Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Solution Center

Free IT eBook

Howtos

Site Search

Message Find

RSS Feeds

Install Guides

Data Recovery

About

Home
Reply to Message Icon Go to Main Page Icon

Subject: WINAntiVirusPro driveCleaner popup

Original Message
Name: ipexz
Date: November 30, 2007 at 13:36:01 Pacific
Subject: WINAntiVirusPro driveCleaner popup
OS: win xp SP2
CPU/Ram: 760
Comment:
Hello,
I have popups of winAntivirusPro and DriveCleaner also some unwanted websites are opening. I cannot get ride of them. . Can someone help me please?

Thank you,
jacq.


Report Offensive Message For Removal

Response Number 1
Name: ipexz
Date: November 30, 2007 at 13:37:54 Pacific
Subject: WINAntiVirusPro driveCleaner popup
Reply: (edit)
Please guide me to ride it off...

jacq


Report Offensive Follow Up For Removal

Response Number 2
Name: jabuck
Date: November 30, 2007 at 16:41:46 Pacific
Subject: WINAntiVirusPro driveCleaner popup
Reply: (edit)
Please download and install the latest version of HijackThis v2.0.2:

Download the HijackThis Installer from this link: HijackThis

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces.


Report Offensive Follow Up For Removal

Response Number 3
Name: ipexz
Date: December 1, 2007 at 07:37:14 Pacific
Subject: WINAntiVirusPro driveCleaner popup
Reply: (edit)
Here this -- Hijack log file below : -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:32 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eyep2p.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{32E059DB-CCB7-4AC8-B538-381933EC2BE1}: NameServer = 202.54.29.5 202.54.6.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B041E7E-B9FB-40E8-A3AE-F8AB919B12B8}: NameServer = 202.54.6.60,202.54.29.5
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\wqnnsycd.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 5846 bytes


jacq


Report Offensive Follow Up For Removal

Response Number 4
Name: ipexz
Date: December 1, 2007 at 07:59:23 Pacific
Subject: WINAntiVirusPro driveCleaner popup
Reply: (edit)
ComboFix 07-11-19.4C - INTEL PENTIUM 2007-12-01 19:10:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.490 [GMT 5.5:30]
Running from: C:\Documents and Settings\INTEL PENTIUM\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\crosof~1.net
C:\Program Files\Common Files\crosof~1.net\?ti2evxx.exe
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Temporary
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aomedumw.ini
C:\WINDOWS\system32\avumwhay.dll
C:\WINDOWS\system32\esukyxtn.dll
C:\WINDOWS\system32\flylbscj.ini
C:\WINDOWS\system32\gcdqccsq.dll
C:\WINDOWS\system32\gndttesv.ini
C:\WINDOWS\system32\hdlyronk.dll
C:\WINDOWS\system32\jcsblylf.dll
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.tmp
C:\WINDOWS\system32\qsccqdcg.ini
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\vsettdng.dll
C:\WINDOWS\system32\wmudemoa.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))))
.

2007-12-01 03:40 84,045 --a------ C:\WINDOWS\system32\cgfdkhvl.dll
2007-12-01 00:47 79,905 --a------ C:\WINDOWS\system32\rapvnult.dll
2007-11-30 20:36 84,045 --a------ C:\WINDOWS\system32\uqhqvqxe.dll
2007-11-30 20:22 82,665 --a------ C:\WINDOWS\system32\aewpaoth.dll
2007-11-30 17:18 84,045 --a------ C:\WINDOWS\system32\qseplqkl.dll
2007-11-30 14:09 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-11-25 19:48 <DIR> d-------- C:\Program Files\Extension Changer
2007-11-25 19:35 <DIR> d-------- C:\Program Files\mp3DirectCut
2007-11-25 18:30 <DIR> d-------- C:\Program Files\directx
2007-11-24 11:33 <DIR> d-------- C:\Documents and Settings\INTEL PENTIUM\Application Data\Ahead
2007-11-24 11:26 2,977,792 --------- C:\WINDOWS\UNNMP.exe
2007-11-24 11:20 2,973,696 --------- C:\WINDOWS\UNNeroVision.exe
2007-11-24 11:19 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-11-24 11:19 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-11-24 11:03 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-11-24 10:59 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-11-23 14:40 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-11-23 14:04 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-11-23 14:03 <DIR> d-------- C:\Program Files\Cucusoft
2007-11-23 13:37 <DIR> d-------- C:\Program Files\Replay Converter
2007-11-23 10:06 <DIR> d-------- C:\Program Files\SlySoft
2007-11-21 07:28 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-20 16:46 <DIR> d-------- C:\Program Files\BFG
2007-11-20 16:46 <DIR> d-------- C:\Program Files\Backspin Billiards
2007-11-20 06:47 <DIR> d-------- C:\Sogam-Tharum-Sugam
2007-11-18 06:01 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2007-11-18 06:01 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-11-18 06:00 <DIR> d-------- C:\Program Files\Color7 Video Studio
2007-11-18 05:57 <DIR> d-------- C:\Program Files\Free Image Editor
2007-11-14 18:54 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-12 12:21 <DIR> d-------- C:\Program Files\CloneDVD
2007-11-07 18:17 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-11-07 15:33 <DIR> d-------- C:\Program Files\Disc2Phone
2007-11-07 08:40 <DIR> d-------- C:\Program Files\Real
2007-11-07 08:40 <DIR> d-------- C:\Program Files\Common Files\Real
2007-11-07 06:32 571,044 --ahs---- C:\WINDOWS\system32\bwkcgjhw.ini
2007-11-06 18:39 567,417 --ahs---- C:\WINDOWS\system32\adclhejm.ini
2007-11-06 05:50 564,885 --ahs---- C:\WINDOWS\system32\bffokjpk.ini
2007-11-05 22:27 563,769 ---hs---- C:\WINDOWS\system32\rjfuqlmw.ini
2007-11-05 20:43 <DIR> d-------- C:\Program Files\DAP
2007-11-05 20:38 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-11-05 19:32 573,087 --ahs---- C:\WINDOWS\system32\evpdnlvr.ini
2007-11-05 07:55 <DIR> d-------- C:\Downloads
2007-11-05 07:44 <DIR> d-------- C:\Documents and Settings\INTEL PENTIUM\Application Data\.ABC
2007-11-04 02:53 577,154 ---hs---- C:\WINDOWS\system32\spatjwnj.ini
2007-11-04 02:42 <DIR> d-------- C:\Program Files\acoustic
2007-11-04 02:06 <DIR> d-------- C:\Program Files\FAR
2007-11-03 22:31 577,085 --ahs---- C:\WINDOWS\system32\mpsbmuhi.ini
2007-11-03 15:52 576,965 --ahs---- C:\WINDOWS\system32\eabiouup.ini
2007-11-03 14:24 576,845 ---hs---- C:\WINDOWS\system32\rvwafiwi.ini
2007-11-03 01:35 <DIR> d-------- C:\Program Files\Macromedia
2007-11-03 01:35 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2007-11-03 00:09 577,145 ---hs---- C:\WINDOWS\system32\ovnjhnmq.ini
2007-11-02 21:36 <DIR> d-------- C:\Documents and Settings\INTEL PENTIUM\Application Data\MyPhoneExplorer
2007-11-02 21:35 <DIR> d-------- C:\Program Files\MyPhoneExplorer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 13:33 --------- d-----w C:\Program Files\Trend Micro
2007-12-01 13:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-30 21:08 82,665 ----a-w C:\WINDOWS\system32\xjfhgdif.dll
2007-11-30 19:38 84,045 ----a-w C:\WINDOWS\system32\yfrvdfke.dll
2007-11-30 14:59 84,045 ----a-w C:\WINDOWS\system32\gfnmdevd.dll
2007-11-30 13:39 84,045 ----a-w C:\WINDOWS\system32\iaydiroa.dll
2007-11-30 11:33 79,905 ----a-w C:\WINDOWS\system32\wvbtcsjn.dll
2007-11-30 08:46 --------- d-----w C:\Program Files\BitComet
2007-11-30 08:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-30 06:20 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-24 05:56 --------- d-----w C:\Program Files\Ahead
2007-11-24 05:29 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-23 08:07 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-11-21 08:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 10:24 --------- d-----w C:\Program Files\QuickTime
2007-11-07 10:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-07 01:02 87,104 ----a-w C:\WINDOWS\system32\whjgckwb.dll
2007-11-05 13:31 85,568 ----a-w C:\WINDOWS\system32\kgvmraqw.dll
2007-11-05 02:20 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\.ABC
2007-11-03 21:23 87,616 ----a-w C:\WINDOWS\system32\jnwjtaps.dll
2007-11-02 20:09 --------- d-----w C:\Program Files\Opera
2007-10-30 14:25 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 14:25 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 14:25 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 14:25 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 14:25 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 14:25 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-30 14:25 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 14:25 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 14:25 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 13:54 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 13:54 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-29 17:16 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-29 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-29 16:33 --------- d-----w C:\Program Files\Yahoo!
2007-10-29 04:02 --------- d-----w C:\Program Files\Your Uninstaller 2006
2007-10-29 03:45 --------- d-----w C:\Program Files\Winamp
2007-10-26 13:21 76,864 ----a-w C:\WINDOWS\system32\qoaecxxo.dll
2007-10-26 07:07 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Pegasys Inc
2007-10-26 06:48 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-10-26 04:54 76,864 ----a-w C:\WINDOWS\system32\jhjfrgtl.dll
2007-10-25 11:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-10-24 19:12 53,248 ----a-w C:\WINDOWS\system32\GenSvcInst.exe
2007-10-24 19:12 33,408 ----a-w C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2007-10-24 19:12 118,784 ----a-w C:\WINDOWS\system32\bgsvcgen.exe
2007-10-24 18:56 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2007-10-24 18:54 --------- d-----w C:\Program Files\MAGIX
2007-10-24 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2007-10-24 18:05 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Snapfish
2007-10-24 17:24 98,304 ----a-w C:\WINDOWS\system32\SoftAheadCert.dll
2007-10-24 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-24 04:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2007-10-22 20:15 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2007-10-22 09:10 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Free Upload Manager
2007-10-22 05:37 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\DMCache
2007-10-20 05:50 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-20 05:50 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-20 05:50 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-20 05:50 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-20 05:50 --------- d-----w C:\Program Files\Symantec
2007-10-19 10:32 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\AdobeUM
2007-10-19 10:30 --------- d-----w C:\Program Files\SEMC
2007-10-19 07:24 --------- d-----w C:\Program Files\DIFX
2007-10-19 07:24 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\PC Suite
2007-10-19 07:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-10-19 06:22 --------- d-----w C:\Program Files\CCleaner
2007-10-19 05:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-18 18:23 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\iolo
2007-10-18 08:20 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\vlc
2007-10-18 08:17 --------- d-----w C:\Program Files\VideoLAN
2007-10-17 16:36 --------- d-----w C:\Program Files\Common Files\Nero
2007-10-17 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-10-17 03:03 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\URSoft
2007-10-17 02:55 --------- d-----w C:\Program Files\Innovative Solutions
2007-10-17 02:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2007-10-17 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-17 00:41 --------- d-----w C:\Program Files\Tavultesoft
2007-10-17 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tavultesoft
2007-10-17 00:39 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\BSplayer PRO
2007-10-15 05:35 --------- d-----w C:\Program Files\Java
2007-10-15 05:35 --------- d-----w C:\Program Files\Common Files\Java
2007-10-14 14:41 --------- d-----w C:\Program Files\PowerISO
2007-10-14 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-14 13:01 --------- d-----w C:\Program Files\Common Files\DirectX
2007-10-14 11:26 45,056 ----a-w C:\WINDOWS\system32\sstunst2.exe
2007-10-14 11:25 45,056 ----a-w C:\WINDOWS\system32\sstunst3.exe
2007-10-13 20:28 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\CyberLink
2007-10-13 20:27 --------- d-----w C:\Program Files\CyberLink
2007-10-13 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-13 20:10 --------- d-----w C:\Program Files\Webteh
2007-10-13 19:19 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Teleca
2007-10-13 18:20 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Apple Computer
2007-10-13 16:50 97,056 ----a-w C:\WINDOWS\system32\drivers\W700mdm.sys
2007-10-13 16:50 9,264 ----a-w C:\WINDOWS\system32\drivers\W700mdfl.sys
2007-10-13 16:50 88,560 ----a-w C:\WINDOWS\system32\drivers\W700mgmt.sys
2007-10-13 16:50 86,368 ----a-w C:\WINDOWS\system32\drivers\W700obex.sys
2007-10-13 16:50 61,536 ----a-w C:\WINDOWS\system32\drivers\W700bus.sys
2007-10-13 16:50 6,208 ----a-w C:\WINDOWS\system32\drivers\W700cmnt.sys
2007-10-13 16:50 6,208 ----a-w C:\WINDOWS\system32\drivers\W700cm.sys
2007-10-13 16:50 5,840 ----a-w C:\WINDOWS\system32\drivers\W700whnt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:30]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 16:10]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-11-07 20:36]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-14 18:53]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 03:04]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2007-10-26 10:35 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstqp.dll

