Welcome Guest ( Log In | Register )

Bump Topic Topic Closed RSS Feed

Outline · [ Standard ] · Linear+

 Task Manager Has Been By your Administrator, Sempurna plz help me check

views
     
TSIrishcoffee
post Jun 24 2007, 08:43 AM, updated 19y ago

ilX / Espressivo
*******
Senior Member
2,994 posts

Joined: Jan 2003
From: Behind You
Big prob there today i start up my comp n when i start up my comp i got this error msg "Task Manager Has Been By your Administrator" but i am admin la
2nd prob my folder option also gone cant find in control panel or in windows....
already scan with KAV n Adware tons of virus found n removed
but still cant solved the prob cry.gif cry.gif cry.gif cry.gif


Attached Image

Logfile of HijackThis v1.99.1
Scan saved at 上午 8:37:06, on 2007-6-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Sora ilX\Local Settings\Temp\wze59e\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll
O2 - BHO: Thunder Browser Helper - {02478D37-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\PROGRA~1\Rapidown\rapi310.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: 快车(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16.2\RivaTuner.exe" /S
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 下载页面上的ED2(&K)链接 - C:\Program Files\eMule\ed2k.html
O8 - Extra context menu item: 使用Web迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 使用Web迅雷下载全部链接 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 设为 Messenger Live 头像 - C:\Program Files\MSNShell\Bin\SetMSNDP.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: 快车 - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: 快车(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll",wbsys.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

sidu plz help notworthy.gif notworthy.gif notworthy.gif
Sempurna
post Jun 24 2007, 01:11 PM

Look at all my stars!!
Group Icon
VIP
3,022 posts

Joined: Jul 2006
From: KL
Hi IrishCoffee,

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please reboot your computer normally into Windows, and then please post the ComboFix log and a new HijackThis log.

~~~
TSIrishcoffee
post Jun 24 2007, 02:59 PM

ilX / Espressivo
*******
Senior Member
2,994 posts

Joined: Jan 2003
From: Behind You
Logfile of HijackThis v1.99.1
Scan saved at 下午 2:47:58, on 2007-6-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Sora ilX\Local Settings\Temp\wz1b06\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll
O2 - BHO: Thunder Browser Helper - {02478D37-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\PROGRA~1\Rapidown\rapi310.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: 快车(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16.2\RivaTuner.exe" /S
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 下载页面上的ED2(&K)链接 - C:\Program Files\eMule\ed2k.html
O8 - Extra context menu item: 使用Web迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 使用Web迅雷下载全部链接 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 设为 Messenger Live 头像 - C:\Program Files\MSNShell\Bin\SetMSNDP.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: 快车 - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: 快车(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - c:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll",wbsys.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Added on June 24, 2007, 3:00 pm"Sora ilX" - 2007-06-24 14:50:55 - ComboFix 07-06-23.5 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\loader.exe
C:\WINDOWS\system32\msxml3a.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NM
-------\nm


((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 )))))))))))))))))))))))))))))))


2007-06-24 14:50 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-24 13:13 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-06-24 02:24 <DIR> d-------- C:\My Music
2007-06-23 23:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1.SOR\APPLIC~1\Real
2007-06-23 23:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1.SOR\APPLIC~1\Media Player Classic
2007-06-23 23:46 786,432 --ah----- C:\DOCUME~1\ADMINI~1.SOR\NTUSER.DAT
2007-06-22 18:17 248,096 -rahs---- C:\WINDOWS\system32\RVHIOST.exe
2007-06-21 20:37 152,833 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-06-17 03:37 656,600 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys
2007-06-16 14:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CenerTCPMessenger
2007-06-14 19:20 <DIR> d-------- C:\Program Files\Joost
2007-06-11 18:48 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-11 18:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-11 18:23 <DIR> d-------- C:\Program Files\Windows Live
2007-06-11 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2007-06-11 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-01 16:05 <DIR> d-------- C:\DOCUME~1\SORAIL~1\APPLIC~1\Joost
2007-06-01 08:20 51,568 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-05-30 00:16 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-05-27 15:37 <DIR> d-------- C:\Program Files\WinAVI Video Converter


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2080-03-10 18:28:32 1,082,880 ----a-w C:\WINDOWS\system32\AutoPartNt.exe
2020-03-07 16:22:42 -------- d-----w C:\Program Files\Rapidown
2007-06-24 06:55:49 -------- d-----w C:\Program Files\cFosSpeed
2007-06-24 05:26:14 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\uTorrent
2007-06-23 15:12:18 -------- d-----w C:\Program Files\Steam
2007-06-23 09:18:10 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\foobar2000
2007-06-21 17:42:41 -------- d--h--w C:\Program Files\illusion
2007-06-21 15:08:45 -------- d-----w C:\Program Files\Granado Espada
2007-06-19 16:34:35 -------- d-----w C:\Program Files\SpeedFan
2007-06-19 14:47:17 -------- d-----w C:\Program Files\Tuotu
2007-06-19 09:39:29 -------- d-----w C:\Program Files\Warcraft III
2007-06-17 17:24:35 -------- d-----w C:\Program Files\FlashGet
2007-06-17 17:22:16 12 -c--a-w C:\WINDOWS\system32\cid_store.dat
2007-06-15 16:45:58 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\VMware
2007-06-11 10:48:35 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\Lavasoft
2007-06-11 10:46:50 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-11 10:30:35 -------- d-----w C:\Program Files\MSN Messenger
2007-06-11 10:30:32 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-05-22 15:25:55 -------- d-----w C:\Program Files\OpenVPN
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:38:37 -------- d-----w C:\Program Files\Combined Community Codec Pack
2007-05-13 17:47:00 -------- d-----w C:\Program Files\BT Engine
2007-05-13 06:14:06 -------- d--h--w C:\Program Files\Overflow
2007-05-12 15:40:36 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\Media Player Classic
2007-05-12 14:37:46 -------- d-----w C:\Program Files\K-Lite Codec Pack
2007-05-12 05:53:55 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\Reallusion
2007-05-12 05:52:48 -------- d-----w C:\Program Files\Reallusion
2007-05-12 05:52:16 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-11 18:15:13 -------- d-----w C:\Program Files\Guitar Pro 5
2007-05-09 12:19:39 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-05 07:13:56 -------- d-----w C:\Program Files\iTunes
2007-05-05 07:13:48 -------- d-----w C:\Program Files\iPod
2007-05-05 07:12:44 -------- d-----w C:\Program Files\QuickTime
2007-05-02 18:57:56 5,256 -c--a-w C:\WINDOWS\LoginUsers.dat
2007-05-02 18:57:55 -------- d-----w C:\Program Files\KuGoo3
2007-05-02 18:53:26 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\LimeWire
2007-05-01 05:46:10 -------- d-----w C:\Program Files\MediaMonkey
2007-04-28 18:39:39 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\Oxin's Style!
2007-04-28 06:40:36 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\FlashGet
2007-04-27 17:15:16 -------- d-----w C:\Program Files\eMule
2007-04-27 06:52:18 -------- d-----w C:\Program Files\MSXML 4.0
2007-04-26 16:08:41 -------- d-----w C:\Program Files\NextLink
2007-04-26 14:30:09 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\DataCast
2007-04-26 14:29:59 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\InstallShield
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-24 14:10:17 -------- d-----w C:\Program Files\Easiestutils
2007-04-24 13:35:36 -------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 14:47:36 33,624 -c--a-w C:\WINDOWS\system32\wups.dll
2007-04-16 14:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 14:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 14:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 14:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 14:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 14:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 14:45:20 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 14:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 14:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 10:58:36 471,040 -c--a-w C:\WINDOWS\system32\muzapp.dll
2007-04-13 10:58:36 167,936 -c--a-w C:\WINDOWS\system32\muzapp.exe
2007-04-13 10:58:36 110,592 -c--a-w C:\WINDOWS\system32\TG_VIEW0607.DLL
2007-04-13 10:58:35 90,112 -c--a-w C:\WINDOWS\system32\TG_SYNC.DLL
2007-04-13 10:58:35 90,112 -c--a-w C:\WINDOWS\system32\TG_DUMP0611.DLL
2007-04-13 07:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-04-06 00:19:04 227,856 ----a-w C:\WINDOWS\system32\PDBoot.exe
2007-03-25 13:49:10 49,079 -c--a-w C:\WINDOWS\system32\RadLightTTAUninstall.exe
2007-03-25 13:37:53 51,164 -c--a-w C:\WINDOWS\system32\TTACodecs-uninstall.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00000AAA-A363-466E-BEF5-9BB68697AA7F}=C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll [2007-01-24 19:10]
{02478D37-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll [2006-11-24 00:42]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-04-13 16:34]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{A6984C00-C6EB-11D4-B4A4-080000180323}=C:\PROGRA~1\Rapidown\rapi310.dll [2007-04-06 21:03]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 23:57]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 17:45]
