Wallpaper Calendar.lnk - c:\program files\zepsoft\Wallpaper Calendar\WallCal3.exe [2002-10-20 1226752]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-03-16 10872]
VersionTrackerPro.lnk - c:\windows\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2008-07-09 53248]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 626176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 11:27 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25350:TCP"= 25350:TCP:BitComet 25350 TCP
"25350:UDP"= 25350:UDP:BitComet 25350 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 14336]
R2 Gizmo Plugin;Gizmo VoIP Service;"c:\program files\GizmoPlugin\GizmoPlugin.exe" [2008-01-13 962048]
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-09-17 974464]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [2008-11-03 18688]
S3 CAM1690;USB PC CAMERA 301P;c:\windows\system32\Drivers\cam1690.sys [2007-09-20 177280]
S3 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\Drivers\epm-shd.sys []
S3 MR97310_VGA_DUAL_CAMERA;Digital Camera;c:\windows\system32\DRIVERS\mr97310v.sys [2007-12-28 115790]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);c:\windows\system32\DRIVERS\snp2sxp.sys [2007-12-12 8816128]
S3 usb2vcom;USB Data Cable;c:\windows\system32\DRIVERS\usb2vcom.sys [2007-10-21 29152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"c:\program files\Internet Explorer\iexplore.exe" -userconfig
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 11:05:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3447.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3447.dll"
.
Completion time: 2008-11-17 11

05
ComboFix-quarantined-files.txt 2008-11-17 03

04
ComboFix4.txt 2008-11-16 04:15:00
ComboFix3.txt 2008-11-16 04:36:14
ComboFix5.txt 2008-11-17 02:05:18
ComboFix2.txt 2008-11-16 17:31:18