S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\W700bus.sys
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\W700mdfl.sys
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\W700mdm.sys
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\W700mgmt.sys
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\W700obex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 15:30:35 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - INTEL PENTIUM.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 19:19:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-01 19:20:55 - machine was rebooted
.
--- E O F ---


jacq


Report Offensive Follow Up For Removal

Response Number 5
Name: jabuck
Date: December 1, 2007 at 10:26:09 Pacific
Subject: WINAntiVirusPro driveCleaner popup
Reply: (edit)
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\Program Files\Common Files\crosof~1.net
C:\Program Files\Common Files\crosof~1.net\?ti2evxx.exe
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Temporary
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aomedumw.ini
C:\WINDOWS\system32\avumwhay.dll
C:\WINDOWS\system32\esukyxtn.dll
C:\WINDOWS\system32\flylbscj.ini
C:\WINDOWS\system32\gcdqccsq.dll
C:\WINDOWS\system32\gndttesv.ini
C:\WINDOWS\system32\hdlyronk.dll
C:\WINDOWS\system32\jcsblylf.dll
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.tmp
C:\WINDOWS\system32\qsccqdcg.ini
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\vsettdng.dll
C:\WINDOWS\system32\wmudemoa.dll
C:\WINDOWS\system32\cgfdkhvl.dll
C:\WINDOWS\system32\rapvnult.dll
C:\WINDOWS\system32\uqhqvqxe.dll
C:\WINDOWS\system32\aewpaoth.dll
C:\WINDOWS\system32\qseplqkl.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\bwkcgjhw.ini
C:\WINDOWS\system32\adclhejm.ini
C:\WINDOWS\system32\bffokjpk.ini
C:\WINDOWS\system32\rjfuqlmw.ini
C:\WINDOWS\system32\evpdnlvr.ini
C:\WINDOWS\system32\spatjwnj.ini
C:\WINDOWS\system32\mpsbmuhi.ini
C:\WINDOWS\system32\eabiouup.ini
C:\WINDOWS\system32\rvwafiwi.ini
C:\WINDOWS\system32\ovnjhnmq.ini
C:\WINDOWS\system32\xjfhgdif.dll
C:\WINDOWS\system32\yfrvdfke.dll
C:\WINDOWS\system32\gfnmdevd.dll
C:\WINDOWS\system32\iaydiroa.dll
C:\WINDOWS\system32\wvbtcsjn.dll
C:\WINDOWS\system32\whjgckwb.dll
C:\WINDOWS\system32\kgvmraqw.dll
C:\WINDOWS\system32\jnwjtaps.dll
C:\WINDOWS\system32\jhjfrgtl.dll
C:\WINDOWS\system32\sstqp.dll

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Your java is out of date and can be exploited.

Download the latest version of http://java.sun.com/javase/downloads/index.jsp

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".

Click the "Download" button to the right.

Check the box that says: "Accept License Agreement". The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Close any programs you may have running - especially your web browser.

Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.

Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed

. Then from your desktop double-click on jre-1_6_3-windowsi586-p.exe to install the newest version.

Post a new Hijack This log and a new Combofix log please.


