Tech Support Forum banner

re: my mate's malware problem

1024 Views 5 Replies 2 Participants Last post by  shaferintl
re: my mate's malware problem

hi, i was advised by some colleagues of yours to do the hijack this process thing and here is the thread:
http://www.techsupportforum.com/f10/re-csrss-exe-file-missing-i-think-252870.html

as you know from that thread its my mate's one coz he doesn't have an account and i've been on this a few times now. i done the active scan thing but half way through (at about 300,000 files scanned) a profile thing came up and asked me to chose and i cancelled it because i assumed it was irrelevant and then it skipped straight to 100%. none the less, i still have this activescan.txt file (following it is the "main.txt" file) and attached is the "extra.txt" file as suggested in the 5 step guide:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-26 17:34:07
PROTECTIONS: 1
MALWARE: 71
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Internet Security 7.0.0.120 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F.tmp
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Local Settings\Temp\Cookies\seden [email protected][2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][4].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][3].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20.tmp
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C.tmp
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12.tmp
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Local Settings\Temp\Cookies\seden [email protected][1].txt
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][2].txt
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Local Settings\Temp\Cookies\seden [email protected][1].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[.yadro.ru/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden sa[email protected][1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq82.tmp
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[ad.yieldmanager.com/]
00168069 Cookie/Bilbo.counted TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7E.tmp
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7D.tmp
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD.tmp
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected]tat.onestat[2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E.tmp
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Local Settings\Temp\Cookies\seden [email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][4].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Local Settings\Temp\Cookies\seden [email protected][3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[.zedo.com/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Application Data\Mozilla\Firefox\Profiles\2lmjj1nz.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Local Settings\Temp\Cookies\seden [email protected][2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][3].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp
00234869 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][1].txt
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld7355.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld97e7.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld29ad.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld85a6.tmp
00264418 adware/spywarequake Adware No 0 Yes No c:\windows\system32\1024\ld3bdf.tmp
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Seden Salih\Cookies\seden [email protected][3].txt
00505668 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
02095979 Dialer.ISB Dialers No 1 Yes No C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe
02938511 Trj/Proxy.BF Virus/Trojan No 1 Yes No C:\WINDOWS\system32\pdcocigh.dll
02938511 Trj/Proxy.BF Virus/Trojan No 1 Yes No C:\WINDOWS\system32\dqvwrjlr.dll
02938570 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\eujmxced.dll
02938578 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP215\A0873293.dll
02940808 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\sxtntuwy.dll
02940861 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\xbnmkufy.dll
02940899 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\shxqmcah.dll
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\pmluuhcp.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\irdehpns.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\xnrypnxg.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\rkkuquof.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\ixlwhqja.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\eichljug.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\ekpmgrfo.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\elvvjkux.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\mwsmwuvb.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\qeeckbke.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\juwuqiku.exe
02947658 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ylqcclfh.dll
02947660 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\eukuayug.dll
02947715 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\amnvxknj.dll
02960474 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP210\A0864150.dll
02960474 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP210\A0866181.dll
02969327 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP210\A0861056.exe
02970980 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\dctnlcen.dll
02971194 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\micgeebl.dll
02972460 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\wsnllxfs.dll
02972461 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\iryvsmof.dll
02972464 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP212\A0868273.dll
02972465 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\dcbkflrm.dll
02974428 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\pnfpghrp.dll
02974549 Trj/KillAV.HY Virus/Trojan No 1 Yes No C:\WINDOWS\system32\gaaoihbf.dll
02974549 Trj/KillAV.HY Virus/Trojan No 1 Yes No C:\WINDOWS\system32\gksylbxj.dll
02974549 Trj/KillAV.HY Virus/Trojan No 1 Yes No C:\WINDOWS\system32\pekhrghm.dll
02974549 Trj/KillAV.HY Virus/Trojan No 1 Yes No C:\WINDOWS\system32\qibpaimq.dll
02984114 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\YRRBVYNY.DLL
02984118 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\hhfatqea.dll
02984118 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\xjghxnwh.dll
02984118 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\pbtnhmny.dll
02984118 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\xbdjsmma.dll
02984118 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\nqnlmxow.dll
02984118 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\pjkadfoa.dll
02990114 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP213\A0871273.dll
02990116 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\olkufxdt.dll
02990119 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP214\A0873273.dll
02990123 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ijopyeey.dll
02990125 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\dlrwpodk.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location V
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description V
;===================================================================================================================================================================================
;===================================================================================================================================================================================