{F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-04-13 17:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMSCMIG40W"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.exe" [2006-03-20 16:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.0 RC 16.2\RivaTuner.exe" [2006-11-27 16:15]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2007-05-25 18:31]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-03-15 18:59]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-06 01:57]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-11-08 18:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-01 08:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=00000000
"RestrictRun"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"="C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll",wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Diskeeper 10 Professional Edition Registration.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Diskeeper 10 Professional Edition Registration.lnk
backup=C:\WINDOWS\pss\Diskeeper 10 Professional Edition Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Folding@Home 5.03.lnk
backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=C:\WINDOWS\pss\LaunchU3.exe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Morpheus.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Rapidown.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Rapidown.lnk
backup=C:\WINDOWS\pss\Rapidown.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Styler.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Styler.lnk
backup=C:\WINDOWS\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
C:\Program Files\DU Meter\DUMeter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mppds]
C:\WINDOWS\mppds.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RunDLL32.exe NvMCTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
C:\Program Files\OpenVPN\bin\openvpn-gui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
"C:\Program Files\RivaTuner v2.0 RC 16.2\RivaTuner.exe" /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SocksFarm]
C:\Documents and Settings\Sora ilX\Local Settings\Temp\wz6555\socksfarm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
C:\Program Files\Styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWd]
C:\WINDOWS\winwd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
"C:\Program Files\Vista Start Menu\VistaStartMenu.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebThunder]
C:\Program Files\Thunder Network\WebThunder\WebThunder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
C:\Program Files\A4Tech\Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPLOSION]
"C:\Program Files\WinPLOSION\winplosion.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"C:\Program Files\Zune\ZuneLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"winser"=2 (0x2)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"LogMeIn"=3 (0x3)
"LMIMaint"=3 (0x3)
"VMware NAT Service"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"DriveHealth"=3 (0x3)
"IDriverT"=3 (0x3)
"StarWindService"=2 (0x2)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"MSSQL$MSSMLBIZ"=2 (0x2)
"MSCSPTISRV"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="C:\Program Files\Steam\Steam.exe" -silent
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"openvpn-gui"=C:\Program Files\OpenVPN\bin\openvpn-gui.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{632f9bd6-b36a-11db-9577-00095be3cde9}]
Auto\command- infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a987e1a0-af38-11db-88a9-00095be3cde9}]
AutoRun\command- M:\
explore\Command- WScript.exe .\autorun.vbs
open\Command- WScript.exe .\autorun.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b664299c-84c7-11db-be4c-806d6172696f}]
AutoRun\command- F:\autoplay.exe


Contents of the 'Scheduled Tasks' folder
2007-06-22 09:21:34 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-06-05 03:48:15 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-24 06:35:00 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2099-12-26 02:00:26 C:\WINDOWS\tasks\User_Feed_Synchronization-{588A7190-5FE9-4988-B0DE-5BB204EACCE2}.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-24 14:56:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-24 14:57:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-24 14:57

--- E O F ---


This post has been edited by Irishcoffee: Jun 24 2007, 03:00 PM
Sempurna
post Jun 24 2007, 03:48 PM

Look at all my stars!!
Group Icon
VIP
3,022 posts

Joined: Jul 2006
From: KL
Hi IrishCoffee,

OK, let's pick up the leftovers.

Before fixing anything, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
(start copying from "@echo off")

CODE
@echo off
For %%g in (
C:\WINDOWS\system32\RVHIOST.exe
) do catchme -l nul -k %%g >nul
echo.Please submit the file, catchme.zip located on Desktop
pause
exit


Save this as submit.bat. Choose to "Save as type - All Files" and place it on your desktop.

It should look like this: user posted image

Double-click on submit.bat and allow it to generate a zipped file on your desktop called catchme.zip.

Please submit catchme.zip to this site -> http://www.bleepingcomputer.com/submit-malware.php?channel=4

Please include a link to this topic in the message.

NOTE: The file must be uploaded before proceeding to the next step.


NEXT:

Please go to Start -> Control Panel -> Software -> Add or Remove Programs and remove any of the following that are listed:

BitDownload
BitGrabber
BitLord
BitRoll
CiD Manager
CiD Help
Download Plugin for Internet Explorer
Messenger Plus!
Messenger Plus! 2
Messenger Plus! 3
Messenger Plus! 3 & Sponsor
Messenger Plus! Live
Messenger Plus! Live & Sponsor
Messenger Plus! Live & Sponsor (CiD)
Netpumper
Search Plugin
WinZix
Zone Media


NEXT:

For this next step, please ensure that ComboFix.exe is on your desktop:
  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    (start copying from "File::")


    CODE
    File::
    C:\WINDOWS\system32\RVHIOST.exe
    C:\WINDOWS\system32\cid_store.dat
    C:\WINDOWS\mppds.exe
    C:\Documents and Settings\Sora ilX\Local Settings\Temp\wz6555\socksfarm.exe

    Folder::
    C:\Program Files\Messenger Plus! Live
    C:\Documents and Settings\Sora ilX\Local Settings\Temp\wz6555

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mppds]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SocksFarm]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{632f9bd6-b36a-11db-9577-00095be3cde9}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a987e1a0-af38-11db-88a9-00095be3cde9}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b664299c-84c7-11db-be4c-806d6172696f}]


  • Save this as ComboFix-Do.txt and change the "Save as type" to "All Files" and place it on your desktop.


    user posted image


  • Referring to the screenshot above, drag ComboFix-Do.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Please download Flash_Disinfector.exe by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.
  • Double-click Flash_Disinfector.exe to run it.
  • Follow any prompts that may appear.
  • Your desktop will vanish for a while, and then reappear. This is normal.
  • Wait until the program has finished scanning, then please exit the program.


NEXT:

Please go to: VirusTotal
  • At the top of the page you'll find a "Browse" button. Click the "Browse" button and browse to next file:

    C:\WINDOWS\system32\muzapp.dll

  • Click "Open".
  • Then click the "Send" button at the top of the VirusTotal page.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.

Then please do the same as above for the following files:

C:\WINDOWS\system32\muzapp.exe
C:\WINDOWS\system32\TG_VIEW0607.DLL
C:\WINDOWS\system32\TG_SYNC.DLL
C:\WINDOWS\system32\TG_DUMP0611.DLL
C:\WINDOWS\system32\RadLightTTAUninstall.exe
C:\WINDOWS\system32\TTACodecs-uninstall.exe


NEXT:

Please download CCleaner (freeware) and save it to your desktop:
  1. Run the CCleaner installer.
  2. During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  3. Once installed, run CCleaner and click the "Windows" tab.
  4. Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.
  5. Then, click the "Applications" tab:
    • CHECK everything there.
  6. Next, click the "Options" button in the left pane, then click the "Advanced" button:
    • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
  7. Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
  8. When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don't know how to use it, you may cause irreparable damage to your system.


NEXT:

Let's run an online scan to make sure we're not leaving anything behind.

Please do an online scan with Kaspersky Online Scanner using Internet Explorer (this online scanner only works with IE):
  1. Click on "Kaspersky Online Scanner".
  2. You will be prompted to install an ActiveX component from Kaspersky, click "Yes".
  3. The program will launch and then begin downloading the latest definition files.
  4. Once the files have been downloaded click on "Next".
  5. Now click on "Scan Settings".
  6. In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  7. Click "OK".
  8. Now under select a target to scan:
    • Select "My Computer".
  9. This program will start and scan your system.
  10. The scan will take a while so be patient and let it run.
  11. Once the scan is complete it will display if your system has been infected.
    • Now click on the "Save Report As" button.
    • In the "File name:" field, type kavscan.
    • In the "Save as type:" field, select "Text file (*.txt)".
  12. Save the file to your desktop.
  13. Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  1. The log from the ComboFix scan located at C:\ComboFix.txt.
  2. The reports from VirusTotal.
  3. The log from the Kaspersky scan.
  4. A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

How are things running now?