Report Offensive Follow Up For Removal

Response Number 6
Name: ipexz
Date: December 3, 2007 at 04:59:18 Pacific
Subject: WINAntiVirusPro driveCleaner popup
Reply: (edit)
Hijack Log here :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:16 PM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eyep2p.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{32E059DB-CCB7-4AC8-B538-381933EC2BE1}: NameServer = 202.54.29.5 202.54.6.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B041E7E-B9FB-40E8-A3AE-F8AB919B12B8}: NameServer = 202.54.6.60,202.54.29.5
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 4829 bytes

Combofix Log Here:

ComboFix 07-11-19.4C - INTEL PENTIUM 2007-12-03 16:12:07.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.472 [GMT 5.5:30]
Running from: C:\Documents and Settings\INTEL PENTIUM\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-03 15:49 <DIR> d-------- C:\Program Files\uTorrent
2007-12-03 15:49 <DIR> d-------- C:\Documents and Settings\INTEL PENTIUM\Application Data\uTorrent
2007-12-03 13:18 <DIR> d-------- C:\Program Files\Coolwallpaper
2007-12-03 13:18 204,800 --a------ C:\WINDOWS\JpegEx.dll
2007-12-03 13:18 24,576 --a------ C:\WINDOWS\CWSUninstall.exe
2007-12-02 23:22 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-02 23:21 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-01 03:40 84,045 --a------ C:\WINDOWS\system32\cgfdkhvl.dll
2007-12-01 02:38 82,665 --a------ C:\WINDOWS\system32\xjfhgdif.dll
2007-12-01 01:08 84,045 --a------ C:\WINDOWS\system32\yfrvdfke.dll
2007-12-01 00:47 79,905 --a------ C:\WINDOWS\system32\rapvnult.dll
2007-11-30 20:36 84,045 --a------ C:\WINDOWS\system32\uqhqvqxe.dll
2007-11-30 20:29 84,045 --a------ C:\WINDOWS\system32\gfnmdevd.dll
2007-11-30 20:22 82,665 --a------ C:\WINDOWS\system32\aewpaoth.dll
2007-11-30 19:08 84,045 --a------ C:\WINDOWS\system32\iaydiroa.dll
2007-11-30 17:18 84,045 --a------ C:\WINDOWS\system32\qseplqkl.dll
2007-11-30 17:03 79,905 --a------ C:\WINDOWS\system32\wvbtcsjn.dll
2007-11-25 19:48 <DIR> d-------- C:\Program Files\Extension Changer
2007-11-25 19:35 <DIR> d-------- C:\Program Files\mp3DirectCut
2007-11-25 18:30 <DIR> d-------- C:\Program Files\directx
2007-11-24 11:33 <DIR> d-------- C:\Documents and Settings\INTEL PENTIUM\Application Data\Ahead
2007-11-24 11:26 2,977,792 --------- C:\WINDOWS\UNNMP.exe
2007-11-24 11:20 2,973,696 --------- C:\WINDOWS\UNNeroVision.exe
2007-11-24 11:19 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-11-24 11:19 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-11-24 11:03 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-11-24 10:59 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-11-24 10:59 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-11-24 10:59 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-11-24 10:59 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-11-24 10:59 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-11-23 14:40 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-11-23 14:40 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-11-23 14:04 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-11-23 14:04 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2007-11-23 14:04 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-11-23 14:04 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-11-23 14:04 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-11-23 14:03 <DIR> d-------- C:\Program Files\Cucusoft
2007-11-23 13:37 <DIR> d-------- C:\Program Files\Replay Converter
2007-11-23 10:06 <DIR> d-------- C:\Program Files\SlySoft
2007-11-21 07:28 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-20 16:46 <DIR> d-------- C:\Program Files\BFG
2007-11-20 16:46 <DIR> d-------- C:\Program Files\Backspin Billiards
2007-11-20 16:46 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-11-20 06:47 <DIR> d-------- C:\Sogam-Tharum-Sugam
2007-11-18 06:01 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2007-11-18 06:01 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-11-18 06:00 <DIR> d-------- C:\Program Files\Color7 Video Studio
2007-11-18 05:57 <DIR> d-------- C:\Program Files\Free Image Editor
2007-11-14 18:54 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-12 12:21 <DIR> d-------- C:\Program Files\CloneDVD
2007-11-07 18:17 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-11-07 15:33 <DIR> d-------- C:\Program Files\Disc2Phone
2007-11-07 08:40 <DIR> d-------- C:\Program Files\Real
2007-11-07 08:40 <DIR> d-------- C:\Program Files\Common Files\Real
2007-11-07 06:32 571,044 --ahs---- C:\WINDOWS\system32\bwkcgjhw.ini
2007-11-07 06:32 87,104 --a------ C:\WINDOWS\system32\whjgckwb.dll
2007-11-06 18:39 567,417 --ahs---- C:\WINDOWS\system32\adclhejm.ini
2007-11-06 16:01 564,996 --ahs---- C:\WINDOWS\system32\kkwcqwhy.ini
2007-11-06 05:50 564,885 --ahs---- C:\WINDOWS\system32\bffokjpk.ini
2007-11-05 22:27 563,769 ---hs---- C:\WINDOWS\system32\rjfuqlmw.ini
2007-11-05 20:43 <DIR> d-------- C:\Program Files\DAP
2007-11-05 20:38 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-11-05 19:32 573,087 --ahs---- C:\WINDOWS\system32\evpdnlvr.ini
2007-11-05 19:01 573,027 ---hs---- C:\WINDOWS\system32\wqarmvgk.ini
2007-11-05 19:01 85,568 --a------ C:\WINDOWS\system32\kgvmraqw.dll
2007-11-05 07:55 <DIR> d-------- C:\Downloads
2007-11-05 07:44 <DIR> d-------- C:\Documents and Settings\INTEL PENTIUM\Application Data\.ABC
2007-11-04 02:53 577,154 ---hs---- C:\WINDOWS\system32\spatjwnj.ini
2007-11-04 02:53 87,616 --a------ C:\WINDOWS\system32\jnwjtaps.dll
2007-11-04 02:42 <DIR> d-------- C:\Program Files\acoustic
2007-11-04 02:06 <DIR> d-------- C:\Program Files\FAR
2007-11-03 22:31 577,085 --ahs---- C:\WINDOWS\system32\mpsbmuhi.ini
2007-11-03 15:52 576,965 --ahs---- C:\WINDOWS\system32\eabiouup.ini
2007-11-03 14:24 576,845 ---hs---- C:\WINDOWS\system32\rvwafiwi.ini
2007-11-03 01:35 <DIR> d-------- C:\Program Files\Macromedia
2007-11-03 01:35 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2007-11-03 00:09 577,145 ---hs---- C:\WINDOWS\system32\ovnjhnmq.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 10:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-03 10:15 --------- d-----w C:\Program Files\BitComet
2007-12-03 09:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-03 07:02 --------- d-----w C:\Program Files\Opera
2007-12-02 17:52 --------- d-----w C:\Program Files\Java
2007-12-01 13:33 --------- d-----w C:\Program Files\Trend Micro
2007-11-30 06:20 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-24 05:56 --------- d-----w C:\Program Files\Ahead
2007-11-24 05:29 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-21 08:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 10:24 --------- d-----w C:\Program Files\QuickTime
2007-11-07 10:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-05 02:20 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\.ABC
2007-11-02 16:11 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\MyPhoneExplorer
2007-11-02 16:06 --------- d-----w C:\Program Files\MyPhoneExplorer
2007-10-30 14:25 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 14:25 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 14:25 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 14:25 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 14:25 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 14:25 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-30 14:25 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 14:25 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 14:25 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 13:54 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 13:54 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-29 17:16 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-29 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-29 16:33 --------- d-----w C:\Program Files\Yahoo!
2007-10-29 04:02 --------- d-----w C:\Program Files\Your Uninstaller 2006
2007-10-29 03:45 --------- d-----w C:\Program Files\Winamp
2007-10-26 13:21 76,864 ----a-w C:\WINDOWS\system32\qoaecxxo.dll
2007-10-26 07:07 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Pegasys Inc
2007-10-26 06:48 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-10-26 04:54 76,864 ----a-w C:\WINDOWS\system32\jhjfrgtl.dll
2007-10-25 11:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-10-24 19:12 53,248 ----a-w C:\WINDOWS\system32\GenSvcInst.exe
2007-10-24 19:12 33,408 ----a-w C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2007-10-24 19:12 118,784 ----a-w C:\WINDOWS\system32\bgsvcgen.exe
2007-10-24 18:56 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2007-10-24 18:54 --------- d-----w C:\Program Files\MAGIX
2007-10-24 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2007-10-24 18:05 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Snapfish
2007-10-24 17:24 98,304 ----a-w C:\WINDOWS\system32\SoftAheadCert.dll
2007-10-24 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-24 04:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2007-10-22 20:15 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2007-10-22 09:10 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Free Upload Manager
2007-10-22 05:37 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\DMCache
2007-10-20 05:50 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-20 05:50 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-20 05:50 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-20 05:50 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-20 05:50 --------- d-----w C:\Program Files\Symantec
2007-10-19 10:32 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\AdobeUM
2007-10-19 10:30 --------- d-----w C:\Program Files\SEMC
2007-10-19 07:24 --------- d-----w C:\Program Files\DIFX
2007-10-19 07:24 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\PC Suite
2007-10-19 07:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-10-19 06:22 --------- d-----w C:\Program Files\CCleaner
2007-10-19 05:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-18 18:23 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\iolo
2007-10-18 08:20 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\vlc
2007-10-18 08:17 --------- d-----w C:\Program Files\VideoLAN
2007-10-17 16:36 --------- d-----w C:\Program Files\Common Files\Nero
2007-10-17 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-10-17 03:03 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\URSoft
2007-10-17 02:55 --------- d-----w C:\Program Files\Innovative Solutions
2007-10-17 02:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2007-10-17 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-17 00:41 --------- d-----w C:\Program Files\Tavultesoft
2007-10-17 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tavultesoft
2007-10-17 00:39 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\BSplayer PRO
2007-10-14 14:41 --------- d-----w C:\Program Files\PowerISO
2007-10-14 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-14 13:01 --------- d-----w C:\Program Files\Common Files\DirectX
2007-10-14 11:26 45,056 ----a-w C:\WINDOWS\system32\sstunst2.exe
2007-10-14 11:25 45,056 ----a-w C:\WINDOWS\system32\sstunst3.exe
2007-10-13 20:28 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\CyberLink
2007-10-13 20:27 --------- d-----w C:\Program Files\CyberLink
2007-10-13 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-13 20:10 --------- d-----w C:\Program Files\Webteh
2007-10-13 19:19 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Teleca
2007-10-13 18:20 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Apple Computer
2007-10-13 16:50 97,056 ----a-w C:\WINDOWS\system32\drivers\W700mdm.sys
2007-10-13 16:50 9,264 ----a-w C:\WINDOWS\system32\drivers\W700mdfl.sys
2007-10-13 16:50 88,560 ----a-w C:\WINDOWS\system32\drivers\W700mgmt.sys
2007-10-13 16:50 86,368 ----a-w C:\WINDOWS\system32\drivers\W700obex.sys
2007-10-13 16:50 61,536 ----a-w C:\WINDOWS\system32\drivers\W700bus.sys
2007-10-13 16:50 6,208 ----a-w C:\WINDOWS\system32\drivers\W700cmnt.sys
2007-10-13 16:50 6,208 ----a-w C:\WINDOWS\system32\drivers\W700cm.sys
2007-10-13 16:50 5,840 ----a-w C:\WINDOWS\system32\drivers\W700whnt.sys
2007-10-13 16:50 5,840 ----a-w C:\WINDOWS\system32\drivers\W700wh.sys
2007-10-13 14:14 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-13 14:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-13 14:02 --------- d-----w C:\Program Files\C-Media 3D Audio
2007-10-13 13:56 --------- d-----w C:\Program Files\Intel
2007-10-13 13:42 --------- d-----w C:\Program Files\microsoft frontpage
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2007-12-01_19.19.44.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-09-28 13:59:28 45,161 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-24 17:00:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2004-09-28 13:59:34 45,163 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 17:00:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 18:01:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:30]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 03:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2007-10-26 10:35 77824]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\W700bus.sys
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\W700mdfl.sys
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\W700mdm.sys
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\W700mgmt.sys
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\W700obex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 15:30:35 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - INTEL PENTIUM.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 16:14:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-03 16:15:38
C:\ComboFix2.txt ... 2007-12-03 11:35
C:\ComboFix3.txt ... 2007-12-01 19:20
.
--- E O F ---