Pre-Run: 4,682,252,288 bytes free
Post-Run: 4,662,214,656 bytes free

193 --- E O F --- 2008-11-13 19:01:11

ActiveScan log:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-11-18 15:27:09
PROTECTIONS: 1
MALWARE: 64
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Avira AntiVir PersonalEdition 8.0.1.15 Yes No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.atdmt.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.mediaplex.com/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@anm.co[1].txt
00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@paycounter[1].txt
00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@tucows[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@revenue[2].txt
00159860 Application/Psshutdown.A HackTools No 0 Yes No C:\Program Files\Winamp\Skins\EPS2.WAL[shutdown.exe]
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@www.myaffiliateprogram[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.yadro.ru/]
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@landing.domainsponsor[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@xiti[1].txt
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@hotlog[1].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@tickle[2].txt
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@gostats[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@azjmp[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@bs.serving-sys[2].txt
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@as-us.falkag[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@adtech[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@server.iad.liveperson[3].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@fl01.ct2.comclick[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@media.adrevolver[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@realmedia[2].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@www5.addfreestats[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.adrevolver.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@bravenet[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@adultfriendfinder[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@searchportal.information[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@atwola[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@www3.addfreestats[1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@www6.addfreestats[2].txt
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP655\A0194597.EXE[C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP655\A0194597.EXE][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No D:\SOFTWARE\Flash_Disinfector.exe[D:\SOFTWARE\Flash_Disinfector.exe][nircmd.exe]
00440499 W32/Lineage.KCR.worm Virus/Trojan No 1 Yes Yes C:\Qoobox\Quarantine\C\xih9.cmd.vir
00440499 W32/Lineage.KCR.worm Virus/Trojan No 1 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194352.CMD
00440499 W32/Lineage.KCR.worm Virus/Trojan No 1 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194354.CMD
00443985 W32/Lineage.KDD Virus/Worm No 1 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194353.CMD
00443985 W32/Lineage.KDD Virus/Worm No 1 Yes Yes C:\Qoobox\Quarantine\C\nq0cq.cmd.vir
00443985 W32/Lineage.KDD Virus/Worm No 1 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194351.CMD
00445556 W32/Lineage.KDJ Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP655\A0194556.COM
00445556 W32/Lineage.KDJ Virus No 0 Yes Yes C:\Qoobox\Quarantine\C\sq.com.vir
00445556 W32/Lineage.KDJ Virus No 0 Yes Yes C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ckvo.exe.vir
00445556 W32/Lineage.KDJ Virus No 0 Yes No C:\Qoobox\Quarantine\[4]-Submit_2008-11-17@1.28.zip[Collect_sq.com.vir]
00445556 W32/Lineage.KDJ Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194347.EXE
00445556 W32/Lineage.KDJ Virus No 0 Yes Yes D:\SQ.COM
00445563 W32/Lineage.KDJ.worm Virus/Worm No 0 Yes Yes C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ckvo0.dll.vir
00445563 W32/Lineage.KDJ.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194348.DLL
00445563 W32/Lineage.KDJ.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194349.DLL
00445563 W32/Lineage.KDJ.worm Virus/Worm No 0 Yes Yes C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ckvo1.dll.vir
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192384.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192368.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194303.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193555.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192347.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192401.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192528.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194340.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192558.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194301.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193571.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194239.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194237.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192345.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193660.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194207.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194342.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194202.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\Qoobox\Quarantine\C\autorun.inf.vir
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194209.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194097.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192366.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194085.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194053.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192382.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194068.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192399.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194204.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194051.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194070.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192526.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193658.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192530.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194099.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193569.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192556.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194087.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193553.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192532.INF
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194098.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193568.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192555.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194086.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193657.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192529.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194203.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192525.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194050.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194067.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192398.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194069.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192396.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194208.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192381.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194084.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193554.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194096.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194201.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194206.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194052.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194238.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\kamsoft.exe.vir
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192365.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193659.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192363.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\Qoobox\Quarantine\C\lky.exe.vir
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194236.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194300.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes No C:\Qoobox\Quarantine\[4]-Submit_2008-11-17@1.28.zip[Collect_kamsoft.exe.vir]
00450469 W32/Lineage.KDV Virus No 0 Yes No C:\Qoobox\Quarantine\[4]-Submit_2008-11-17@10.05.zip[Collect_lky.exe.vir]
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192344.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194339.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192346.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194302.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192367.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194341.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192383.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP655\A0194559.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192400.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP656\A0194626.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192527.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\LKY.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192531.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193552.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192557.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193570.EXE
00509861 Hacktool/AngryScan HackTools No 1 Yes No D:\SOFTWARE\angry_ip_scanner_(v_2.21).exe
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194380.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP658\A0195734.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\WINDOWS\PSEXESVC.EXE
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@adserver.easyad[1].txt
02090013 Generic Malware Virus/Trojan No 0 Yes Yes D:\STYLEXP\!!Icons & Styles\Visual Style\Style XP 1.2\Style Xp KeyGen REAL (1).exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP655\A0194614.SYS
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194360.SYS
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP656\A0194633.SYS
02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@h.starware[1].txt
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192553.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193551.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193567.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193656.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194047.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192397.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194081.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194200.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194235.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194299.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192380.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP655\A0194557.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP655\A0194558.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gasretyw0.dll.vir
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192524.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gasretyw1.dll.vir
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192364.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194065.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes No C:\Qoobox\Quarantine\[4]-Submit_2008-11-17@1.28.zip[Collect_gasretyw1.dll.vir]
;===================================================================================================================================================================================
SUSPECTS
Sent Location 2
;===================================================================================================================================================================================
No C:\Program Files\Common Files\Akamai\AdminTool.exe 2
No C:\Program Files\mIRC\MIRC.EXE 2
No C:\Program Files\Internet Download Manager\IDMan.exe 2
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 2
;===================================================================================================================================================================================
182048 HIGH MS07-069 2
176382 HIGH MS07-057 2
170911 HIGH MS07-050 2
170906 HIGH MS07-045 2
164913 HIGH MS07-033 2
160623 HIGH MS07-027 2
150253 HIGH MS07-016 2
145501 HIGH MS07-004 2
;===================================================================================================================================================================================

Ried · 11-19-2008, 06:47 AM

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Please download ATF Cleaner by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

--------------------------------------------------------------------

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/309347-hidden-files-can-t-shown-moved-xp.html#post1809701

Collect::
c:\ckis\crack.lst

Folder::
c:\ckis

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"=-

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.
A browser will open.
Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------

angry_ip_scanner_ is a program for scanning IP networks for NetBIOS name and other pertinent information. Did you download this program/tool?

If not, please delete it:

D:\SOFTWARE\angry_ip_scanner_(v_2.21).exe

==================================

Please return with the C:\ComboFix.txt. How is the system behaving now?

naj113 · 11-19-2008, 09:26 AM

Ok, here is combofix log, the angry ip scanner is been downloaded by myself. It is not a threat for my pc.