~~~
TSIrishcoffee
post Jun 27 2007, 12:56 AM

ilX / Espressivo
*******
Senior Member
2,994 posts

Joined: Jan 2003
From: Behind You
"Sora ilX" - 2007-06-27 0:48:36 - ComboFix 07-06-23.5 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Sora ilX\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Messenger Plus! Live
C:\Program Files\Messenger Plus! Live\Detoured.dll
C:\Program Files\Messenger Plus! Live\Events Style Sheet.xsl
C:\Program Files\Messenger Plus! Live\lame_enc.dll
C:\Program Files\Messenger Plus! Live\Languages\Lng_Arabic.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Catalan.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_ChineseSimplified.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_ChineseTraditional.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Danish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Default.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Dutch.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Estonian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Finnish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_French.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_German.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Hebrew.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Hungarian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Italian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Japanese.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Korean.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Norwegian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Portuguese.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Spanish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Swedish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Thai.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Turkish.ini
C:\Program Files\Messenger Plus! Live\libsndfile.dll
C:\Program Files\Messenger Plus! Live\Log Viewer.exe
C:\Program Files\Messenger Plus! Live\MPScripts.dll
C:\Program Files\Messenger Plus! Live\MPTools.exe
C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll
C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll
C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes1.dll
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\_translationClass.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\_util.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\api.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\autoupdate.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\coverArt.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\dlls\wmp9.dll
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\hotkeys.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\About.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Commands.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Dp.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Lyrics.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Main.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Misc.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Misc2.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\NoCover.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Psm.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Remote.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Tags.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\interface.xml
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Languages\English.xml
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Languages\Espanol.xml
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Languages\Leet.xml
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Languages\Nederlands.xml
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\lyric_parsers\azlyrics.lyrics.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\lyric_parsers\Leos.lyrics.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\lyric_parsers\Metro.lyrics.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\lyrics.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\main.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\players\ExamplePlayer.base.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\players\iTunes.player.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\players\jetAudio.player.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\players\MediaMonkey.player.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\players\Winamp.player.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\players\WMP.player.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\prefstore.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\updateInterface.xml
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\window.js
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\+Mapper.js
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\defaultmap.htm
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\editfunctions.javascript
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\General Functions.js
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\Images\delete.png
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\Images\loadingAnimation.gif
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\Images\maps.png
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\jquery.javascript
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\livedefault.htm
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\liveeditfunctions.javascript
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\Menu.js
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\thickbox.css
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\thickbox.javascript
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\Windows.js
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\windows.xml
C:\Program Files\Messenger Plus! Live\Scripts\ReadThis\Commands.js
C:\Program Files\Messenger Plus! Live\Scripts\ReadThis\Interface.js
C:\Program Files\Messenger Plus! Live\Scripts\ReadThis\Interface.xml
C:\Program Files\Messenger Plus! Live\Scripts\ReadThis\ReadThis.js
C:\Program Files\Messenger Plus! Live\Scripts\ReadThis\reg.js
C:\Program Files\Messenger Plus! Live\Scripts\ReadThis\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\_translationClass.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\_window.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\48pxAdditionalImage.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\bmp.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\countdown.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\jpg.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\logo.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\no_image.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\overlay.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\pnggif.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\preferences.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\server.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\vista_folder.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndAbout.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndAdvanced.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndAllContacts.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndCountdown.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndCountdownDisplay.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndFTPUpload.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndGeneral.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndHotkeys.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndLanguage.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndMultiChat.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndPref.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndPreview.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndRecentImages.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndScreenshotViewer.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndSelect.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndSubclass.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndUpdate.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Languages\English.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.functions.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.gdip_functions.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.gdip_variables.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.hotkey_functions.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.menu.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.preferences.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.registry.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.script.commands.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.timer.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.update.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.variables.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndAbout.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndAdvanced.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndAllContacts.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndCountdown.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndCountdownDisplay.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndFTPUpload.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndGeneral.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndLanguage.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndMultiChat.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndPref.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndPreview.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndRecentImages.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndScreenshotViewer.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndSelect.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\SendTo\_registry.js
C:\Program Files\Messenger Plus! Live\Scripts\SendTo\_sendfile.exe
C:\Program Files\Messenger Plus! Live\Scripts\SendTo\_sendto.js
C:\Program Files\Messenger Plus! Live\Scripts\SendTo\FileListener.xml
C:\Program Files\Messenger Plus! Live\Scripts\SendTo\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\_Stickynotes.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Data\Colors.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Data\Registry.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\functions.misc.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\functions.string.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\handler.chatnotesender.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\handler.menucommands.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\handler.registryreader.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\handler.stickynote.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\handler.stickynotes.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\handler.xmlcarrier.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Accept_disabled.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Accept_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Accept_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Appearance_disabled.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Appearance_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Appearance_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Cancel_disabled.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Cancel_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Cancel_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Check_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Check_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Collapse_disabled.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Collapse_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Collapse_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Edit_disabled.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Edit_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Edit_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Expand_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Expand_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\header-about.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Lock_disabled.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Lock_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Lock_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\logo-small.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Thumbs.db
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Unlock_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Unlock_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Interfaces\About.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Interfaces\Listener.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Interfaces\Options.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Interfaces\SendNotes.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Interfaces\Update.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Themes\Flair.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Themes\Simple.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Themes\Square.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\window.preferences.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\window.stickynote.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\window.updates.js
C:\Program Files\Messenger Plus! Live\Scripts\UNeed Script\AI.txt
C:\Program Files\Messenger Plus! Live\Scripts\UNeed Script\AIdocs.txt
C:\Program Files\Messenger Plus! Live\Scripts\UNeed Script\boom.mp3
C:\Program Files\Messenger Plus! Live\Scripts\UNeed Script\config.ini
C:\Program Files\Messenger Plus! Live\Scripts\UNeed Script\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\UNeed Script\UNeed.js
C:\Program Files\Messenger Plus! Live\Scripts\UNeed Script\wot.xml
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\_wlm.preview.box.js
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\handler.menu.js
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\handler.regestry.js
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\handler.window.pref.js
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\handler.window.preview.js
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\handler.window.preview.settings.js
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\btn_close.png
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\btn_close_hot.png
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\btn_close_pushed.png
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\btn_send.png
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\btn_send_hot.png
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\btn_send_pushed.png
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\colorwheel.png
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\general.png
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\not needed.rar
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\Thumbs.db
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Interfaces\About.xml
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Interfaces\not needed.rar
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Interfaces\PreviewBox.xml
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Interfaces\UI.Colours.xml
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Interfaces\UI.General.xml
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Interfaces\UI.Help.xml
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Interfaces\UI.xml
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Launcher\images\Thumbs.db
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Launcher\images\vd-logo.png
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Launcher\images\youtubelogo.png
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Launcher\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Launcher\window.xml
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Launcher\Youtube.js
C:\Program Files\Messenger Plus! Live\Uninstall.exe
C:\WINDOWS\system32\cid_store.dat
C:\WINDOWS\system32\RVHIOST.exe


((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))


2007-06-26 22:31 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2007-06-26 22:19 6,181,376 --a------ C:\WINDOWS\system32\vistaui.exe
2007-06-26 22:19 498,176 --a------ C:\WINDOWS\system32\logon.scr
2007-06-26 22:19 305,447 --a------ C:\WINDOWS\system32\viwc.exe
2007-06-26 22:19 <DIR> d-------- C:\Program Files\VisualTooltip
2007-06-26 22:19 <DIR> d-------- C:\Program Files\ViStart
2007-06-26 22:15 94,208 --a------ C:\WINDOWS\system32\pskill.exe
2007-06-24 14:50 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-24 13:13 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-06-24 02:24 <DIR> d-------- C:\My Music
2007-06-23 23:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1.SOR\APPLIC~1\Real
2007-06-23 23:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1.SOR\APPLIC~1\Media Player Classic
2007-06-23 23:46 786,432 --ah----- C:\DOCUME~1\ADMINI~1.SOR\NTUSER.DAT
2007-06-21 20:37 152,833 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-06-17 03:37 656,600 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys
2007-06-16 14:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CenerTCPMessenger
2007-06-14 19:20 <DIR> d-------- C:\Program Files\Joost
2007-06-11 18:48 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-11 18:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-11 18:23 <DIR> d-------- C:\Program Files\Windows Live
2007-06-11 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2007-06-11 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-01 16:05 <DIR> d-------- C:\DOCUME~1\SORAIL~1\APPLIC~1\Joost
2007-06-01 08:20 51,568 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-05-30 00:16 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-05-27 15:37 <DIR> d-------- C:\Program Files\WinAVI Video Converter


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2080-03-10 18:28:32 1,082,880 ----a-w C:\WINDOWS\system32\AutoPartNt.exe
2020-03-07 16:22:42 -------- d-----w C:\Program Files\Rapidown
2007-06-26 16:51:25 -------- d-----w C:\Program Files\Kaspersky Lab
2007-06-26 16:50:02 -------- d-----w C:\Program Files\cFosSpeed
2007-06-26 16:47:38 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\uTorrent
2007-06-26 16:47:20 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\foobar2000
2007-06-26 15:19:55 -------- d-----w C:\Program Files\Stardock
2007-06-26 14:49:07 -------- d-----w C:\Program Files\FlashGet
2007-06-24 08:48:00 -------- d-----w C:\Program Files\Warcraft III
2007-06-23 15:12:18 -------- d-----w C:\Program Files\Steam
2007-06-21 17:42:41 -------- d--h--w C:\Program Files\illusion
2007-06-21 15:08:45 -------- d-----w C:\Program Files\Granado Espada
2007-06-19 16:34:35 -------- d-----w C:\Program Files\SpeedFan
2007-06-19 14:47:17 -------- d-----w C:\Program Files\Tuotu
2007-06-15 16:45:58 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\VMware
2007-06-11 10:48:35 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\Lavasoft
2007-06-11 10:46:50 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-11 10:30:35 -------- d-----w C:\Program Files\MSN Messenger
2007-05-22 15:25:55 -------- d-----w C:\Program Files\OpenVPN
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:38:37 -------- d-----w C:\Program Files\Combined Community Codec Pack
2007-05-13 17:47:00 -------- d-----w C:\Program Files\BT Engine
2007-05-13 06:14:06 -------- d--h--w C:\Program Files\Overflow
2007-05-12 15:40:36 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\Media Player Classic
2007-05-12 14:37:46 -------- d-----w C:\Program Files\K-Lite Codec Pack
2007-05-12 05:53:55 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\Reallusion
2007-05-12 05:52:48 -------- d-----w C:\Program Files\Reallusion
2007-05-12 05:52:16 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-11 18:15:13 -------- d-----w C:\Program Files\Guitar Pro 5
2007-05-09 12:19:39 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-05 07:13:56 -------- d-----w C:\Program Files\iTunes
2007-05-05 07:13:48 -------- d-----w C:\Program Files\iPod
2007-05-05 07:12:44 -------- d-----w C:\Program Files\QuickTime
2007-05-02 18:57:56 5,256 -c--a-w C:\WINDOWS\LoginUsers.dat
2007-05-02 18:57:55 -------- d-----w C:\Program Files\KuGoo3
2007-05-02 18:53:26 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\LimeWire
2007-05-01 05:46:10 -------- d-----w C:\Program Files\MediaMonkey
2007-04-28 18:39:39 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\Oxin's Style!
2007-04-28 06:40:36 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\FlashGet
2007-04-27 17:15:16 -------- d-----w C:\Program Files\eMule
2007-04-27 06:52:18 -------- d-----w C:\Program Files\MSXML 4.0
2007-04-26 16:08:41 -------- d-----w C:\Program Files\NextLink
2007-04-26 14:30:09 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\DataCast
2007-04-26 14:29:59 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\InstallShield
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 14:47:36 33,624 -c--a-w C:\WINDOWS\system32\wups.dll
2007-04-16 14:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 14:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 14:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 14:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 14:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 14:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 14:45:20 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 14:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 14:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 10:58:36 471,040 -c--a-w C:\WINDOWS\system32\muzapp.dll
2007-04-13 10:58:36 167,936 -c--a-w C:\WINDOWS\system32\muzapp.exe
2007-04-13 10:58:36 110,592 -c--a-w C:\WINDOWS\system32\TG_VIEW0607.DLL
2007-04-13 10:58:35 90,112 -c--a-w C:\WINDOWS\system32\TG_SYNC.DLL
2007-04-13 10:58:35 90,112 -c--a-w C:\WINDOWS\system32\TG_DUMP0611.DLL
2007-04-13 07:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-04-06 00:19:04 227,856 ----a-w C:\WINDOWS\system32\PDBoot.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00000AAA-A363-466E-BEF5-9BB68697AA7F}=C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll [2007-01-24 19:10]
{02478D37-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll [2006-11-24 00:42]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-04-13 16:34]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{A6984C00-C6EB-11D4-B4A4-080000180323}=C:\PROGRA~1\Rapidown\rapi310.dll [2007-04-06 21:03]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 23:57]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 17:45]
{F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-04-13 17:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMSCMIG40W"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.exe" [2006-03-20 16:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.0 RC 16.2\RivaTuner.exe" [2006-11-27 16:15]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2007-05-25 18:31]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-03-15 18:59]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-06 01:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-01 08:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=00000000
"RestrictRun"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"="C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll",wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Diskeeper 10 Professional Edition Registration.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Diskeeper 10 Professional Edition Registration.lnk
backup=C:\WINDOWS\pss\Diskeeper 10 Professional Edition Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Folding@Home 5.03.lnk
backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=C:\WINDOWS\pss\LaunchU3.exe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Morpheus.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Rapidown.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Rapidown.lnk
backup=C:\WINDOWS\pss\Rapidown.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Styler.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Styler.lnk
backup=C:\WINDOWS\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
C:\Program Files\DU Meter\DUMeter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RunDLL32.exe NvMCTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
C:\Program Files\OpenVPN\bin\openvpn-gui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
"C:\Program Files\RivaTuner v2.0 RC 16.2\RivaTuner.exe" /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
C:\Program Files\Styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWd]
C:\WINDOWS\winwd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
"C:\Program Files\Vista Start Menu\VistaStartMenu.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebThunder]
C:\Program Files\Thunder Network\WebThunder\WebThunder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
C:\Program Files\A4Tech\Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPLOSION]
"C:\Program Files\WinPLOSION\winplosion.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"C:\Program Files\Zune\ZuneLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"winser"=2 (0x2)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"LogMeIn"=3 (0x3)
"LMIMaint"=3 (0x3)
"VMware NAT Service"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"DriveHealth"=3 (0x3)
"IDriverT"=3 (0x3)
"StarWindService"=2 (0x2)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"MSSQL$MSSMLBIZ"=2 (0x2)
"MSCSPTISRV"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="C:\Program Files\Steam\Steam.exe" -silent
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"openvpn-gui"=C:\Program Files\OpenVPN\bin\openvpn-gui.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b74bc0bf-b80c-11db-957f-00095be3cde9}]
AutoRun\command- Q:\LaunchU3.exe -a