jacq


Report Offensive Follow Up For Removal

Response Number 7
Name: ipexz
Date: December 3, 2007 at 05:01:42 Pacific
Subject: WINAntiVirusPro driveCleaner popup
Reply: (edit)
Also jabuck jre-6u3-windows-i586-p Java latest version installed....

Awaiting ur kind reply...


jacq


Report Offensive Follow Up For Removal

Response Number 8
Name: ipexz
Date: December 3, 2007 at 05:12:13 Pacific
Subject: WINAntiVirusPro driveCleaner popup
Reply: (edit)
ComboFix 07-11-19.4C - INTEL PENTIUM 2007-12-03 16:37:32.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.489 [GMT 5.5:30]
Running from: C:\Documents and Settings\INTEL PENTIUM\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\INTEL PENTIUM\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-03 15:49 <DIR> d-------- C:\Program Files\uTorrent
2007-12-03 15:49 <DIR> d-------- C:\Documents and Settings\INTEL PENTIUM\Application Data\uTorrent
2007-12-03 13:18 <DIR> d-------- C:\Program Files\Coolwallpaper
2007-12-03 13:18 204,800 --a------ C:\WINDOWS\JpegEx.dll
2007-12-03 13:18 24,576 --a------ C:\WINDOWS\CWSUninstall.exe
2007-12-02 23:22 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-02 23:21 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-01 03:40 84,045 --a------ C:\WINDOWS\system32\cgfdkhvl.dll
2007-12-01 02:38 82,665 --a------ C:\WINDOWS\system32\xjfhgdif.dll
2007-12-01 01:08 84,045 --a------ C:\WINDOWS\system32\yfrvdfke.dll
2007-12-01 00:47 79,905 --a------ C:\WINDOWS\system32\rapvnult.dll
2007-11-30 20:36 84,045 --a------ C:\WINDOWS\system32\uqhqvqxe.dll
2007-11-30 20:29 84,045 --a------ C:\WINDOWS\system32\gfnmdevd.dll
2007-11-30 20:22 82,665 --a------ C:\WINDOWS\system32\aewpaoth.dll
2007-11-30 19:08 84,045 --a------ C:\WINDOWS\system32\iaydiroa.dll
2007-11-30 17:18 84,045 --a------ C:\WINDOWS\system32\qseplqkl.dll
2007-11-30 17:03 79,905 --a------ C:\WINDOWS\system32\wvbtcsjn.dll
2007-11-25 19:48 <DIR> d-------- C:\Program Files\Extension Changer
2007-11-25 19:35 <DIR> d-------- C:\Program Files\mp3DirectCut
2007-11-25 18:30 <DIR> d-------- C:\Program Files\directx
2007-11-24 11:33 <DIR> d-------- C:\Documents and Settings\INTEL PENTIUM\Application Data\Ahead
2007-11-24 11:26 2,977,792 --------- C:\WINDOWS\UNNMP.exe
2007-11-24 11:20 2,973,696 --------- C:\WINDOWS\UNNeroVision.exe
2007-11-24 11:19 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-11-24 11:19 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-11-24 11:03 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-11-24 10:59 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-11-24 10:59 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-11-24 10:59 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-11-24 10:59 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-11-24 10:59 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-11-23 14:40 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-11-23 14:40 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-11-23 14:04 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-11-23 14:04 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2007-11-23 14:04 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-11-23 14:04 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-11-23 14:04 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-11-23 14:03 <DIR> d-------- C:\Program Files\Cucusoft
2007-11-23 13:37 <DIR> d-------- C:\Program Files\Replay Converter
2007-11-23 10:06 <DIR> d-------- C:\Program Files\SlySoft
2007-11-21 07:28 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-20 16:46 <DIR> d-------- C:\Program Files\BFG
2007-11-20 16:46 <DIR> d-------- C:\Program Files\Backspin Billiards
2007-11-20 16:46 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-11-20 06:47 <DIR> d-------- C:\Sogam-Tharum-Sugam
2007-11-18 06:01 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2007-11-18 06:01 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-11-18 06:00 <DIR> d-------- C:\Program Files\Color7 Video Studio
2007-11-18 05:57 <DIR> d-------- C:\Program Files\Free Image Editor
2007-11-14 18:54 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-12 12:21 <DIR> d-------- C:\Program Files\CloneDVD
2007-11-07 18:17 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-11-07 15:33 <DIR> d-------- C:\Program Files\Disc2Phone
2007-11-07 08:40 <DIR> d-------- C:\Program Files\Real
2007-11-07 08:40 <DIR> d-------- C:\Program Files\Common Files\Real
2007-11-07 06:32 571,044 --ahs---- C:\WINDOWS\system32\bwkcgjhw.ini
2007-11-07 06:32 87,104 --a------ C:\WINDOWS\system32\whjgckwb.dll
2007-11-06 18:39 567,417 --ahs---- C:\WINDOWS\system32\adclhejm.ini
2007-11-06 16:01 564,996 --ahs---- C:\WINDOWS\system32\kkwcqwhy.ini
2007-11-06 05:50 564,885 --ahs---- C:\WINDOWS\system32\bffokjpk.ini
2007-11-05 22:27 563,769 ---hs---- C:\WINDOWS\system32\rjfuqlmw.ini
2007-11-05 20:43 <DIR> d-------- C:\Program Files\DAP
2007-11-05 20:38 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-11-05 19:32 573,087 --ahs---- C:\WINDOWS\system32\evpdnlvr.ini
2007-11-05 19:01 573,027 ---hs---- C:\WINDOWS\system32\wqarmvgk.ini
2007-11-05 19:01 85,568 --a------ C:\WINDOWS\system32\kgvmraqw.dll
2007-11-05 07:55 <DIR> d-------- C:\Downloads
2007-11-05 07:44 <DIR> d-------- C:\Documents and Settings\INTEL PENTIUM\Application Data\.ABC
2007-11-04 02:53 577,154 ---hs---- C:\WINDOWS\system32\spatjwnj.ini
2007-11-04 02:53 87,616 --a------ C:\WINDOWS\system32\jnwjtaps.dll
2007-11-04 02:42 <DIR> d-------- C:\Program Files\acoustic
2007-11-04 02:06 <DIR> d-------- C:\Program Files\FAR
2007-11-03 22:31 577,085 --ahs---- C:\WINDOWS\system32\mpsbmuhi.ini
2007-11-03 15:52 576,965 --ahs---- C:\WINDOWS\system32\eabiouup.ini
2007-11-03 14:24 576,845 ---hs---- C:\WINDOWS\system32\rvwafiwi.ini
2007-11-03 01:35 <DIR> d-------- C:\Program Files\Macromedia
2007-11-03 01:35 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2007-11-03 00:09 577,145 ---hs---- C:\WINDOWS\system32\ovnjhnmq.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 10:48 --------- d-----w C:\Program Files\BitComet
2007-12-03 10:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-03 09:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-03 07:02 --------- d-----w C:\Program Files\Opera
2007-12-02 17:52 --------- d-----w C:\Program Files\Java
2007-12-01 13:33 --------- d-----w C:\Program Files\Trend Micro
2007-11-30 06:20 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-24 05:56 --------- d-----w C:\Program Files\Ahead
2007-11-24 05:29 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-21 08:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 10:24 --------- d-----w C:\Program Files\QuickTime
2007-11-07 10:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-05 02:20 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\.ABC
2007-11-02 16:11 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\MyPhoneExplorer
2007-11-02 16:06 --------- d-----w C:\Program Files\MyPhoneExplorer
2007-10-30 14:25 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 14:25 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 14:25 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 14:25 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 14:25 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 14:25 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-30 14:25 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 14:25 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 14:25 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 13:54 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 13:54 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-29 17:16 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-29 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-29 16:33 --------- d-----w C:\Program Files\Yahoo!
2007-10-29 04:02 --------- d-----w C:\Program Files\Your Uninstaller 2006
2007-10-29 03:45 --------- d-----w C:\Program Files\Winamp
2007-10-26 13:21 76,864 ----a-w C:\WINDOWS\system32\qoaecxxo.dll
2007-10-26 07:07 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Pegasys Inc
2007-10-26 06:48 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-10-26 04:54 76,864 ----a-w C:\WINDOWS\system32\jhjfrgtl.dll
2007-10-25 11:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-10-24 19:12 53,248 ----a-w C:\WINDOWS\system32\GenSvcInst.exe
2007-10-24 19:12 33,408 ----a-w C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2007-10-24 19:12 118,784 ----a-w C:\WINDOWS\system32\bgsvcgen.exe
2007-10-24 18:56 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2007-10-24 18:54 --------- d-----w C:\Program Files\MAGIX
2007-10-24 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2007-10-24 18:05 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Snapfish
2007-10-24 17:24 98,304 ----a-w C:\WINDOWS\system32\SoftAheadCert.dll
2007-10-24 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-24 04:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2007-10-22 20:15 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2007-10-22 09:10 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Free Upload Manager
2007-10-22 05:37 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\DMCache
2007-10-20 05:50 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-20 05:50 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-20 05:50 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-20 05:50 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-20 05:50 --------- d-----w C:\Program Files\Symantec
2007-10-19 10:32 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\AdobeUM
2007-10-19 10:30 --------- d-----w C:\Program Files\SEMC
2007-10-19 07:24 --------- d-----w C:\Program Files\DIFX
2007-10-19 07:24 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\PC Suite
2007-10-19 07:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-10-19 06:22 --------- d-----w C:\Program Files\CCleaner
2007-10-19 05:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-18 18:23 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\iolo
2007-10-18 08:20 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\vlc
2007-10-18 08:17 --------- d-----w C:\Program Files\VideoLAN
2007-10-17 16:36 --------- d-----w C:\Program Files\Common Files\Nero
2007-10-17 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-10-17 03:03 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\URSoft
2007-10-17 02:55 --------- d-----w C:\Program Files\Innovative Solutions
2007-10-17 02:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2007-10-17 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-17 00:41 --------- d-----w C:\Program Files\Tavultesoft
2007-10-17 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tavultesoft
2007-10-17 00:39 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\BSplayer PRO
2007-10-14 14:41 --------- d-----w C:\Program Files\PowerISO
2007-10-14 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-14 13:01 --------- d-----w C:\Program Files\Common Files\DirectX
2007-10-14 11:26 45,056 ----a-w C:\WINDOWS\system32\sstunst2.exe
2007-10-14 11:25 45,056 ----a-w C:\WINDOWS\system32\sstunst3.exe
2007-10-13 20:28 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\CyberLink
2007-10-13 20:27 --------- d-----w C:\Program Files\CyberLink
2007-10-13 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-13 20:10 --------- d-----w C:\Program Files\Webteh
2007-10-13 19:19 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Teleca
2007-10-13 18:20 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Apple Computer
2007-10-13 16:50 97,056 ----a-w C:\WINDOWS\system32\drivers\W700mdm.sys
2007-10-13 16:50 9,264 ----a-w C:\WINDOWS\system32\drivers\W700mdfl.sys
2007-10-13 16:50 88,560 ----a-w C:\WINDOWS\system32\drivers\W700mgmt.sys
2007-10-13 16:50 86,368 ----a-w C:\WINDOWS\system32\drivers\W700obex.sys
2007-10-13 16:50 61,536 ----a-w C:\WINDOWS\system32\drivers\W700bus.sys
2007-10-13 16:50 6,208 ----a-w C:\WINDOWS\system32\drivers\W700cmnt.sys
2007-10-13 16:50 6,208 ----a-w C:\WINDOWS\system32\drivers\W700cm.sys
2007-10-13 16:50 5,840 ----a-w C:\WINDOWS\system32\drivers\W700whnt.sys
2007-10-13 16:50 5,840 ----a-w C:\WINDOWS\system32\drivers\W700wh.sys
2007-10-13 14:14 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-13 14:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-13 14:02 --------- d-----w C:\Program Files\C-Media 3D Audio
2007-10-13 13:56 --------- d-----w C:\Program Files\Intel
2007-10-13 13:42 --------- d-----w C:\Program Files\microsoft frontpage
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2007-12-01_19.19.44.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-09-28 13:59:28 45,161 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-24 17:00:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2004-09-28 13:59:34 45,163 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 17:00:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 18:01:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:30]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 03:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2007-10-26 10:35 77824]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\W700bus.sys
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\W700mdfl.sys
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\W700mdm.sys
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\W700mgmt.sys
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\W700obex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 15:30:35 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - INTEL PENTIUM.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 16:40:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-03 16:41:00
C:\ComboFix2.txt ... 2007-12-03 16:15
C:\ComboFix3.txt ... 2007-12-03 11:35
.
--- E O F ---


jacq


Report Offensive Follow Up For Removal

Response Number 9
Name: ipexz
Date: December 4, 2007 at 19:51:42 Pacific
Subject: WINAntiVirusPro driveCleaner popup
Reply: (edit)
Hi ...