Deckard's System Scanner v20071014.68
Run by Seden Salih on 2008-05-26 19:59:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
49: 2008-05-26 19:00:02 UTC - RP224 - Deckard's System Scanner Restore Point
48: 2008-05-26 18:23:01 UTC - RP223 - Software Distribution Service 3.0
47: 2008-05-26 17:58:31 UTC - RP222 - Software Distribution Service 3.0
46: 2008-05-26 13:42:44 UTC - RP221 - Removed Sonic DLA
45: 2008-05-26 13:33:45 UTC - RP220 - Removed Norton Security Center


-- First Restore Point --
1: 2008-05-04 10:44:47 UTC - RP176 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-26 20:02:16
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\McAfee\MSC\mcregist.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\Seden Salih\My Documents\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
F0 - system.ini: Shell=explorer.exe C:\WINDOWS\Media\csrss.exe
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\Media\csrss.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089fd14d-132b-48fc-8861-0048ae113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: {8d35c97a-b8e5-4c0b-b904-e4326b3b5cc5} - {5cc5b3b6-234e-409b-b0c4-5e8ba79c53d8} - C:\WINDOWS\system32\yrrbvyny.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {aceed890-bb1c-4aba-9717-6845ef9a2404} - C:\WINDOWS\system32\tuvULFWP.dll (file missing)
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Min stor proj. - {FFFFFFFF-B432-46fc-9143-B82B832B1B14} - interns32.dll (file missing)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [c4ecf8e6] rundll32.exe "C:\WINDOWS\system32\txpxtguv.dll",b
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BMc7dfcb7a] Rundll32.exe "C:\WINDOWS\system32\xwmynmej.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?455e2b92a0574c19b31ff436632aaa53
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?455e2b92a0574c19b31ff436632aaa53
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} () - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: geBsqQKE - C:\WINDOWS\system32\geBsqQKE.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee Anti-Spam Service (msk80service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: siteadvisor service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPcservice.exe


--
End of file - 11390 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 scdemu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 qkbfiltr (Quanta HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\qkbfiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta HotKey Keyboard Filter Driver>
R3 qmofiltr (Quanta HotKey Mouse Filter Driver) - c:\windows\system32\drivers\qmofiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta Mouse Filter Device Driver>

S1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>

S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-26 15:18:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-02-29 16:40:38 276 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-02-29 16:40:35 368 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-04-26 and 2008-05-26 -----------------------------