Contents of the 'Scheduled Tasks' folder
2007-06-22 09:21:34 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-06-05 03:48:15 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-26 16:35:01 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2099-12-26 02:00:26 C:\WINDOWS\tasks\User_Feed_Synchronization-{588A7190-5FE9-4988-B0DE-5BB204EACCE2}.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-27 00:52:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-27 0:53:42
C:\ComboFix-quarantined-files.txt ... 2007-06-27 00:53

--- E O F ---
Sempurna
post Jun 27 2007, 01:13 PM

Look at all my stars!!
Group Icon
VIP
3,022 posts

Joined: Jul 2006
From: KL
You didn't run Flash_Disinfector, and I don't have the other logs. smile.gif
cpteoh
post Jun 27 2007, 03:44 PM

Starcraft - Broodwar
******
Senior Member
1,093 posts

Joined: Jun 2005
is it brontok?
Sempurna
post Jun 27 2007, 04:20 PM

Look at all my stars!!
Group Icon
VIP
3,022 posts

Joined: Jul 2006
From: KL
QUOTE(cpteoh @ Jun 27 2007, 03:44 PM)
is it brontok?
*
If it was, HijackThis won't even run. smile.gif

And, don't you think that I would recognize Brontok when I see it? smile.gif
TSIrishcoffee
post Jun 27 2007, 06:25 PM

ilX / Espressivo
*******
Senior Member
2,994 posts

Joined: Jan 2003
From: Behind You
VirusTotal
VirusTotal is a free file analisys service that works using several antivirus engines.


Select file :

Distribute
SSL


Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.
Menu:

* News Hot news in the virus/antivirus sector.
* Estadisticas Statistics of VirusTotal procesing.
* Virustotal More info about Virustotal.

STATUS: SCANNING
File "muzapp.dll" received on 06.27.2007 at 12:20:17 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
AhnLab-V3 2007.6.27.0 06.27.2007 no virus found
AntiVir 7.4.0.34 06.27.2007 no virus found
Authentium 4.93.8 06.26.2007 no virus found
Avast 4.7.997.0 06.26.2007 no virus found
AVG 7.5.0.476 06.27.2007 no virus found
BitDefender 7.2 06.27.2007 no virus found
CAT-QuickHeal 9.00 06.26.2007 no virus found

Aditional Information
File size: 471040 bytes
MD5: 3cfbe0a50c88141eb70213e6fcfe18bf
SHA1: b0831d23abefe5fe3aadd597c3c8644208475ed4
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
www.virustotal.com :: (C)Hispasec Sistemas 2004-07:: e-mail info@virustotal.com

Added on June 27, 2007, 6:35 pm
VirusTotal
VirusTotal is a free file analisys service that works using several antivirus engines.


Select file :

Distribute
SSL


Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.
Menu:

* News Hot news in the virus/antivirus sector.
* Estadisticas Statistics of VirusTotal procesing.
* Virustotal More info about Virustotal.

STATUS: SCANNING
File "TG_VIEW0607.DLL" received on 06.27.2007 at 12:29:22 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
AhnLab-V3 2007.6.27.0 06.27.2007 no virus found
AntiVir 7.4.0.34 06.27.2007 no virus found
Authentium 4.93.8 06.26.2007 no virus found
Avast 4.7.997.0 06.26.2007 no virus found
AVG 7.5.0.476 06.27.2007 no virus found
BitDefender 7.2 06.27.2007 no virus found
CAT-QuickHeal 9.00 06.26.2007 no virus found
ClamAV devel-20070416 06.27.2007 no virus found
DrWeb 4.33 06.27.2007 no virus found

Aditional Information
File size: 110592 bytes
MD5: 42067184962ae6a89fcbaa6b5bc42bc6
SHA1: 5c067a3644312affe9e6497dbb7a69d6baee7ca8
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
www.virustotal.com :: (C)Hispasec Sistemas 2004-07:: e-mail info@virustotal.com


This post has been edited by Irishcoffee: Jun 27 2007, 06:35 PM
Sempurna
post Jun 27 2007, 06:56 PM

Look at all my stars!!
Group Icon
VIP
3,022 posts

Joined: Jul 2006
From: KL
Hi IrishCoffee,

The above VirusTotal reports are incomplete. There should be more scanners telling us the results of the scans. smile.gif
TSIrishcoffee
post Jun 27 2007, 06:57 PM

ilX / Espressivo
*******
Senior Member
2,994 posts

Joined: Jan 2003
From: Behind You
VirusTotal
VirusTotal is a free file analisys service that works using several antivirus engines.


Select file :

Distribute
SSL


Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.
Menu:

* News Hot news in the virus/antivirus sector.
* Estadisticas Statistics of VirusTotal procesing.
* Virustotal More info about Virustotal.

STATUS: SCANNING
File "TG_DUMP0611.DLL" received on 06.27.2007 at 12:55:58 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
AhnLab-V3 2007.6.27.0 06.27.2007 no virus found
AntiVir 7.4.0.34 06.27.2007 no virus found
Authentium 4.93.8 06.26.2007 no virus found
Avast 4.7.997.0 06.26.2007 no virus found
AVG 7.5.0.476 06.27.2007 no virus found

Aditional Information
File size: 90112 bytes
MD5: e007427046bc07ae3d1f1a7f035e2aef
SHA1: fc2e34dcb825830a099178f04e6b2ee048acabd2
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
www.virustotal.com :: (C)Hispasec Sistemas 2004-07:: e-mail info@virustotal.com

Added on June 27, 2007, 6:59 pmyaya i scanning now
Kaspersky online scanner shld take few hours to complete
my frenz juz told me he also suffer the same prob
regedit task manager folder option all cant acess
comp also slow down...

Added on June 27, 2007, 7:00 pm
VirusTotal
VirusTotal is a free file analisys service that works using several antivirus engines.


Select file :

Distribute
SSL


Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.
Menu:

* News Hot news in the virus/antivirus sector.
* Estadisticas Statistics of VirusTotal procesing.
* Virustotal More info about Virustotal.

STATUS: SCANNING
File "RadLightTTAUninstall.exe" received on 06.27.2007 at 12:58:15 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
AhnLab-V3 2007.6.27.0 06.27.2007 no virus found
AntiVir 7.4.0.34 06.27.2007 no virus found
Authentium 4.93.8 06.26.2007 no virus found
Avast 4.7.997.0 06.26.2007 no virus found

Aditional Information
File size: 49079 bytes
MD5: 77b91b961edcec00f41a9dfbc0afb7ef
SHA1: f925b3fc893f35651ef5f30a05dc97c74010cab2
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
www.virustotal.com :: (C)Hispasec Sistemas 2004-07:: e-mail info@virustotal.com

Added on June 27, 2007, 7:04 pm
VirusTotal
VirusTotal is a free file analisys service that works using several antivirus engines.


Select file :

Distribute
SSL


Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.
Menu:

* News Hot news in the virus/antivirus sector.
* Estadisticas Statistics of VirusTotal procesing.
* Virustotal More info about Virustotal.