Awaiting reply..

jacq


Report Offensive Follow Up For Removal

Response Number 10
Name: jabuck
Date: December 6, 2007 at 05:45:46 Pacific
Subject: WINAntiVirusPro driveCleaner popup
Reply: (edit)
Sorry for the delay.

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\cgfdkhvl.dll
C:\WINDOWS\system32\xjfhgdif.dll
C:\WINDOWS\system32\yfrvdfke.dll
C:\WINDOWS\system32\rapvnult.dll
C:\WINDOWS\system32\uqhqvqxe.dll
C:\WINDOWS\system32\gfnmdevd.dll
C:\WINDOWS\system32\aewpaoth.dll
C:\WINDOWS\system32\iaydiroa.dll
C:\WINDOWS\system32\qseplqkl.dll
C:\WINDOWS\system32\wvbtcsjn.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\bwkcgjhw.ini
C:\WINDOWS\system32\whjgckwb.dll
C:\WINDOWS\system32\adclhejm.ini
C:\WINDOWS\system32\kkwcqwhy.ini
C:\WINDOWS\system32\bffokjpk.ini
C:\WINDOWS\system32\rjfuqlmw.ini
C:\WINDOWS\system32\evpdnlvr.ini
C:\WINDOWS\system32\wqarmvgk.ini
C:\WINDOWS\system32\kgvmraqw.dll
C:\WINDOWS\system32\spatjwnj.ini
C:\WINDOWS\system32\jnwjtaps.dll
C:\WINDOWS\system32\mpsbmuhi.ini
C:\WINDOWS\system32\eabiouup.ini
C:\WINDOWS\system32\rvwafiwi.ini
C:\WINDOWS\system32\ovnjhnmq.ini
C:\WINDOWS\system32\qoaecxxo.dll
C:\WINDOWS\system32\jhjfrgtl.dll

Folder::
C:\Program Files\DAP

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Post a new Combofix log please.

Run Hijack this, close all windows and browsers except Hijack This, place a check to the left of the following folder and press "fix checked":

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm


Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Go to this link, VirusTotal copy the following files one at the time into the "upload and scan box", click submit then post the results.

C:\WINDOWS\system32\sstunst2.exe

C:\WINDOWS\system32\sstunst3.exe

Post a new hijack this log please.


Report Offensive Follow Up For Removal

Response Number 11
Name: ipexz
Date: December 6, 2007 at 13:20:37 Pacific
Subject: WINAntiVirusPro driveCleaner popup
Reply: (edit)
No issue for delay Jabuck ..