ComboFix 08-11-13.02 - legolas 2008-11-20 0:17:28.8 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.784 [GMT 8:00]
Running from: d:\software\ComboFix.exe
Command switches used :: d:\software\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\ckis
c:\ckis\crack.lst

.
((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-19 00:07 . 2008-11-19 00:08 <DIR> d-------- c:\program files\SearchIn1Step
2008-11-19 00:07 . 2008-11-19 00:07 <DIR> d-------- c:\program files\Alarm Clock
2008-11-19 00:07 . 2000-07-15 00:00 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2008-11-17 17:34 . 2008-11-17 17:34 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-17 12:16 . 2008-11-17 12:16 <DIR> d-------- c:\windows\LastGood
2008-11-17 12:16 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-17 11:16 . 2008-11-17 11:17 <DIR> d-------- c:\program files\Panda Security
2008-11-17 10:29 . 2008-11-17 10:29 <DIR> d--hs---- C:\FOUND.028
2008-11-15 13:50 . 2008-11-15 13:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-05 01:47 . 2008-11-05 01:47 <DIR> d-------- C:\rsit
2008-11-05 01:33 . 2008-11-05 01:34 250 --a------ c:\windows\gmer.ini
2008-11-03 21:27 . 2008-11-03 21:27 37,473 --a------ c:\windows\system32\muzika.xm
2008-11-03 21:26 . 2008-11-03 21:26 <DIR> d-------- c:\program files\Alwil Software
2008-11-03 13:40 . 2001-08-17 13:52 18,688 --a------ c:\windows\system32\drivers\cdaudio.sys
2008-11-03 13:40 . 2001-08-17 13:52 18,688 --a------ c:\windows\system32\dllcache\cdaudio.sys
2008-10-26 20:10 . 2008-10-26 20:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-10-26 19:20 . 2008-10-26 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira(2)
2008-10-26 05:16 . 2008-10-26 05:16 <DIR> d--hs---- C:\FOUND.027
2008-10-23 00:42 . 2008-10-23 00:42 <DIR> d-------- C:\Star Wars Jedi Knight - Jedi Academy (2 Cds)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-09-29 14:20 --------- d-----w c:\documents and settings\legolas\Application Data\Metacafe
2008-09-29 14:16 --------- d-----w c:\program files\Metacafe
2008-09-29 14:16 --------- d-----w c:\program files\Common Files\Akamai
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-16_11.19.49.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-30 11:19:20 92,504 ----a-w c:\windows\LastGood\system32\cdm.dll
+ 2007-07-30 11:19:36 549,720 ----a-w c:\windows\LastGood\system32\wuapi.dll
+ 2007-07-30 11:19:16 53,080 ----a-w c:\windows\LastGood\system32\wuauclt.exe
+ 2007-07-30 11:19:42 1,712,984 ----a-w c:\windows\LastGood\system32\wuaueng.dll
+ 2007-07-30 11:19:32 325,976 ----a-w c:\windows\LastGood\system32\wucltui.dll
+ 2007-07-30 11:18:40 33,624 ----a-w c:\windows\LastGood\system32\wups.dll
+ 2007-07-30 11:19:12 43,352 ----a-w c:\windows\LastGood\system32\wups2.dll
+ 2007-07-30 11:19:28 203,096 ----a-w c:\windows\LastGood\system32\wuweb.dll
- 2008-11-03 13:12:24 63,590 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-16 03:20:20 63,590 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-03 13:12:24 404,536 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-16 03:20:20 404,536 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-16 06:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 06:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-25 1372160]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-11-25 481280]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-03-01 4670968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-01-31 253952]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 319488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-09-08 106496]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-19 49152]
"tsnp2std"="c:\windows\tsnp2std.exe" [2005-11-03 106496]
"snp2std"="c:\windows\vsnp2std.exe" [2005-08-16 339968]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-01-31 385024]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

c:\documents and settings\legolas\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]
Wallpaper Calendar.lnk - c:\program files\zepsoft\Wallpaper Calendar\WallCal3.exe [2002-10-20 1226752]
Alarm Clock.lnk - c:\program files\Alarm Clock\AlarmClock.exe [2008-11-19 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-03-16 10872]
VersionTrackerPro.lnk - c:\windows\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2008-07-09 53248]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 626176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 11:27 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25350:TCP"= 25350:TCP:BitComet 25350 TCP
"25350:UDP"= 25350:UDP:BitComet 25350 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 14336]
R2 Gizmo Plugin;Gizmo VoIP Service;"c:\program files\GizmoPlugin\GizmoPlugin.exe" [2008-01-13 962048]
R2 SearchIn1Step Service;SearchIn1Step Service;"c:\program files\SearchIn1Step\searchin1.exe" "c:\program files\SearchIn1Step\searchin1.dll" Service []
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-09-17 974464]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [2008-11-03 18688]
S3 CAM1690;USB PC CAMERA 301P;c:\windows\system32\Drivers\cam1690.sys [2007-09-20 177280]
S3 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\Drivers\epm-shd.sys []
S3 MR97310_VGA_DUAL_CAMERA;Digital Camera;c:\windows\system32\DRIVERS\mr97310v.sys [2007-12-28 115790]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);c:\windows\system32\DRIVERS\snp2sxp.sys [2007-12-12 8816128]
S3 usb2vcom;USB Data Cable;c:\windows\system32\DRIVERS\usb2vcom.sys [2007-10-21 29152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02d37e6c-4635-11db-99f2-0012f0e8a6ec}]
\Shell\AutoRun\command - F:\Autorun.exe