2008-05-26 19:51:45 0 d-------- C:\WINDOWS\Prefetch
2008-05-26 19:42:33 0 d-------- C:\WINDOWS\system32\scripting
2008-05-26 19:42:33 0 d-------- C:\WINDOWS\l2schemas
2008-05-26 19:42:31 0 d-------- C:\WINDOWS\system32\en
2008-05-26 19:42:31 0 d-------- C:\WINDOWS\system32\bits
2008-05-26 19:39:20 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-26 19:35:47 0 d-------- C:\WINDOWS\network diagnostic
2008-05-26 19:29:21 0 d-------- C:\WINDOWS\EHome
2008-05-26 18:16:46 0 d-------- C:\ie-spyad_zo
2008-05-26 17:57:57 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-26 15:18:07 0 d-------- C:\Program Files\Panda Security
2008-05-26 13:53:37 245760 --a------ C:\Program Files\Uninstall Ask Toolbar.dll <Not Verified; Ask.com; Ask Toolbar for Internet Explorer>
2008-05-23 12:09:05 0 d-------- C:\Documents and Settings\LocalService\Application Data\Identities
2008-05-18 09:15:55 0 d-------- C:\Program Files\Managed DirectX (0901)
2008-05-17 14:19:24 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-05-17 14:19:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-17 14:19:08 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-17 14:17:17 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-05-17 12:25:21 100928 --a------ C:\WINDOWS\system32\xwmynmej.dll
2008-05-16 12:34:31 102464 --a------ C:\WINDOWS\system32\yrrbvyny.dll
2008-05-16 12:31:31 90688 --a------ C:\WINDOWS\system32\txpxtguv.dll
2008-05-15 15:51:40 99904 --a------ C:\WINDOWS\system32\olkufxdt.dll
2008-05-15 13:16:11 101952 --a------ C:\WINDOWS\system32\dlrwpodk.dll
2008-05-14 15:53:04 99392 --a------ C:\WINDOWS\system32\pnfpghrp.dll
2008-05-14 15:02:05 100928 --a------ C:\WINDOWS\system32\ijopyeey.dll
2008-05-12 17:09:28 101440 --a------ C:\WINDOWS\system32\dctnlcen.dll
2008-05-12 16:54:31 100416 --a------ C:\WINDOWS\system32\micgeebl.dll
2008-05-12 16:51:28 53312 --a------ C:\WINDOWS\system32\xbdjsmma.dll
2008-05-11 16:14:40 101952 --a------ C:\WINDOWS\system32\wsnllxfs.dll
2008-05-11 16:11:45 98368 --a------ C:\WINDOWS\system32\iryvsmof.dll
2008-05-11 16:11:38 53312 --a------ C:\WINDOWS\system32\pjkadfoa.dll
2008-05-09 19:42:46 53312 --a------ C:\WINDOWS\system32\pbtnhmny.dll
2008-05-09 19:41:17 98368 --a------ C:\WINDOWS\system32\amnvxknj.dll
2008-05-08 19:49:54 90176 --a------ C:\WINDOWS\system32\eukuayug.dll
2008-05-08 19:46:54 101440 --a------ C:\WINDOWS\system32\ylqcclfh.dll
2008-05-08 19:41:02 99904 --a------ C:\WINDOWS\system32\dcbkflrm.dll
2008-05-08 19:40:54 53312 --a------ C:\WINDOWS\system32\hhfatqea.dll
2008-05-08 13:51:40 1488187 --ahs---- C:\WINDOWS\system32\ywutntxs.ini2
2008-05-08 12:04:33 0 d-------- C:\Documents and Settings\Seden Salih\Application Data\Nero
2008-05-07 19:54:54 96832 --a------ C:\WINDOWS\system32\sxtntuwy.dll
2008-05-07 19:51:55 106560 --a------ C:\WINDOWS\system32\xbnmkufy.dll
2008-05-07 19:42:53 105024 --a------ C:\WINDOWS\system32\eujmxced.dll
2008-05-07 19:39:54 53312 --a------ C:\WINDOWS\system32\xjghxnwh.dll
2008-05-06 19:54:05 108608 --a------ C:\WINDOWS\system32\shxqmcah.dll
2008-05-06 19:37:30 53312 --a------ C:\WINDOWS\system32\nqnlmxow.dll
2008-05-04 11:55:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-04 11:55:07 0 d-------- C:\Program Files\Common Files\Nero
2008-05-04 11:44:32 903071 --ahs---- C:\WINDOWS\system32\PWFLUvut.ini2
2008-05-04 11:40:31 2 --a------ C:\-991102903
2008-05-04 11:39:58 20917 --a------ C:\WINDOWS\system32\es.dat
2008-05-04 11:39:52 74752 --a------ C:\ryseedt.exe
2008-05-04 11:39:43 43 --a------ C:\Documents and Settings\Seden Salih\RUNME.bat
2008-05-04 11:39:41 38400 --a------ C:\Documents and Settings\Seden Salih\patch.exe
2008-05-04 11:37:23 48 --a------ C:\Documents and Settings\Seden Salih\readme.bat
2008-05-04 11:06:12 0 d-------- C:\Program Files\AskTBar


-- Find3M Report ---------------------------------------------------------------

2008-05-26 19:55:35 0 d-------- C:\Program Files\MSN Messenger
2008-05-26 19:49:56 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-05-26 19:43:02 0 d-------- C:\Program Files\Messenger
2008-05-26 19:42:30 0 d-------- C:\Program Files\Movie Maker
2008-05-26 19:38:56 0 d-------- C:\Program Files\Windows NT
2008-05-26 14:42:52 0 d-------- C:\Program Files\Sonic
2008-05-26 14:37:24 0 d-------- C:\Program Files\Real
2008-05-26 14:37:24 0 d-------- C:\Program Files\Common Files\Real
2008-05-26 14:34:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-24 10:35:25 0 d-------- C:\Documents and Settings\Seden Salih\Application Data\Adobe
2008-05-24 10:33:45 1004 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-23 12:14:51 0 d-------- C:\Program Files\SiteAdvisor
2008-05-20 17:44:51 0 d-------- C:\Program Files\McAfee
2008-05-19 19:32:02 60568 --a----c- C:\Documents and Settings\Seden Salih\Application Data\GDIPFONTCACHEV1.DAT
2008-05-04 11:55:08 0 d-------- C:\Program Files\Nero
2008-05-04 11:55:07 0 d-------- C:\Program Files\Common Files
2008-05-04 11:16:40 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-03 13:25:34 0 d-------- C:\Documents and Settings\Seden Salih\Application Data\BitTorrent
2008-04-21 19:01:43 174 --a------ C:\Documents and Settings\Seden Salih\Application Data\wklnhst.dat
2008-04-21 19:01:36 0 d-------- C:\Documents and Settings\Seden Salih\Application Data\Template
2008-04-10 20:01:26 0 d-------- C:\Program Files\iTunes
2008-04-10 20:00:45 0 d-------- C:\Program Files\iPod
2008-04-10 19:55:02 0 d-------- C:\Program Files\QuickTime
2008-04-10 19:45:10 0 d-------- C:\Program Files\Apple Software Update
2008-04-10 19:42:45 0 d-------- C:\Program Files\Common Files\Apple
2008-03-30 16:49:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-30 16:39:34 0 d-------- C:\Program Files\BlueSprite