STATUS: SCANNING
File "TTACodecs-uninstall.exe" received on 06.27.2007 at 13:01:25 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
AhnLab-V3 2007.6.27.0 06.27.2007 no virus found
AntiVir 7.4.0.34 06.27.2007 no virus found
Authentium 4.93.8 06.26.2007 no virus found
Avast 4.7.997.0 06.26.2007 no virus found
AVG 7.5.0.476 06.27.2007 no virus found
BitDefender 7.2 06.27.2007 no virus found
CAT-QuickHeal 9.00 06.26.2007 no virus found
ClamAV devel-20070416 06.27.2007 no virus found
DrWeb 4.33 06.27.2007 no virus found
eSafe 7.0.15.0 06.26.2007 no virus found
eTrust-Vet 30.8.3744 06.26.2007 no virus found
Ewido 4.0 06.27.2007 no virus found
FileAdvisor 1 06.27.2007 no virus found
Fortinet 2.91.0.0 06.27.2007 no virus found
F-Prot 4.3.2.48 06.26.2007 no virus found

Aditional Information
File size: 51164 bytes
MD5: bc33bcdea9930bf315ff24a0b5016c54
SHA1: 3a773c118e841e48f52348a4efb9b85caca178dd
packers: BINARYRES
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
www.virustotal.com :: (C)Hispasec Sistemas 2004-07:: e-mail info@virustotal.com

Added on June 27, 2007, 7:06 pmok sempurna i hav done all expect the kaspersky scanner
izzit the msgplus live! got virus??
last time this program fine for me i dun install the sponser together...

This post has been edited by Irishcoffee: Jun 27 2007, 07:06 PM
Sempurna
post Jun 27 2007, 07:29 PM

Look at all my stars!!
Group Icon
VIP
3,022 posts

Joined: Jul 2006
From: KL
You are still not doing the complete scans at VirusTotal. Is your Internet connection laggy or disconnecting?
TSIrishcoffee
post Jun 27 2007, 09:25 PM

ilX / Espressivo
*******
Senior Member
2,994 posts

Joined: Jan 2003
From: Behind You
left which 1???
all done edi

Added on June 27, 2007, 9:43 pmlike this???
Complete scanning result of "muzapp.dll", received in VirusTotal at 06.27.2007, 15:28:29 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.6.27.0 06.27.2007 no virus found
AntiVir 7.4.0.34 06.27.2007 no virus found
Authentium 4.93.8 06.26.2007 no virus found
Avast 4.7.997.0 06.26.2007 no virus found
AVG 7.5.0.476 06.27.2007 no virus found
BitDefender 7.2 06.27.2007 no virus found
CAT-QuickHeal 9.00 06.26.2007 no virus found
ClamAV devel-20070416 06.27.2007 no virus found
DrWeb 4.33 06.27.2007 no virus found
eSafe 7.0.15.0 06.26.2007 no virus found
eTrust-Vet 30.8.3744 06.26.2007 no virus found
Ewido 4.0 06.27.2007 no virus found
FileAdvisor 1 06.27.2007 no virus found
Fortinet 2.91.0.0 06.27.2007 no virus found
F-Prot 4.3.2.48 06.26.2007 no virus found
F-Secure 6.70.13030.0 06.27.2007 no virus found
Ikarus T3.1.1.8 06.27.2007 no virus found
Kaspersky 4.0.2.24 06.27.2007 no virus found
McAfee 5061 06.26.2007 no virus found
Microsoft 1.2701 06.27.2007 no virus found
NOD32v2 2358 06.27.2007 no virus found
Norman 5.80.02 06.27.2007 no virus found
Panda 9.0.0.4 06.26.2007 Suspicious file
Sophos 4.19.0 06.24.2007 no virus found
Sunbelt 2.2.907.0 06.26.2007 no virus found
Symantec 10 06.27.2007 no virus found
TheHacker 6.1.6.137 06.26.2007 no virus found
VBA32 3.12.0.2 06.26.2007 no virus found
VirusBuster 4.3.23:9 06.27.2007 no virus found
Webwasher-Gateway 6.0.1 06.27.2007 no virus found

Aditional Information
File size: 471040 bytes
MD5: 3cfbe0a50c88141eb70213e6fcfe18bf
SHA1: b0831d23abefe5fe3aadd597c3c8644208475ed4

Added on June 27, 2007, 9:52 pm
VirusTotal
VirusTotal is a free file analisys service that works using several antivirus engines.


Select file :

Distribute
SSL


Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.
Menu:

* News Hot news in the virus/antivirus sector.
* Estadisticas Statistics of VirusTotal procesing.
* Virustotal More info about Virustotal.

STATUS: FINISHED
Complete scanning result of "TG_VIEW0607.DLL", received in VirusTotal at 06.27.2007, 15:44:53 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.6.27.0 06.27.2007 no virus found
AntiVir 7.4.0.34 06.27.2007 no virus found
Authentium 4.93.8 06.26.2007 no virus found
Avast 4.7.997.0 06.26.2007 no virus found
AVG 7.5.0.476 06.27.2007 no virus found
BitDefender 7.2 06.27.2007 no virus found
CAT-QuickHeal 9.00 06.26.2007 no virus found
ClamAV devel-20070416 06.27.2007 no virus found
DrWeb 4.33 06.27.2007 no virus found
eSafe 7.0.15.0 06.26.2007 no virus found
eTrust-Vet 30.8.3744 06.26.2007 no virus found
Ewido 4.0 06.27.2007 no virus found
FileAdvisor 1 06.27.2007 no virus found
Fortinet 2.91.0.0 06.27.2007 no virus found
F-Prot 4.3.2.48 06.26.2007 no virus found
F-Secure 6.70.13030.0 06.27.2007 no virus found
Ikarus T3.1.1.8 06.27.2007 no virus found
Kaspersky 4.0.2.24 06.27.2007 no virus found
McAfee 5061 06.26.2007 no virus found
Microsoft 1.2701 06.27.2007 no virus found
NOD32v2 2358 06.27.2007 no virus found
Norman 5.80.02 06.27.2007 no virus found
Panda 9.0.0.4 06.26.2007 no virus found
Sophos 4.19.0 06.24.2007 no virus found
Sunbelt 2.2.907.0 06.26.2007 no virus found
Symantec 10 06.27.2007 no virus found
TheHacker 6.1.6.139 06.27.2007 no virus found
VBA32 3.12.0.2 06.26.2007 no virus found
VirusBuster 4.3.23:9 06.27.2007 no virus found
Webwasher-Gateway 6.0.1 06.27.2007 no virus found

Aditional Information
File size: 110592 bytes
MD5: 42067184962ae6a89fcbaa6b5bc42bc6
SHA1: 5c067a3644312affe9e6497dbb7a69d6baee7ca8
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
www.virustotal.com :: (C)Hispasec Sistemas 2004-07:: e-mail info@virustotal.com

Added on June 27, 2007, 9:53 pm
VirusTotal
VirusTotal is a free file analisys service that works using several antivirus engines.


Select file :

Distribute
SSL


Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.
Menu:

* News Hot news in the virus/antivirus sector.
* Estadisticas Statistics of VirusTotal procesing.
* Virustotal More info about Virustotal.

STATUS: FINISHED
Complete scanning result of "TG_SYNC.DLL", received in VirusTotal at 06.27.2007, 15:45:09 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.6.27.0 06.27.2007 no virus found
AntiVir 7.4.0.34 06.27.2007 no virus found
Authentium 4.93.8 06.26.2007 no virus found
Avast 4.7.997.0 06.26.2007 no virus found
AVG 7.5.0.476 06.27.2007 no virus found
BitDefender 7.2 06.27.2007 no virus found
CAT-QuickHeal 9.00 06.26.2007 no virus found
ClamAV devel-20070416 06.27.2007 no virus found
DrWeb 4.33 06.27.2007 no virus found
eSafe 7.0.15.0 06.26.2007 no virus found
eTrust-Vet 30.8.3744 06.26.2007 no virus found
Ewido 4.0 06.27.2007 no virus found
FileAdvisor 1 06.27.2007 no virus found
Fortinet 2.91.0.0 06.27.2007 no virus found
F-Prot 4.3.2.48 06.26.2007 no virus found
F-Secure 6.70.13030.0 06.27.2007 no virus found
Ikarus T3.1.1.8 06.27.2007 no virus found
Kaspersky 4.0.2.24 06.27.2007 no virus found
McAfee 5061 06.26.2007 no virus found
Microsoft 1.2701 06.27.2007 no virus found
NOD32v2 2358 06.27.2007 no virus found
Norman 5.80.02 06.27.2007 no virus found
Panda 9.0.0.4 06.26.2007 no virus found
Sophos 4.19.0 06.24.2007 no virus found
Sunbelt 2.2.907.0 06.26.2007 no virus found
Symantec 10 06.27.2007 no virus found
TheHacker 6.1.6.139 06.27.2007 no virus found
VBA32 3.12.0.2 06.26.2007 no virus found
VirusBuster 4.3.23:9 06.27.2007 no virus found
Webwasher-Gateway 6.0.1 06.27.2007 no virus found

Aditional Information
File size: 90112 bytes
MD5: 99ff9759015d271d8402f856185060df
SHA1: 257056d8d787035c2742c2ac21e83bc775674d4a
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
www.virustotal.com :: (C)Hispasec Sistemas 2004-07:: e-mail info@virustotal.com

Added on June 27, 2007, 9:54 pm
VirusTotal
VirusTotal is a free file analisys service that works using several antivirus engines.


Select file :

Distribute
SSL


Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.
Menu:

* News Hot news in the virus/antivirus sector.
* Estadisticas Statistics of VirusTotal procesing.
* Virustotal More info about Virustotal.