*Newly Created Service* - SEARCHIN1STEP_SERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"c:\program files\Internet Explorer\iexplore.exe" -userconfig
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 00:20:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3447.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3447.dll"
.
Completion time: 2008-11-20 0:20:57
ComboFix-quarantined-files.txt 2008-11-19 16:20:54
ComboFix4.txt 2008-11-16 04:36:14
ComboFix5.txt 2008-11-19 16:16:48
ComboFix3.txt 2008-11-16 17:31:18
ComboFix2.txt 2008-11-17 03

08

Pre-Run: 5,758,828,544 bytes free
Post-Run: 5,768,527,872 bytes free

211 --- E O F --- 2008-11-18 19:00:11

Ried · 11-19-2008, 08:54 PM

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will clear out the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.

Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.

11-04-2008, 04:22 AM	#1 (permalink)
naj113 Registered User Join Date: Nov 2008 Posts: 8 OS: Win Xp	Hidden Files can't be shown..[moved from xp] Hello guys, I have a problem where my hidden files and folders can't be shown although i had try to set it at folder option as show hidden files. But, it automatically change back to do not show hidden files. I have run the HijackThis software and this is the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:10:44 PM, on 11/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5335.0005) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\GizmoPlugin\GizmoPlugin.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\acer\Wireless\Utility\WlanUtil.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Atheros\ACU.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\tsnp2std.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Metacafe\MetacafeAgent.exe C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\mozilla stuffs\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.128.11:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.elearning.edu.my;<local> R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [acerWireless] C:\Program Files\acer\Wireless\Utility\WlanUtil.exe O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe O4 - Startup: Wallpaper Calendar.lnk = C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: VersionTrackerPro.lnk = ? O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/activex..._v1-0-3-18.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176011468640 O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://www.innotive.com/download/cibrowser11.cab O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing) O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- End of file - 15399 bytes Please someone help me...I had done a lot of thing like antivirus scanning..but it doesn't work at all..

11-04-2008, 04:37 AM	#2 (permalink)
Dunedin Mentor Join Date: Jul 2007 Location: Over the Forth from Edinburgh, Scotland Posts: 3,571 OS: WinXP Pro/Windows7 RTM Ultimate	Re: Hidden Files can't be shown.. Hello naj113 Yes, I think you have a virus there. Please read this article; "New Instructions” follow the instructions very carefully; then, post all the requested logs and information; as instructed, in this same thread. I will get someone to move the thread to the HJT Help Forum. When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed. However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds. Don`t try to fix this yourself as you could do damage and lose all access to your system Please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can. . __________________

11-14-2008, 09:38 PM	#4 (permalink)
naj113 Registered User Join Date: Nov 2008 Posts: 8 OS: Win Xp	Re: Hidden Files can't be shown..[moved from xp] BUMP Please someone help my problem...tq

11-15-2008, 12:28 AM	#5 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,792 OS: WinXP and Vista	Re: Hidden Files can't be shown..[moved from xp] Hello naj113, It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate. Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. ************************************************* Download ComboFix from one of these locations: Link 1 Link 2 Link 3** * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on combofix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt** in your next reply. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

11-15-2008, 09:07 PM	#7 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,792 OS: WinXP and Vista	Re: Hidden Files can't be shown..[moved from xp] Before we continue, why did the Recovery Console not install? Did you receive an error messages? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

11-19-2008, 08:54 PM	#15 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,792 OS: WinXP and Vista	Re: Hidden Files can't be shown..[moved from xp] Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links: The following procedure will clear out the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point. Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK: ComboFix /u -------------------------------------------------------------------- To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page. IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? Think Prevention Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. ----------------------------------------------------- Follow the list above and the potential for infection will reduce dramatically. Kindly respond one more time and let me know if we may consider this thread resolved. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."