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377c180e-6f0e-4d4c-980f-f45bd3d40cf4}]
26/11/2007 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5cc5b3b6-234e-409b-b0c4-5e8ba79c53d8}]
16/05/2008 12:34 102464 --a------ C:\WINDOWS\system32\yrrbvyny.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aceed890-bb1c-4aba-9717-6845ef9a2404}]
C:\WINDOWS\system32\tuvULFWP.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-B432-46fc-9143-B82B832B1B14}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37]
"c4ecf8e6"="C:\WINDOWS\system32\txpxtguv.dll" [16/05/2008 12:31]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 23:33]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [24/07/2006 21:28]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [30/11/2007 05:42]
"BluetoothAuthenticationAgent"="bthprops.cpl" [14/04/2008 01:12 C:\WINDOWS\system32\bthprops.cpl]
"BMc7dfcb7a"="C:\WINDOWS\system32\xwmynmej.dll" [17/05/2008 12:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [02/03/2007 00:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [23/11/2004 16:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe C:\WINDOWS\Media\csrss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBsqQKE]
geBsqQKE.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\tuvULFWP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533c5b84-ec70-11d2-9505-00c04f79deaf}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Broadband Desktop Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Broadband Desktop Help.lnk
backup=C:\WINDOWS\pss\Broadband Desktop Help.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-GB ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bmc7dfcb7a]
Rundll32.exe "C:\WINDOWS\system32\amnvxknj.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c4ecf8e6]
rundll32.exe "C:\WINDOWS\system32\eukuayug.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gay_Sexy_gb]
C:\Program Files\SCom\Dialers\Gay_Sexy_gb\Gay_Sexy_gb.exe /dontdial

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1170175293\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Documents and Settings\Seden Salih\My Documents\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
"C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runwinlogon]
C:\WINDOWS\winlogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Super Audio Grabber 3.0]
"C:\Program Files\BlueSprite\Super Audio Grabber 3.0\SAGrab.exe"/a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]
"C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
C:\Program Files\USB Disk Win98 Driver\Res.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-05-26 20:05:29 ------------



if there is anything else you need don't hesitate to ask

ehab

Attachments

See less See more
Status
Not open for further replies.
1 - 6 of 6 Posts
Re: my mate's malware problem

ehababoud,

Thanks for your patience. Our volunteers are very busy. Your log indicates that you have Malware on your system. Let's get started.

Please visit this webpage familiarize yourself with downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix. Download ComboFix and place it on your Desktop.

Execute Combofix as follows:
  • Double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang.

Please post the Combofix log and a new HijackThis log in your next reply. Please also say how your computer is running now. :)
See less See more
Re: my mate's malware problem

quick question (Sorry if this sounds stupid but i want to make sure so i don't want to get it wrong) - as well as this new combofix you want a new hijackthis log? its perfectly fine but i'm just curious, and do i do the hijackthis log after the combofix one or does it matter?
thanks
Re: my mate's malware problem

ehababoud,

Great question! Please run the instructions in the order given - Combofix followed by a fresh HJT. Thanks!!
Re: my mate's malware problem

sorry for the long time replying - had exams but now all is over. first log is the combofix log and the one after is hijackthis. my mate told me that the symptoms originally seen (such as the task bar and desktop icons disappearing) have not showed up and it seems to be running ok i think, but as requested here it is:


MY COMBOFIX LOG


ComboFix 08-06-07.3 - Seden Salih 2008-06-08 13:07:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.448 [GMT 1:00]
Running from: C:\Documents and Settings\Seden Salih\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Seden Salih\Desktop\WinXP_EN_HOM_BF.EXE
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Seden Salih\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2008-06-07 18:14 . 2008-06-07 18:14 <DIR> d-------- C:\Program Files\DNA
2008-06-07 17:46 . 2008-06-07 18:06 <DIR> d-------- C:\Documents and Settings\Seden Salih\Application Data\Azureus
2008-06-07 17:46 . 2008-06-07 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-04 17:31 . 2008-06-06 14:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 17:31 . 2008-06-04 17:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-26 19:59 . 2008-05-26 19:59 <DIR> d-------- C:\Deckard
2008-05-26 19:42 . 2008-05-26 19:42 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-26 19:42 . 2008-05-26 19:42 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-26 19:42 . 2008-05-26 19:42 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-26 19:42 . 2008-05-26 19:42 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-26 19:39 . 2008-05-26 19:39 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-26 19:29 . 2008-05-26 19:29 <DIR> d-------- C:\WINDOWS\EHome
2008-05-26 19:20 . 2008-04-14 01:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-05-26 19:19 . 2008-04-14 01:11 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2008-05-26 18:16 . 2008-05-26 18:16 <DIR> d-------- C:\ie-spyad_zo
2008-05-26 17:57 . 2008-06-01 19:10 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-26 17:56 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-26 15:18 . 2008-05-26 15:18 <DIR> d-------- C:\Program Files\Panda Security
2008-05-24 18:53 . 2008-05-24 18:53 32 --a------ C:\WINDOWS\CD_Start.INI
2008-05-24 18:47 . 2008-05-24 18:47 268 --ah----- C:\sqmdata19.sqm
2008-05-24 18:46 . 2008-05-24 18:46 244 --ah----- C:\sqmnoopt19.sqm
2008-05-24 10:32 . 2008-05-24 10:32 268 --ah----- C:\sqmdata18.sqm
2008-05-24 10:32 . 2008-05-24 10:32 244 --ah----- C:\sqmnoopt18.sqm
2008-05-23 18:46 . 2008-05-23 18:46 244 --ah----- C:\sqmnoopt17.sqm
2008-05-23 18:46 . 2008-05-23 18:46 232 --ah----- C:\sqmdata17.sqm
2008-05-18 09:15 . 2008-05-18 09:15 <DIR> d-------- C:\Program Files\Managed DirectX (0901)
2008-05-17 16:29 . 2008-05-17 16:29 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor
2008-05-17 14:19 . 2008-05-17 14:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-17 14:19 . 2008-05-17 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-17 14:17 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-05-17 12:29 . 2008-05-17 12:29 285 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-12 16:51 . 2008-05-12 16:51 53,312 --a------ C:\WINDOWS\system32\xbdjsmma.dll
2008-05-11 16:11 . 2008-05-11 16:11 53,312 --a------ C:\WINDOWS\system32\pjkadfoa.dll
2008-05-11 15:14 . 2008-05-11 15:14 294 ---hs---- C:\WINDOWS\system32\vvlllhin.ini
2008-05-09 19:42 . 2008-05-09 19:42 53,312 --a------ C:\WINDOWS\system32\pbtnhmny.dll
2008-05-09 18:02 . 2008-05-09 18:02 268 --ah----- C:\sqmdata16.sqm
2008-05-09 18:02 . 2008-05-09 18:02 244 --ah----- C:\sqmnoopt16.sqm
2008-05-08 19:40 . 2008-05-08 19:40 53,312 --a------ C:\WINDOWS\system32\hhfatqea.dll
2008-05-08 12:06 . 2008-05-08 12:06 0 --a------ C:\WINDOWS\Irremote.ini
2008-05-08 12:04 . 2008-05-08 12:04 <DIR> d-------- C:\Documents and Settings\Seden Salih\Application Data\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 12:04 --------- d-----w C:\Documents and Settings\Seden Salih\Application Data\DNA
2008-06-08 11:27 47,360 -c--a-w C:\Documents and Settings\Seden Salih\Application Data\pcouffin.sys
2008-06-08 11:27 --------- d-----w C:\Program Files\vso
2008-06-08 11:27 --------- d-----w C:\Documents and Settings\Seden Salih\Application Data\Vso
2008-06-07 18:38 --------- d-----w C:\Documents and Settings\Seden Salih\Application Data\BitTorrent
2008-06-03 15:05 --------- d-----w C:\Documents and Settings\Seden Salih\Application Data\SiteAdvisor
2008-06-02 14:06 --------- d-----w C:\Program Files\BitTorrent
2008-05-27 10:39 --------- d-----w C:\Program Files\AskTBar
2008-05-26 18:55 --------- d-----w C:\Program Files\MSN Messenger
2008-05-26 13:42 --------- d-----w C:\Program Files\Sonic
2008-05-26 13:37 --------- d-----w C:\Program Files\Real
2008-05-26 13:37 --------- d-----w C:\Program Files\Common Files\Real
2008-05-26 13:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-23 11:14 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-20 16:44 --------- d-----w C:\Program Files\McAfee
2008-05-19 18:32 60,568 -c--a-w C:\Documents and Settings\Seden Salih\Application Data\GDIPFONTCACHEV1.DAT