STATUS: FINISHED
Complete scanning result of "TG_DUMP0611.DLL", received in VirusTotal at 06.27.2007, 15:45:34 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.6.27.0 06.27.2007 no virus found
AntiVir 7.4.0.34 06.27.2007 no virus found
Authentium 4.93.8 06.26.2007 no virus found
Avast 4.7.997.0 06.26.2007 no virus found
AVG 7.5.0.476 06.27.2007 no virus found
BitDefender 7.2 06.27.2007 no virus found
CAT-QuickHeal 9.00 06.26.2007 no virus found
ClamAV devel-20070416 06.27.2007 no virus found
DrWeb 4.33 06.27.2007 no virus found
eSafe 7.0.15.0 06.26.2007 no virus found
eTrust-Vet 30.8.3744 06.26.2007 no virus found
Ewido 4.0 06.27.2007 no virus found
FileAdvisor 1 06.27.2007 no virus found
Fortinet 2.91.0.0 06.27.2007 no virus found
F-Prot 4.3.2.48 06.26.2007 no virus found
F-Secure 6.70.13030.0 06.27.2007 no virus found
Ikarus T3.1.1.8 06.27.2007 no virus found
Kaspersky 4.0.2.24 06.27.2007 no virus found
McAfee 5061 06.26.2007 no virus found
Microsoft 1.2701 06.27.2007 no virus found
NOD32v2 2358 06.27.2007 no virus found
Norman 5.80.02 06.27.2007 no virus found
Panda 9.0.0.4 06.26.2007 no virus found
Sophos 4.19.0 06.24.2007 no virus found
Sunbelt 2.2.907.0 06.26.2007 no virus found
Symantec 10 06.27.2007 no virus found
TheHacker 6.1.6.139 06.27.2007 no virus found
VBA32 3.12.0.2 06.26.2007 no virus found
VirusBuster 4.3.23:9 06.27.2007 no virus found
Webwasher-Gateway 6.0.1 06.27.2007 no virus found

Aditional Information
File size: 90112 bytes
MD5: e007427046bc07ae3d1f1a7f035e2aef
SHA1: fc2e34dcb825830a099178f04e6b2ee048acabd2
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
www.virustotal.com :: (C)Hispasec Sistemas 2004-07:: e-mail info@virustotal.com

Added on June 27, 2007, 9:55 pm
VirusTotal
VirusTotal is a free file analisys service that works using several antivirus engines.


Select file :

Distribute
SSL


Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.
Menu:

* News Hot news in the virus/antivirus sector.
* Estadisticas Statistics of VirusTotal procesing.
* Virustotal More info about Virustotal.

STATUS: FINISHED
Complete scanning result of "RadLightTTAUninstall.exe", received in VirusTotal at 06.27.2007, 15:46:20 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.6.27.0 06.27.2007 no virus found
AntiVir 7.4.0.34 06.27.2007 no virus found
Authentium 4.93.8 06.26.2007 no virus found
Avast 4.7.997.0 06.26.2007 no virus found
AVG 7.5.0.476 06.27.2007 no virus found
BitDefender 7.2 06.27.2007 no virus found
CAT-QuickHeal 9.00 06.26.2007 no virus found
ClamAV devel-20070416 06.27.2007 no virus found
DrWeb 4.33 06.27.2007 no virus found
eSafe 7.0.15.0 06.26.2007 no virus found
eTrust-Vet 30.8.3744 06.26.2007 no virus found
Ewido 4.0 06.27.2007 no virus found
FileAdvisor 1 06.27.2007 no virus found
Fortinet 2.91.0.0 06.27.2007 no virus found
F-Prot 4.3.2.48 06.26.2007 no virus found
F-Secure 6.70.13030.0 06.27.2007 no virus found
Ikarus T3.1.1.8 06.27.2007 no virus found
Kaspersky 4.0.2.24 06.27.2007 no virus found
McAfee 5061 06.26.2007 no virus found
Microsoft 1.2701 06.27.2007 no virus found
NOD32v2 2358 06.27.2007 no virus found
Norman 5.80.02 06.27.2007 no virus found
Panda 9.0.0.4 06.26.2007 no virus found
Sophos 4.19.0 06.24.2007 no virus found
Sunbelt 2.2.907.0 06.26.2007 no virus found
Symantec 10 06.27.2007 no virus found
TheHacker 6.1.6.137 06.26.2007 no virus found
VBA32 3.12.0.2 06.26.2007 no virus found
VirusBuster 4.3.23:9 06.27.2007 no virus found
Webwasher-Gateway 6.0.1 06.27.2007 no virus found

Aditional Information
File size: 49079 bytes
MD5: 77b91b961edcec00f41a9dfbc0afb7ef
SHA1: f925b3fc893f35651ef5f30a05dc97c74010cab2
packers: BINARYRES
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
www.virustotal.com :: (C)Hispasec Sistemas 2004-07:: e-mail info@virustotal.com

Added on June 27, 2007, 9:55 pm
VirusTotal
VirusTotal is a free file analisys service that works using several antivirus engines.


Select file :

Distribute
SSL


Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.
Menu:

* News Hot news in the virus/antivirus sector.
* Estadisticas Statistics of VirusTotal procesing.
* Virustotal More info about Virustotal.

STATUS: FINISHED
Complete scanning result of "TTACodecs-uninstall.exe", received in VirusTotal at 06.27.2007, 15:46:44 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.6.27.0 06.27.2007 no virus found
AntiVir 7.4.0.34 06.27.2007 no virus found
Authentium 4.93.8 06.26.2007 no virus found
Avast 4.7.997.0 06.26.2007 no virus found
AVG 7.5.0.476 06.27.2007 no virus found
BitDefender 7.2 06.27.2007 no virus found
CAT-QuickHeal 9.00 06.26.2007 no virus found
ClamAV devel-20070416 06.27.2007 no virus found
DrWeb 4.33 06.27.2007 no virus found
eSafe 7.0.15.0 06.26.2007 no virus found
eTrust-Vet 30.8.3744 06.26.2007 no virus found
Ewido 4.0 06.27.2007 no virus found
FileAdvisor 1 06.27.2007 no virus found
Fortinet 2.91.0.0 06.27.2007 no virus found
F-Prot 4.3.2.48 06.26.2007 no virus found
F-Secure 6.70.13030.0 06.27.2007 no virus found
Ikarus T3.1.1.8 06.27.2007 no virus found
Kaspersky 4.0.2.24 06.27.2007 no virus found
McAfee 5061 06.26.2007 no virus found
Microsoft 1.2701 06.27.2007 no virus found
NOD32v2 2358 06.27.2007 no virus found
Norman 5.80.02 06.27.2007 no virus found
Panda 9.0.0.4 06.26.2007 no virus found
Sophos 4.19.0 06.24.2007 no virus found
Sunbelt 2.2.907.0 06.26.2007 no virus found
Symantec 10 06.27.2007 no virus found
TheHacker 6.1.6.137 06.26.2007 no virus found
VBA32 3.12.0.2 06.26.2007 no virus found
VirusBuster 4.3.23:9 06.27.2007 no virus found
Webwasher-Gateway 6.0.1 06.27.2007 no virus found

Aditional Information
File size: 51164 bytes
MD5: bc33bcdea9930bf315ff24a0b5016c54
SHA1: 3a773c118e841e48f52348a4efb9b85caca178dd
packers: BINARYRES
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
www.virustotal.com :: (C)Hispasec Sistemas 2004-07:: e-mail info@virustotal.com

Added on June 27, 2007, 9:59 pmsempurna is my comp badly infected???

Added on June 28, 2007, 12:21 am-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, June 28, 2007 12:20:44 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/06/2007
Kaspersky Anti-Virus database records: 354269
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\

Scan Statistics:
Total number of scanned objects: 151862
Number of viruses found: 9
Number of infected objects: 46 / 0
Number of suspicious objects: 0
Duration of the scan process: 05:40:44