Here Combofix log :
ComboFix 07-11-19.4C - INTEL PENTIUM 2007-12-06 23:59:22.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.441 [GMT 5.5:30]
Running from: C:\Documents and Settings\INTEL PENTIUM\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\INTEL PENTIUM\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\adclhejm.ini
C:\WINDOWS\system32\aewpaoth.dll
C:\WINDOWS\system32\bffokjpk.ini
C:\WINDOWS\system32\bwkcgjhw.ini
C:\WINDOWS\system32\cgfdkhvl.dll
C:\WINDOWS\system32\eabiouup.ini
C:\WINDOWS\system32\evpdnlvr.ini
C:\WINDOWS\system32\gfnmdevd.dll
C:\WINDOWS\system32\iaydiroa.dll
C:\WINDOWS\system32\jhjfrgtl.dll
C:\WINDOWS\system32\jnwjtaps.dll
C:\WINDOWS\system32\kgvmraqw.dll
C:\WINDOWS\system32\kkwcqwhy.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mpsbmuhi.ini
C:\WINDOWS\system32\ovnjhnmq.ini
C:\WINDOWS\system32\qoaecxxo.dll
C:\WINDOWS\system32\qseplqkl.dll
C:\WINDOWS\system32\rapvnult.dll
C:\WINDOWS\system32\rjfuqlmw.ini
C:\WINDOWS\system32\rvwafiwi.ini
C:\WINDOWS\system32\spatjwnj.ini
C:\WINDOWS\system32\uqhqvqxe.dll
C:\WINDOWS\system32\whjgckwb.dll
C:\WINDOWS\system32\wqarmvgk.ini
C:\WINDOWS\system32\wvbtcsjn.dll
C:\WINDOWS\system32\xjfhgdif.dll
C:\WINDOWS\system32\yfrvdfke.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\DAP
C:\Program Files\DAP\cabex.dll
C:\Program Files\DAP\Cancel.gif
C:\Program Files\DAP\comtest.gif
C:\Program Files\DAP\DAP.exe
C:\Program Files\DAP\DAPBHO.dll
C:\Program Files\DAP\dapextie.htm
C:\Program Files\DAP\dapextie2.htm
C:\Program Files\DAP\DAPFireFox\chrome.manifest
C:\Program Files\DAP\DAPFireFox\chrome\dapff.jar
C:\Program Files\DAP\DAPFireFox\components\.autoreg
C:\Program Files\DAP\DAPFireFox\components\DAPFireFox.dll
C:\Program Files\DAP\DAPFireFox\components\dapservice.js
C:\Program Files\DAP\DAPFireFox\components\IDAPComponent.xpt
C:\Program Files\DAP\DAPFireFox\install.rdf
C:\Program Files\DAP\DAPFireFox\install.xpi
C:\Program Files\DAP\dapie.dll
C:\Program Files\DAP\DAPIEBar.dll
C:\Program Files\DAP\DAPIEEngine.dll
C:\Program Files\DAP\dapm_Context_search.dll
C:\Program Files\DAP\dapm_ftp.dll
C:\Program Files\DAP\dapmm.dll
C:\Program Files\DAP\dapns.dll
C:\Program Files\DAP\dapop.dll
C:\Program Files\DAP\DapRemove.exe
C:\Program Files\DAP\dapres.dll
C:\Program Files\DAP\dapres32.dll
C:\Program Files\DAP\dapupd.exe
C:\Program Files\DAP\dapxrpt.exe
C:\Program Files\DAP\dapxrpt.ini
C:\Program Files\DAP\dbghelp.dll
C:\Program Files\DAP\delete_animation.gif
C:\Program Files\DAP\dexthlp.dll
C:\Program Files\DAP\History\INTEL PENTIUM\_lasthist.dat
C:\Program Files\DAP\Icons\dapgames.ico
C:\Program Files\DAP\INSTALL.LOG
C:\Program Files\DAP\license.txt
C:\Program Files\DAP\Locales\DAPCHS.lng
C:\Program Files\DAP\Locales\DAPCHT.lng
C:\Program Files\DAP\Locales\DAPDEU.lng
C:\Program Files\DAP\Locales\DAPENU.lng
C:\Program Files\DAP\Locales\DAPESP.lng
C:\Program Files\DAP\Locales\DAPFRA.lng
C:\Program Files\DAP\Locales\DAPITA.lng
C:\Program Files\DAP\Locales\DAPJPN.lng
C:\Program Files\DAP\Locales\DAPM_FTPCHT.lng
C:\Program Files\DAP\Locales\DAPM_FTPDEU.lng
C:\Program Files\DAP\Locales\DAPM_FTPENU.lng
C:\Program Files\DAP\Locales\DAPM_FTPESP.lng
C:\Program Files\DAP\Locales\DAPM_FTPFRA.lng
C:\Program Files\DAP\Locales\DAPM_FTPITA.lng
C:\Program Files\DAP\Locales\DAPM_FTPJPN.lng
C:\Program Files\DAP\Locales\DAPM_FTPNLD.lng
C:\Program Files\DAP\Locales\DAPM_FTPPTB.lng
C:\Program Files\DAP\Locales\DAPM_FTPRUS.lng
C:\Program Files\DAP\Locales\DAPNLD.lng
C:\Program Files\DAP\Locales\DAPPOL.lng
C:\Program Files\DAP\Locales\DAPPTB.lng
C:\Program Files\DAP\Locales\DAPRUS.lng
C:\Program Files\DAP\Log\DAP_REPORT.LOG
C:\Program Files\DAP\MCFiles\error.bmp
C:\Program Files\DAP\MCFiles\info.bmp
C:\Program Files\DAP\MCFiles\warning.bmp
C:\Program Files\DAP\MCMgr.dll
C:\Program Files\DAP\mfc42.dll
C:\Program Files\DAP\msvcrt.dll
C:\Program Files\DAP\OK.gif
C:\Program Files\DAP\Privacy Package\CleanerIEMenu.dll
C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
C:\Program Files\DAP\Privacy Package\DAPCtxMenuShell.dll
C:\Program Files\DAP\Privacy Package\DAPPrivacyPackage.exe
C:\Program Files\DAP\Privacy Package\DAPShred.exe
C:\Program Files\DAP\Privacy Package\DAPTraceCleaner.exe
C:\Program Files\DAP\Privacy Package\shred_animation4.gif
C:\Program Files\DAP\Privacy Package\trace_ani.gif
C:\Program Files\DAP\privacy.txt
C:\Program Files\DAP\progbar.gif
C:\Program Files\DAP\RestartApp.exe
C:\Program Files\DAP\screen.dat
C:\Program Files\DAP\Skins\dap\arrows.bmp
C:\Program Files\DAP\Skins\dap\bms.bmp
C:\Program Files\DAP\Skins\dap\bmstool.bmp
C:\Program Files\DAP\Skins\dap\C-Close.bmp
C:\Program Files\DAP\Skins\dap\C-end.bmp
C:\Program Files\DAP\Skins\dap\C-Max.bmp
C:\Program Files\DAP\Skins\dap\C-Min.bmp
C:\Program Files\DAP\Skins\dap\C-Restore.bmp
C:\Program Files\DAP\Skins\dap\checkbox.bmp
C:\Program Files\DAP\Skins\dap\ComboButton.bmp
C:\Program Files\DAP\Skins\dap\combobuttonextra.bmp
C:\Program Files\DAP\Skins\dap\DAP.uis
C:\Program Files\DAP\Skins\dap\Dialog.bmp
C:\Program Files\DAP\Skins\dap\Explorer.bmp
C:\Program Files\DAP\Skins\dap\F-Bottom.bmp
C:\Program Files\DAP\Skins\dap\F-Left.bmp
C:\Program Files\DAP\Skins\dap\F-Right.bmp
C:\Program Files\DAP\Skins\dap\F-Top.bmp
C:\Program Files\DAP\Skins\dap\grip.bmp
C:\Program Files\DAP\Skins\dap\GroupBox.bmp
C:\Program Files\DAP\Skins\dap\GroupBoxTitle.bmp
C:\Program Files\DAP\Skins\dap\Header.bmp
C:\Program Files\DAP\Skins\dap\hscroll.bmp
C:\Program Files\DAP\Skins\dap\hscroll2.bmp
C:\Program Files\DAP\Skins\dap\mdi-button.bmp
C:\Program Files\DAP\Skins\dap\Mdi.bmp
C:\Program Files\DAP\Skins\dap\Menu-Border.bmp
C:\Program Files\DAP\Skins\dap\MenuBar.bmp
C:\Program Files\DAP\Skins\dap\menuborder.bmp
C:\Program Files\DAP\Skins\dap\menutool.bmp
C:\Program Files\DAP\Skins\dap\ProgressBar.bmp
C:\Program Files\DAP\Skins\dap\radiobutton.bmp
C:\Program Files\DAP\Skins\dap\shade.bmp
C:\Program Files\DAP\Skins\dap\Status.bmp
C:\Program Files\DAP\Skins\dap\SunkenEdge.bmp
C:\Program Files\DAP\Skins\dap\tabborders.bmp
C:\Program Files\DAP\Skins\dap\tabs.bmp
C:\Program Files\DAP\Skins\dap\vscroll.bmp
C:\Program Files\DAP\Skins\dap\vscroll2.bmp
C:\Program Files\DAP\Skins\skins.url
C:\Program Files\DAP\Temp\ADS1.tmp
C:\Program Files\DAP\Temp\ADS2AC.tmp.dap
C:\Program Files\DAP\Temp\ADS47D.tmp.dap
C:\Program Files\DAP\UNWISE.EXE
C:\Program Files\DAP\Updates\Condition.dll
C:\Program Files\DAP\Updates\favicon.ico
C:\Program Files\DAP\Updates\SPO3.ico
C:\Program Files\DAP\Updates\UpdateList.xml
C:\Program Files\DAP\Updates\va_16_256.ico
C:\Program Files\DAP\v_html.gif
C:\Program Files\DAP\v_i.gif
C:\Program Files\DAP\v_logo.gif
C:\Program Files\DAP\v_noconn.gif
C:\Program Files\DAP\v_notf.gif
C:\Program Files\DAP\v_ok.gif
C:\Program Files\DAP\v_pass.gif
C:\Program Files\DAP\v_unk.gif
C:\Program Files\DAP\v_working.gif
C:\Program Files\DAP\website.url
C:\Program Files\DAP\zlib.dll
C:\WINDOWS\system32\adclhejm.ini
C:\WINDOWS\system32\aewpaoth.dll
C:\WINDOWS\system32\bffokjpk.ini
C:\WINDOWS\system32\bwkcgjhw.ini
C:\WINDOWS\system32\cgfdkhvl.dll
C:\WINDOWS\system32\eabiouup.ini
C:\WINDOWS\system32\evpdnlvr.ini
C:\WINDOWS\system32\gfnmdevd.dll
C:\WINDOWS\system32\iaydiroa.dll
C:\WINDOWS\system32\jhjfrgtl.dll
C:\WINDOWS\system32\jnwjtaps.dll
C:\WINDOWS\system32\kgvmraqw.dll
C:\WINDOWS\system32\kkwcqwhy.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mpsbmuhi.ini
C:\WINDOWS\system32\ovnjhnmq.ini
C:\WINDOWS\system32\qoaecxxo.dll
C:\WINDOWS\system32\qseplqkl.dll
C:\WINDOWS\system32\rapvnult.dll
C:\WINDOWS\system32\rjfuqlmw.ini
C:\WINDOWS\system32\rvwafiwi.ini
C:\WINDOWS\system32\spatjwnj.ini
C:\WINDOWS\system32\uqhqvqxe.dll
C:\WINDOWS\system32\whjgckwb.dll
C:\WINDOWS\system32\wqarmvgk.ini
C:\WINDOWS\system32\wvbtcsjn.dll
C:\WINDOWS\system32\xjfhgdif.dll
C:\WINDOWS\system32\yfrvdfke.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-06 19:01 <DIR> d-------- C:\Program Files\Tata
2007-12-06 19:01 614,272 --a------ C:\WINDOWS\system32\drivers\CnxEtU.sys
2007-12-06 19:01 131,072 --a------ C:\WINDOWS\system32\drivers\CnxEtP.sys
2007-12-05 10:39 <DIR> d-------- C:\Program Files\Secunia
2007-12-05 09:43 <DIR> d--h----- C:\Documents and Settings\INTEL PENTIUM\Application Data\yahoo!
2007-12-05 07:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-04 23:36 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-04 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-03 15:49 <DIR> d-------- C:\Program Files\uTorrent
2007-12-03 13:18 <DIR> d-------- C:\Program Files\Coolwallpaper
2007-12-03 13:18 204,800 --a------ C:\WINDOWS\JpegEx.dll
2007-12-03 13:18 24,576 --a------ C:\WINDOWS\CWSUninstall.exe
2007-12-02 23:22 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-02 23:21 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-25 19:48 <DIR> d-------- C:\Program Files\Extension Changer