2008-05-17 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-17 13:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-07 18:39 53,312 ----a-w C:\WINDOWS\system32\xjghxnwh.dll
2008-05-06 18:54 108,608 ----a-w C:\WINDOWS\system32\shxqmcah.dll
2008-05-06 18:37 53,312 ----a-w C:\WINDOWS\system32\nqnlmxow.dll
2008-05-04 10:59 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-04 10:55 --------- d-----w C:\Program Files\Nero
2008-05-04 10:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-04 10:39 74,752 ----a-w C:\ryseedt.exe
2008-05-04 10:16 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-04 05:00 38,400 ----a-w C:\Documents and Settings\Seden Salih\patch.exe
2008-04-21 18:01 174 ----a-w C:\Documents and Settings\Seden Salih\Application Data\wklnhst.dat
2008-04-21 18:01 --------- d-----w C:\Documents and Settings\Seden Salih\Application Data\Template
2008-04-17 10:11 43 ----a-w C:\Documents and Settings\Seden Salih\RUNME.bat
2008-04-14 04:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 04:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 04:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aceed890-bb1c-4aba-9717-6845ef9a2404}]
C:\WINDOWS\system32\tuvULFWP.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-07 18:14 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2006-07-24 21:28 35992]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 01:12 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBsqQKE]
geBsqQKE.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Broadband Desktop Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Broadband Desktop Help.lnk
backup=C:\WINDOWS\pss\Broadband Desktop Help.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-06-28 21:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2008-04-14 01:12 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bmc7dfcb7a]
C:\WINDOWS\system32\amnvxknj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c4ecf8e6]
C:\WINDOWS\system32\eukuayug.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 01:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNA]
C:\Program Files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gay_Sexy_gb]
C:\Program Files\SCom\Dialers\Gay_Sexy_gb\Gay_Sexy_gb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1170175293\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Documents and Settings\Seden Salih\My Documents\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 13:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
--a------ 2006-07-13 06:22 57344 C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
--a------ 2007-01-30 20:36 57344 C:\Program Files\MarkAny\ContentSafer\MAAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-08-03 23:33 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2005-06-22 15:29 417792 C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-04 13:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
--a------ 2004-11-17 10:56 1077327 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runwinlogon]
C:\WINDOWS\winlogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2005-05-12 10:31 118784 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
--a------ 2007-02-23 16:32 126976 C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Super Audio Grabber 3.0]
C:\Program Files\BlueSprite\Super Audio Grabber 3.0\SAGrab.exe/a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-10-08 22:43 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-10-08 22:44 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a------ 2005-04-11 11:26 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]
--a------ 2005-08-01 22:25 1093632 C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
--a------ 2005-09-14 20:44 65536 C:\Program Files\USB Disk Win98 Driver\Res.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-08-31 18:11 2478080 C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2003-12-09 14:03 57344 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Documents and Settings\\Seden Salih\\My Documents\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-11 05:42]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-04-01 01:08]
R3 iadusb;BT Voyager 205 ADSL Router;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-01-05 21:24]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2005-05-09 15:17]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-02 14:18:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-29 15:40:38 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-02-29 15:40:35 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 13:09:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-08 13:11:31
ComboFix-quarantined-files.txt 2008-06-08 12:10:40
ComboFix2.txt 2008-06-08 12:00:22