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin\10000.lib Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0606_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0608_Web_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0609_AdBlocker_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0609_AdBlocker_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\report.rpt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sora ilX\Application Data\Google\Google Pinyin\special.lib Object is locked skipped
C:\Documents and Settings\Sora ilX\Application Data\Google\Google Pinyin\userdict.lib Object is locked skipped
C:\Documents and Settings\Sora ilX\Application Data\Mozilla\Firefox\Profiles\swk8i64f.default\cert8.db Object is locked skipped
C:\Documents and Settings\Sora ilX\Application Data\Mozilla\Firefox\Profiles\swk8i64f.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Sora ilX\Application Data\Mozilla\Firefox\Profiles\swk8i64f.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Sora ilX\Application Data\Mozilla\Firefox\Profiles\swk8i64f.default\history.dat Object is locked skipped
C:\Documents and Settings\Sora ilX\Application Data\Mozilla\Firefox\Profiles\swk8i64f.default\key3.db Object is locked skipped
C:\Documents and Settings\Sora ilX\Application Data\Mozilla\Firefox\Profiles\swk8i64f.default\parent.lock Object is locked skipped
C:\Documents and Settings\Sora ilX\Application Data\Mozilla\Firefox\Profiles\swk8i64f.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Sora ilX\Application Data\Mozilla\Firefox\Profiles\swk8i64f.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Sora ilX\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Last.fm\Client\container.log Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Last.fm\Client\httpinput.log Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Last.fm\Client\metadata.log Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Last.fm\Client\playback.log Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Last.fm\Client\sidebar.log Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Last.fm\Client\skype.log Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Last.fm\Client\transcode.log Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Last.fm\Client\webservice.log Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Microsoft\Messenger\sora_ilx@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Microsoft\Messenger\sora_ilx@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Microsoft\Messenger\sora_ilx@hotmail.com\SharingMetadata\Working\database_90C0_8BA4_C08B_8EE2\dfsr.db Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Microsoft\Messenger\sora_ilx@hotmail.com\SharingMetadata\Working\database_90C0_8BA4_C08B_8EE2\fsr.log Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Microsoft\Messenger\sora_ilx@hotmail.com\SharingMetadata\Working\database_90C0_8BA4_C08B_8EE2\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Microsoft\Messenger\sora_ilx@hotmail.com\SharingMetadata\Working\database_90C0_8BA4_C08B_8EE2\tmp.edb Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Microsoft\Windows Live Contacts\sora_ilx@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Microsoft\Windows Live Contacts\sora_ilx@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Mozilla\Firefox\Profiles\swk8i64f.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Mozilla\Firefox\Profiles\swk8i64f.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Mozilla\Firefox\Profiles\swk8i64f.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Application Data\Mozilla\Firefox\Profiles\swk8i64f.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\History\History.IE5\MSHist012007062720070628\index.dat Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Temp\hsperfdata_Sora ilX\2204 Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Temp\~DF4EB2.tmp Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Temp\~DF4EED.tmp Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Temp\~DF6424.tmp Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Temp\~DF6548.tmp Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Sora ilX\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sora ilX\My Documents\My Received Files\lcapi0.log Object is locked skipped
C:\Documents and Settings\Sora ilX\My Documents\My Received Files\MsnMsgr.txt Object is locked skipped
C:\Documents and Settings\Sora ilX\My Documents\My Received Files\Transport0.log Object is locked skipped
C:\Documents and Settings\Sora ilX\ntuser.dat Object is locked skipped
C:\Documents and Settings\Sora ilX\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\CoreAVC Pro\CoreAVCDecoder.ax Infected: Virus.Win32.AutoRun.df skipped
C:\Program Files\LogMeIn\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Program Files\LogMeIn\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Veoh Networks\Veoh\client.log Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\upload.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1E21542B-4A72-44DC-9F80-6A6C062BC735}\RP280\A0194461.exe/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\System Volume Information\_restore{1E21542B-4A72-44DC-9F80-6A6C062BC735}\RP280\A0194461.exe WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{1E21542B-4A72-44DC-9F80-6A6C062BC735}\RP280\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{97B7114C-95D1-4363-A0C3-D00B51A931B5}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\closeapp.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\WINDOWS\system32\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\cch~3b8972474.htp Object is locked skipped
C:\WINDOWS\temp\cch~3b8972a2a.htp Object is locked skipped
C:\WINDOWS\temp\cch~9bc31df2b.htp Object is locked skipped
C:\WINDOWS\temp\cch~9bc31ecf1.htp Object is locked skipped
C:\WINDOWS\temp\cch~a232466eb.htp Object is locked skipped
C:\WINDOWS\temp\cch~a23246e4f.htp Object is locked skipped
C:\WINDOWS\temp\cch~bb5d18cc2.htp Object is locked skipped
C:\WINDOWS\temp\cch~bb5d1a70e.htp Object is locked skipped
C:\WINDOWS\temp\cch~bc7ee7eed.htp Object is locked skipped
C:\WINDOWS\temp\cch~bc7ee87e9.htp Object is locked skipped
C:\WINDOWS\temp\cch~bc8198f4f.htp Object is locked skipped
C:\WINDOWS\temp\cch~bc819969b.htp Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Downloads\Fonts\vtp6.zip/Vista Transformation Pack 6.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\Downloads\Fonts\vtp6.zip/Vista Transformation Pack 6.0.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\Downloads\Fonts\vtp6.zip ZIP: infected - 2 skipped
D:\Downloads\Fonts\WinRAR.v3.62.Final.WinALL.Regged-6y120p0.zip/WinRAR.v3.62.Final.WinALL.Regged-6y120p0/wrar362.exe/data.rar/Setup.exe Infected: Trojan-PSW.Win32.LdPinch.bgj skipped
D:\Downloads\Fonts\WinRAR.v3.62.Final.WinALL.Regged-6y120p0.zip/WinRAR.v3.62.Final.WinALL.Regged-6y120p0/wrar362.exe/data.rar Infected: Trojan-PSW.Win32.LdPinch.bgj skipped
D:\Downloads\Fonts\WinRAR.v3.62.Final.WinALL.Regged-6y120p0.zip/WinRAR.v3.62.Final.WinALL.Regged-6y120p0/wrar362.exe Infected: Trojan-PSW.Win32.LdPinch.bgj skipped
D:\Downloads\Fonts\WinRAR.v3.62.Final.WinALL.Regged-6y120p0.zip ZIP: infected - 3 skipped
D:\My Documents\Downloaded Program\Media Player Related\bsplayer210.939_clip.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
D:\My Documents\Downloaded Program\Media Player Related\bsplayer210.939_clip.exe NSIS: infected - 1 skipped
D:\My Documents\Downloaded Program\Media Player Related\kugoo.exe/EBAYSHOP.EXE/data.rar/EbayShop/EbayShopSetup.exe Infected: not-a-virus:AdWare.Win32.WebSearch.aj skipped
D:\My Documents\Downloaded Program\Media Player Related\kugoo.exe/EBAYSHOP.EXE/data.rar Infected: not-a-virus:AdWare.Win32.WebSearch.aj skipped
D:\My Documents\Downloaded Program\Media Player Related\kugoo.exe/EBAYSHOP.EXE Infected: not-a-virus:AdWare.Win32.WebSearch.aj skipped
D:\My Documents\Downloaded Program\Media Player Related\kugoo.exe ZIP: infected - 3 skipped
D:\My Documents\Downloaded Program\mirc62.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
D:\My Documents\Downloaded Program\mirc62.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
D:\My Documents\Downloaded Program\mirc62.exe NSIS: infected - 2 skipped
D:\My Documents\Downloaded Program\Vista Transformation Pack 6.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\My Documents\Downloaded Program\Vista Transformation Pack 6.0.exe/WISE0053.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\My Documents\Downloaded Program\Vista Transformation Pack 6.0.exe/WISE0053.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\My Documents\Downloaded Program\Vista Transformation Pack 6.0.exe WiseSFX: infected - 3 skipped
D:\My Documents\Windows Theme\HilledSE__The_Relase_For_WB5_by_jemaho.rar/Hilled SE/LS Patch/LSPatch.exe/WISE0004.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\My Documents\Windows Theme\HilledSE__The_Relase_For_WB5_by_jemaho.rar/Hilled SE/LS Patch/LSPatch.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\My Documents\Windows Theme\HilledSE__The_Relase_For_WB5_by_jemaho.rar RAR: infected - 2 skipped
D:\My Documents\Windows Theme\Vista Tranformation Pack 5.5\Vista Transformation Pack 5.5.exe/WISE0039.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\My Documents\Windows Theme\Vista Tranformation Pack 5.5\Vista Transformation Pack 5.5.exe/WISE0058.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\My Documents\Windows Theme\Vista Tranformation Pack 5.5\Vista Transformation Pack 5.5.exe/WISE0058.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\My Documents\Windows Theme\Vista Tranformation Pack 5.5\Vista Transformation Pack 5.5.exe WiseSFX: infected - 3 skipped
D:\My Documents\Windows Theme\Vista Transformation Pack 6.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\My Documents\Windows Theme\Vista Transformation Pack 6.0.exe/WISE0053.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\My Documents\Windows Theme\Vista Transformation Pack 6.0.exe/WISE0053.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\My Documents\Windows Theme\Vista Transformation Pack 6.0.exe WiseSFX: infected - 3 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\Downloads\vtp7.zip/Vista Transformation Pack 7.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
E:\Downloads\vtp7.zip/Vista Transformation Pack 7.0.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
E:\Downloads\vtp7.zip ZIP: infected - 2 skipped
E:\Downloads\[ZMPIG][DEATH NOTE][37][RV10_aac][jap_chn].rmvb\[ZMPIG][DEATH NOTE][37][RV10_aac][jap_chn].rmvb Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{1E21542B-4A72-44DC-9F80-6A6C062BC735}\RP280\change.log Object is locked skipped
E:\Vista Transformation Pack 7.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
E:\Vista Transformation Pack 7.0.exe WiseSFX: infected - 1 skipped

Scan process completed.


This post has been edited by Irishcoffee: Jun 28 2007, 12:21 AM
Sempurna
post Jun 28 2007, 01:15 AM

Look at all my stars!!
Group Icon
VIP
3,022 posts

Joined: Jul 2006
From: KL
Show me a new ComboFix log after running Flash_Disinfector, please.

Also, please let me see a fresh HijackThis log, please.
TSIrishcoffee
post Jun 28 2007, 05:07 PM

ilX / Espressivo
*******
Senior Member
2,994 posts

Joined: Jan 2003
From: Behind You
"Sora ilX" - 2007-06-28 17:01:43 - ComboFix 07-06-23.5 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-28 )))))))))))))))))))))))))))))))