2007-11-25 19:35 <DIR> d-------- C:\Program Files\mp3DirectCut
2007-11-25 18:30 <DIR> d-------- C:\Program Files\directx
2007-11-24 11:33 <DIR> d-------- C:\Documents and Settings\INTEL PENTIUM\Application Data\Ahead
2007-11-24 11:26 2,977,792 --------- C:\WINDOWS\UNNMP.exe
2007-11-24 11:20 2,973,696 --------- C:\WINDOWS\UNNeroVision.exe
2007-11-24 11:03 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-11-24 10:59 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-11-24 10:59 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-11-24 10:59 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-11-24 10:59 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-11-23 14:40 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-11-23 14:40 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-11-23 14:04 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-11-23 14:04 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2007-11-23 14:04 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-11-23 14:04 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-11-23 14:03 <DIR> d-------- C:\Program Files\Cucusoft
2007-11-23 13:37 <DIR> d-------- C:\Program Files\Replay Converter
2007-11-23 10:06 <DIR> d-------- C:\Program Files\SlySoft
2007-11-20 16:46 <DIR> d-------- C:\Program Files\BFG
2007-11-20 16:46 <DIR> d-------- C:\Program Files\Backspin Billiards
2007-11-20 16:46 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-11-20 06:47 <DIR> d-------- C:\Sogam-Tharum-Sugam
2007-11-18 06:01 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2007-11-18 06:01 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-11-18 06:00 <DIR> d-------- C:\Program Files\Color7 Video Studio
2007-11-18 05:57 <DIR> d-------- C:\Program Files\Free Image Editor
2007-11-14 18:54 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-07 18:17 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-11-07 08:40 <DIR> d-------- C:\Program Files\Real
2007-11-07 08:40 <DIR> d-------- C:\Program Files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 18:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-06 10:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-05 18:30 --------- d-----w C:\Program Files\Opera
2007-12-05 11:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-05 07:51 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-05 05:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-05 05:17 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 05:17 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 05:17 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 05:17 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-05 05:17 --------- d-----w C:\Program Files\Symantec
2007-12-04 18:28 --------- d-----w C:\Program Files\Yahoo!
2007-12-04 18:08 --------- d-----w C:\Program Files\QuickTime
2007-12-04 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-03 11:46 --------- d-----w C:\Program Files\BitComet
2007-12-03 09:22 --------- d-----w C:\Program Files\acoustic
2007-12-02 17:52 --------- d-----w C:\Program Files\Java
2007-12-01 13:33 --------- d-----w C:\Program Files\Trend Micro
2007-11-30 18:27 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 18:27 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 18:27 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 18:27 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 18:27 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 18:27 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 18:27 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 18:27 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 18:27 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-30 06:20 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-24 05:56 --------- d-----w C:\Program Files\Ahead
2007-11-24 05:29 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-21 08:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-12 05:00 --------- d-----w C:\Program Files\FAR
2007-11-05 15:08 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-05 02:20 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\.ABC
2007-11-02 20:12 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-11-02 20:09 --------- d-----w C:\Program Files\Macromedia
2007-11-02 16:11 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\MyPhoneExplorer
2007-11-02 16:06 --------- d-----w C:\Program Files\MyPhoneExplorer
2007-10-30 14:25 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 14:25 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 14:25 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 14:25 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 14:25 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 14:25 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-30 14:25 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 14:25 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 14:25 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 13:54 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 13:54 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-29 04:02 --------- d-----w C:\Program Files\Your Uninstaller 2006
2007-10-29 03:45 --------- d-----w C:\Program Files\Winamp
2007-10-26 07:07 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Pegasys Inc
2007-10-26 06:48 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-10-25 11:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-10-24 19:12 53,248 ----a-w C:\WINDOWS\system32\GenSvcInst.exe
2007-10-24 19:12 33,408 ----a-w C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2007-10-24 19:12 118,784 ----a-w C:\WINDOWS\system32\bgsvcgen.exe
2007-10-24 18:56 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2007-10-24 18:54 --------- d-----w C:\Program Files\MAGIX
2007-10-24 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2007-10-24 18:05 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Snapfish
2007-10-24 17:24 98,304 ----a-w C:\WINDOWS\system32\SoftAheadCert.dll
2007-10-24 04:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2007-10-22 20:15 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2007-10-22 09:10 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Free Upload Manager
2007-10-22 05:37 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\DMCache
2007-10-19 10:32 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\AdobeUM
2007-10-19 10:30 --------- d-----w C:\Program Files\SEMC
2007-10-19 07:24 --------- d-----w C:\Program Files\DIFX
2007-10-19 07:24 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\PC Suite
2007-10-19 07:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-10-19 06:22 --------- d-----w C:\Program Files\CCleaner
2007-10-19 05:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-18 18:23 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\iolo
2007-10-18 08:20 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\vlc
2007-10-18 08:17 --------- d-----w C:\Program Files\VideoLAN
2007-10-17 16:36 --------- d-----w C:\Program Files\Common Files\Nero
2007-10-17 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-10-17 03:03 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\URSoft
2007-10-17 02:55 --------- d-----w C:\Program Files\Innovative Solutions
2007-10-17 02:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2007-10-17 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-17 00:41 --------- d-----w C:\Program Files\Tavultesoft
2007-10-17 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tavultesoft
2007-10-17 00:39 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\BSplayer PRO
2007-10-14 14:41 --------- d-----w C:\Program Files\PowerISO
2007-10-14 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-14 13:01 --------- d-----w C:\Program Files\Common Files\DirectX
2007-10-14 11:26 45,056 ----a-w C:\WINDOWS\system32\sstunst2.exe
2007-10-14 11:25 45,056 ----a-w C:\WINDOWS\system32\sstunst3.exe
2007-10-13 20:28 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\CyberLink
2007-10-13 20:27 --------- d-----w C:\Program Files\CyberLink
2007-10-13 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-13 20:10 --------- d-----w C:\Program Files\Webteh
2007-10-13 19:19 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Teleca
2007-10-13 18:20 --------- d-----w C:\Documents and Settings\INTEL PENTIUM\Application Data\Apple Computer
2007-10-13 16:50 97,056 ----a-w C:\WINDOWS\system32\drivers\W700mdm.sys
2007-10-13 16:50 9,264 ----a-w C:\WINDOWS\system32\drivers\W700mdfl.sys
2007-10-13 16:50 88,560 ----a-w C:\WINDOWS\system32\drivers\W700mgmt.sys
2007-10-13 16:50 86,368 ----a-w C:\WINDOWS\system32\drivers\W700obex.sys
.