Pre-Run: 19,638,517,760 bytes free
Post-Run: 19,618,070,528 bytes free

WinXP_EN_HOM_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

347 --- E O F --- 2008-05-16 09:35:37

MY hijackthis log





Deckard's System Scanner v20071014.68
Run by Seden Salih on 2008-06-09 17:40:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Seden Salih.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:42:34, on 09/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\Seden Salih\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SEDENS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089fd14d-132b-48fc-8861-0048ae113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {aceed890-bb1c-4aba-9717-6845ef9a2404} - C:\WINDOWS\system32\tuvULFWP.dll (file missing)
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?455e2b92a0574c19b31ff436632aaa53
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?455e2b92a0574c19b31ff436632aaa53
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O20 - Winlogon Notify: geBsqQKE - geBsqQKE.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (msk80service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service (siteadvisor service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 9322 bytes

-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-08 13:16:24 0 d-------- C:\Program Files\Trend Micro
2008-06-08 13:06:49 237728 --a------ C:\cmldr
2008-06-08 13:06:44 0 d-------- C:\cmdcons
2008-06-08 12:47:43 68096 --a------ C:\WINDOWS\zip.exe
2008-06-08 12:47:43 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-08 12:47:43 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-08 12:47:43 98816 --a------ C:\WINDOWS\sed.exe
2008-06-08 12:47:43 80412 --a------ C:\WINDOWS\grep.exe
2008-06-08 12:47:43 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-08 12:47:42 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-08 12:47:42 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-07 18:14:27 0 d-------- C:\Program Files\DNA
2008-06-07 17:46:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-07 17:46:40 0 d-------- C:\Documents and Settings\Seden Salih\Application Data\Azureus
2008-05-26 19:51:45 0 d-------- C:\WINDOWS\Prefetch
2008-05-26 19:42:33 0 d-------- C:\WINDOWS\system32\scripting
2008-05-26 19:42:33 0 d-------- C:\WINDOWS\l2schemas
2008-05-26 19:42:31 0 d-------- C:\WINDOWS\system32\en
2008-05-26 19:42:31 0 d-------- C:\WINDOWS\system32\bits
2008-05-26 19:39:20 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-26 19:35:47 0 d-------- C:\WINDOWS\network diagnostic
2008-05-26 19:29:21 0 d-------- C:\WINDOWS\EHome
2008-05-26 18:16:46 0 d-------- C:\ie-spyad_zo
2008-05-26 17:57:57 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-26 15:18:07 0 d-------- C:\Program Files\Panda Security
2008-05-23 12:09:05 0 d-------- C:\Documents and Settings\LocalService\Application Data\Identities
2008-05-18 09:15:55 0 d-------- C:\Program Files\Managed DirectX (0901)
2008-05-17 14:19:24 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-05-17 14:19:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-17 14:19:08 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-17 14:17:17 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-05-12 16:51:28 53312 --a------ C:\WINDOWS\system32\xbdjsmma.dll
2008-05-11 16:11:38 53312 --a------ C:\WINDOWS\system32\pjkadfoa.dll
2008-05-09 19:42:46 53312 --a------ C:\WINDOWS\system32\pbtnhmny.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-09 17:39:22 0 d-------- C:\Documents and Settings\Seden Salih\Application Data\DNA
2008-06-09 17:26:25 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-06-08 16:15:43 0 d-------- C:\Documents and Settings\Seden Salih\Application Data\Adobe
2008-06-08 12:27:57 0 d-------- C:\Program Files\vso
2008-06-08 12:27:55 0 d-------- C:\Documents and Settings\Seden Salih\Application Data\Vso
2008-06-08 12:27:55 33 --a----c- C:\Documents and Settings\Seden Salih\Application Data\pcouffin.log
2008-06-08 12:27:55 7887 --a----c- C:\Documents and Settings\Seden Salih\Application Data\pcouffin.cat
2008-06-08 12:27:54 47360 --a----c- C:\Documents and Settings\Seden Salih\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-08 12:27:54 1144 --a----c- C:\Documents and Settings\Seden Salih\Application Data\pcouffin.inf
2008-06-07 19:38:04 0 d-------- C:\Documents and Settings\Seden Salih\Application Data\BitTorrent
2008-06-07 19:37:30 668 --a------ C:\Documents and Settings\Seden Salih\Application Data\vso_ts_preview.xml
2008-06-03 16:05:04 0 d-------- C:\Documents and Settings\Seden Salih\Application Data\SiteAdvisor
2008-06-02 15:06:19 0 d-------- C:\Program Files\BitTorrent
2008-05-27 11:39:33 0 d-------- C:\Program Files\AskTBar
2008-05-26 19:55:35 0 d-------- C:\Program Files\MSN Messenger
2008-05-26 19:43:02 0 d-------- C:\Program Files\Messenger
2008-05-26 19:42:30 0 d-------- C:\Program Files\Movie Maker
2008-05-26 19:38:56 0 d-------- C:\Program Files\Windows NT
2008-05-26 14:42:52 0 d-------- C:\Program Files\Sonic
2008-05-26 14:37:24 0 d-------- C:\Program Files\Real
2008-05-26 14:37:24 0 d-------- C:\Program Files\Common Files\Real
2008-05-26 14:34:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-24 10:33:45 1004 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-23 12:14:51 0 d-------- C:\Program Files\SiteAdvisor
2008-05-20 17:44:51 0 d-------- C:\Program Files\McAfee
2008-05-19 19:32:02 60568 --a----c- C:\Documents and Settings\Seden Salih\Application Data\GDIPFONTCACHEV1.DAT
2008-05-08 19:40:54 53312 --a------ C:\WINDOWS\system32\hhfatqea.dll
2008-05-08 12:04:33 0 d-------- C:\Documents and Settings\Seden Salih\Application Data\Nero
2008-05-07 19:39:54 53312 --a------ C:\WINDOWS\system32\xjghxnwh.dll
2008-05-06 19:54:06 108608 --a------ C:\WINDOWS\system32\shxqmcah.dll
2008-05-06 19:37:30 53312 --a------ C:\WINDOWS\system32\nqnlmxow.dll
2008-05-04 11:59:45 0 d-------- C:\Program Files\Common Files\Nero
2008-05-04 11:55:08 0 d-------- C:\Program Files\Nero
2008-05-04 11:55:07 0 d-------- C:\Program Files\Common Files
2008-05-04 11:40:38 2 --a------ C:\-991102903
2008-05-04 11:39:58 20917 --a------ C:\WINDOWS\system32\es.dat
2008-05-04 11:39:55 74752 --a------ C:\ryseedt.exe
2008-05-04 11:16:40 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-21 19:01:43 174 --a------ C:\Documents and Settings\Seden Salih\Application Data\wklnhst.dat
2008-04-21 19:01:36 0 d-------- C:\Documents and Settings\Seden Salih\Application Data\Template
2008-04-10 20:01:26 0 d-------- C:\Program Files\iTunes
2008-04-10 20:00:45 0 d-------- C:\Program Files\iPod
2008-04-10 19:55:02 0 d-------- C:\Program Files\QuickTime
2008-04-10 19:45:10 0 d-------- C:\Program Files\Apple Software Update
2008-04-10 19:42:45 0 d-------- C:\Program Files\Common Files\Apple