2007-06-28 17:00 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-06-27 20:07 <DIR> d-------- C:\Program Files\TTPlayer
2007-06-27 01:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-27 01:09 <DIR> d-------- C:\Program Files\CCleaner
2007-06-27 01:03 <DIR> drahs---- C:\autorun.inf
2007-06-26 22:31 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2007-06-26 22:19 6,181,376 --a------ C:\WINDOWS\system32\vistaui.exe
2007-06-26 22:19 498,176 --a------ C:\WINDOWS\system32\logon.scr
2007-06-26 22:19 305,447 --a------ C:\WINDOWS\system32\viwc.exe
2007-06-26 22:19 <DIR> d-------- C:\Program Files\VisualTooltip
2007-06-26 22:19 <DIR> d-------- C:\Program Files\ViStart
2007-06-26 22:15 94,208 --a------ C:\WINDOWS\system32\pskill.exe
2007-06-24 14:50 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-24 13:13 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-06-24 02:24 <DIR> d-------- C:\My Music
2007-06-23 23:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1.SOR\APPLIC~1\Real
2007-06-23 23:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1.SOR\APPLIC~1\Media Player Classic
2007-06-23 23:46 786,432 --ah----- C:\DOCUME~1\ADMINI~1.SOR\NTUSER.DAT
2007-06-21 20:37 152,833 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-06-17 03:37 656,600 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys
2007-06-16 14:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CenerTCPMessenger
2007-06-14 19:20 <DIR> d-------- C:\Program Files\Joost
2007-06-11 18:48 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-11 18:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-11 18:23 <DIR> d-------- C:\Program Files\Windows Live
2007-06-11 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2007-06-11 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-01 16:05 <DIR> d-------- C:\DOCUME~1\SORAIL~1\APPLIC~1\Joost
2007-06-01 08:20 51,568 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-05-30 00:16 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2080-03-10 18:28:32 1,082,880 ----a-w C:\WINDOWS\system32\AutoPartNt.exe
2020-03-07 16:22:42 -------- d-----w C:\Program Files\Rapidown
2007-06-28 09:05:49 -------- d-----w C:\Program Files\FlashGet
2007-06-28 09:04:19 -------- d-----w C:\Program Files\Kaspersky Lab
2007-06-28 09:03:15 -------- d-----w C:\Program Files\cFosSpeed
2007-06-28 08:56:35 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\uTorrent
2007-06-27 15:40:16 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\foobar2000
2007-06-27 10:56:46 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-06-26 15:19:55 -------- d-----w C:\Program Files\Stardock
2007-06-24 08:48:00 -------- d-----w C:\Program Files\Warcraft III
2007-06-23 15:12:18 -------- d-----w C:\Program Files\Steam
2007-06-21 17:42:41 -------- d--h--w C:\Program Files\illusion
2007-06-21 15:08:45 -------- d-----w C:\Program Files\Granado Espada
2007-06-19 16:34:35 -------- d-----w C:\Program Files\SpeedFan
2007-06-19 14:47:17 -------- d-----w C:\Program Files\Tuotu
2007-06-15 16:45:58 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\VMware
2007-06-11 10:48:35 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\Lavasoft
2007-06-11 10:46:50 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-11 10:30:35 -------- d-----w C:\Program Files\MSN Messenger
2007-05-27 07:37:40 -------- d-----w C:\Program Files\WinAVI Video Converter
2007-05-22 15:25:55 -------- d-----w C:\Program Files\OpenVPN
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:38:37 -------- d-----w C:\Program Files\Combined Community Codec Pack
2007-05-13 17:47:00 -------- d-----w C:\Program Files\BT Engine
2007-05-13 06:14:06 -------- d--h--w C:\Program Files\Overflow
2007-05-12 15:40:36 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\Media Player Classic
2007-05-12 14:37:46 -------- d-----w C:\Program Files\K-Lite Codec Pack
2007-05-12 05:53:55 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\Reallusion
2007-05-12 05:52:48 -------- d-----w C:\Program Files\Reallusion
2007-05-12 05:52:16 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-11 18:15:13 -------- d-----w C:\Program Files\Guitar Pro 5
2007-05-09 12:19:39 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-05 07:13:56 -------- d-----w C:\Program Files\iTunes
2007-05-05 07:13:48 -------- d-----w C:\Program Files\iPod
2007-05-05 07:12:44 -------- d-----w C:\Program Files\QuickTime
2007-05-02 18:57:56 5,256 -c--a-w C:\WINDOWS\LoginUsers.dat
2007-05-02 18:57:55 -------- d-----w C:\Program Files\KuGoo3
2007-05-02 18:53:26 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\LimeWire
2007-05-01 05:46:10 -------- d-----w C:\Program Files\MediaMonkey
2007-04-28 18:39:39 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\Oxin's Style!
2007-04-28 06:40:36 -------- d-----w C:\DOCUME~1\SORAIL~1\APPLIC~1\FlashGet
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 14:47:36 33,624 -c--a-w C:\WINDOWS\system32\wups.dll
2007-04-16 14:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 14:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 14:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 14:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 14:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 14:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 14:45:20 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 14:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 14:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 10:58:36 471,040 -c--a-w C:\WINDOWS\system32\muzapp.dll
2007-04-13 10:58:36 167,936 -c--a-w C:\WINDOWS\system32\muzapp.exe
2007-04-13 10:58:36 110,592 -c--a-w C:\WINDOWS\system32\TG_VIEW0607.DLL
2007-04-13 10:58:35 90,112 -c--a-w C:\WINDOWS\system32\TG_SYNC.DLL
2007-04-13 10:58:35 90,112 -c--a-w C:\WINDOWS\system32\TG_DUMP0611.DLL
2007-04-13 07:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-04-06 00:19:04 227,856 ----a-w C:\WINDOWS\system32\PDBoot.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00000AAA-A363-466E-BEF5-9BB68697AA7F}=C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll [2007-01-24 19:10]
{02478D37-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll [2006-11-24 00:42]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-04-13 16:34]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{A6984C00-C6EB-11D4-B4A4-080000180323}=C:\PROGRA~1\Rapidown\rapi310.dll [2007-04-06 21:03]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 23:57]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 17:45]
{F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-04-13 17:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMSCMIG40W"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.exe" [2006-03-20 16:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.0 RC 16.2\RivaTuner.exe" [2006-11-27 16:15]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2007-05-25 18:31]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-03-15 18:59]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-06 01:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-01 08:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=00000000
"RestrictRun"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"="C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll",wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Diskeeper 10 Professional Edition Registration.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Diskeeper 10 Professional Edition Registration.lnk
backup=C:\WINDOWS\pss\Diskeeper 10 Professional Edition Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Folding@Home 5.03.lnk
backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=C:\WINDOWS\pss\LaunchU3.exe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Morpheus.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Rapidown.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Rapidown.lnk
backup=C:\WINDOWS\pss\Rapidown.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Styler.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Styler.lnk
backup=C:\WINDOWS\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sora ilX^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Sora ilX\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
C:\Program Files\DU Meter\DUMeter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RunDLL32.exe NvMCTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
C:\Program Files\OpenVPN\bin\openvpn-gui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
"C:\Program Files\RivaTuner v2.0 RC 16.2\RivaTuner.exe" /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
C:\Program Files\Styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWd]
C:\WINDOWS\winwd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
"C:\Program Files\Vista Start Menu\VistaStartMenu.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebThunder]
C:\Program Files\Thunder Network\WebThunder\WebThunder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
C:\Program Files\A4Tech\Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPLOSION]
"C:\Program Files\WinPLOSION\winplosion.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"C:\Program Files\Zune\ZuneLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"winser"=2 (0x2)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"LogMeIn"=3 (0x3)
"LMIMaint"=3 (0x3)
"VMware NAT Service"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"DriveHealth"=3 (0x3)
"IDriverT"=3 (0x3)
"StarWindService"=2 (0x2)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"MSSQL$MSSMLBIZ"=2 (0x2)
"MSCSPTISRV"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="C:\Program Files\Steam\Steam.exe" -silent
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"openvpn-gui"=C:\Program Files\OpenVPN\bin\openvpn-gui.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b74bc0bf-b80c-11db-957f-00095be3cde9}]
AutoRun\command- Q:\LaunchU3.exe -a


Contents of the 'Scheduled Tasks' folder
2007-06-22 09:21:34 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-06-05 03:48:15 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-28 08:35:05 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2099-12-26 02:00:26 C:\WINDOWS\tasks\User_Feed_Synchronization-{588A7190-5FE9-4988-B0DE-5BB204EACCE2}.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-28 17:05:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-28 17:07:12
C:\ComboFix-quarantined-files.txt ... 2007-06-28 17:07
C:\ComboFix2.txt ... 2007-06-27 00:53

--- E O F ---

Added on June 28, 2007, 5:09 pmLogfile of HijackThis v1.99.1
Scan saved at 下午 5:10:02, on 2007-6-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Documents and Settings\Sora ilX\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll
O2 - BHO: Thunder Browser Helper - {02478D37-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\PROGRA~1\Rapidown\rapi310.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: 快车(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16.2\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 下载页面上的ED2(&K)链接 - C:\Program Files\eMule\ed2k.html
O8 - Extra context menu item: 使用Web迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 使用Web迅雷下载全部链接 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 设为 Messenger Live 头像 - C:\Program Files\MSNShell\Bin\SetMSNDP.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: 快车 - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: 快车(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - c:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll",wbsys.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe



This post has been edited by Irishcoffee: Jun 28 2007, 05:09 PM
Sempurna
post Jun 29 2007, 04:11 PM

Look at all my stars!!
Group Icon
VIP
3,022 posts

Joined: Jul 2006
From: KL
Hi IrishCoffee,

The logs appear to be clean. smile.gif

How are things running now?
TSIrishcoffee
post Jun 29 2007, 05:11 PM

ilX / Espressivo
*******
Senior Member
2,994 posts

Joined: Jan 2003
From: Behind You
r u sure its clean???
i dunnoe y having slow down issue on photoshop
my photoshop eat up 600mb of ram n 600mb vm when only load up with a 5megapixel photo
nvm thx sempurna anyway!!
Sempurna
post Jun 29 2007, 05:19 PM

Look at all my stars!!
Group Icon
VIP
3,022 posts

Joined: Jul 2006
From: KL
You're most welcome, IrishCoffee. smile.gif

Yep, your system appears to be clean. smile.gif

Uninstall and reinstall Photoshop. Probably got corrupted by the malware and the cleaning process.

~~~
TSIrishcoffee
post Jun 29 2007, 05:22 PM

ilX / Espressivo
*******
Senior Member
2,994 posts

Joined: Jan 2003
From: Behind You
k thanks sempurna notworthy.gif notworthy.gif notworthy.gif notworthy.gif
thread closed
« Next Oldest · Technical Support · Next Newest »
 

Topic ClosedOptions
 

Change to:
| Lo-Fi Version
 0.0364sec    0.35    6 queries    GZIP Disabled
Time is now: 15th December 2025 - 05:33 AM
All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)
Removal Request
Powered by Invision Power Board © 2025  IPS, Inc.