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377c180e-6f0e-4d4c-980f-f45bd3d40cf4}]
26/11/2007 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aceed890-bb1c-4aba-9717-6845ef9a2404}]
C:\WINDOWS\system32\tuvULFWP.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 23:33]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [24/07/2006 21:28]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [30/11/2007 05:42]
"BluetoothAuthenticationAgent"="bthprops.cpl" [14/04/2008 01:12 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [07/06/2008 18:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [23/11/2004 16:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBsqQKE]
geBsqQKE.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533c5b84-ec70-11d2-9505-00c04f79deaf}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Broadband Desktop Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Broadband Desktop Help.lnk
backup=C:\WINDOWS\pss\Broadband Desktop Help.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-GB ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bmc7dfcb7a]
Rundll32.exe "C:\WINDOWS\system32\amnvxknj.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c4ecf8e6]
rundll32.exe "C:\WINDOWS\system32\eukuayug.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gay_Sexy_gb]
C:\Program Files\SCom\Dialers\Gay_Sexy_gb\Gay_Sexy_gb.exe /dontdial

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1170175293\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Documents and Settings\Seden Salih\My Documents\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
"C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runwinlogon]
C:\WINDOWS\winlogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Super Audio Grabber 3.0]
"C:\Program Files\BlueSprite\Super Audio Grabber 3.0\SAGrab.exe"/a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]
"C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
C:\Program Files\USB Disk Win98 Driver\Res.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-09 17:45:34 ------------
See less See more
Re: my mate's malware problem

ehababoud,

Thanks for the logs and information. More to do, so let's continue.

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode at the top, on the screen that appears. Sign in with your normal user account.

Still in Safe Mode, open HijackThis, run a scan, and place a Check next to the following item(s):Then close all open windows/browsers and Click on Fix Checked.

Reboot your PC, normally.

Delete these files/folders, as follows:
  • Open notepad and copy/paste the text in the quotebox below into it (all except the word QUOTE):

    File::
    C:\sqmdata19.sqm
    C:\sqmnoopt19.sqm
    C:\sqmdata18.sqm
    C:\sqmnoopt18.sqm
    C:\sqmnoopt17.sqm
    C:\sqmdata17.sqm
    C:\WINDOWS\system32\xbdjsmma.dll
    C:\WINDOWS\system32\pjkadfoa.dll
    C:\WINDOWS\system32\vvlllhin.ini
    C:\WINDOWS\system32\pbtnhmny.dll
    C:\sqmdata16.sqm
    C:\sqmnoopt16.sqm
    C:\WINDOWS\system32\hhfatqea.dll
    C:\WINDOWS\system32\xjghxnwh.dll
    C:\WINDOWS\system32\shxqmcah.dll
    C:\WINDOWS\system32\nqnlmxow.dll
    C:\ryseedt.exe
    C:\WINDOWS\system32\tuvULFWP.dll
    C:\WINDOWS\system32\geBsqQKE.dll
    C:\WINDOWS\geBsqQKE.dll
    C:\WINDOWS\system32\amnvxknj.dll
    C:\WINDOWS\system32\eukuayug.dll


    Folder::
    C:\WINDOWS\l2schemas
    C:\Program Files\SCom\Dialers\Gay_Sexy_gb

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aceed890-bb1c-4aba-9717-6845ef9a2404}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBsqQKE]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bmc7dfcb7a]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c4ecf8e6]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gay_Sexy_gb]
  • Save this as CFScript
  • Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


  • ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang.

Please post the Combofix log and a new HijackThis log in your next reply. Please also say how your computer is running now. :)
See less See more
1 - 6 of 6 Posts
Status
Not open for further replies.
Top