((((((((((((((((((((((((((((( snapshot@2007-12-01_19.19.44.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-05 05:09:17 65,536 ----a-r C:\WINDOWS\Installer\{0A4DF5B0-983C-4691-9D4A-9FD1D4B2A69F}\ARPPRODUCTICON.exe
+ 2007-12-05 07:52:35 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81000000003}\SC_Reader.exe
+ 2007-12-04 18:06:46 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
+ 2005-05-20 12:13:04 2,805,760 ----a-w C:\WINDOWS\system32\cnxci.dll
+ 2004-06-16 08:21:56 60,416 ----a-w C:\WINDOWS\system32\drivers\CnxTgNP.sys
+ 2007-09-10 02:58:40 7,808 ----a-w C:\WINDOWS\system32\drivers\psi_mf.sys
- 2004-09-28 13:59:28 45,161 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-24 17:00:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2004-09-28 13:59:34 45,163 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 17:00:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 18:01:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2005-08-27 08:38:06 1,398,408 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-11-21 00:52:38 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-11-21 00:52:40 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-12-06 09:02:08 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2006-01-03 23:14:12 20,480 ----a-w C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
+ 2006-07-17 05:22:04 20,480 ----a-w C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
+ 2006-06-05 08:44:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 08:44:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 08:44:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-12-01 17:24:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 17:24:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 17:24:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-14 18:53]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 03:04]
"CnxDslTaskBar"="c:\program files\tata\tata indicom broadband\CnxDslTb.exe" [2004-06-16 13:55]

C:\Documents and Settings\INTEL PENTIUM\Start Menu\Programs\Startup\
Secunia PSI (BETA).lnk - C:\Program Files\Secunia\PSI (BETA)\PSI.exe [2007-09-11 08:55:40]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2007-10-26 10:35 77824]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37bc87c5-a360-11dc-8038-0004ed35d134}]
\Shell\AutoRun\command - F:\ntde1ect.com
\Shell\explore\Command - F:\ntde1ect.com
\Shell\open\Command - F:\ntde1ect.com

.
Contents of the 'Scheduled Tasks' folder
"2007-12-05 04:50:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-30 15:30:35 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - INTEL PENTIUM.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 00:05:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-07 0:07:23 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-03 16:41
C:\ComboFix3.txt ... 2007-12-03 16:15
.
--- E O F ---


Here sstunst2 Log :

File sstunst2.exe received on 09.14.2007 15:27:19 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 1/32 (3.13%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Prevx Database Unreachable
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: eaee33d09099cc5e6e40fff63d977eac


Here sstunst3 Log :

File sstunst3.exe received on 12.06.2007 20:03:22 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 6.
Estimated start time is between 54 and 77 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.12.7.0 2007.12.06 -
AntiVir 7.6.0.34 2007.12.06 -
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.06 -
BitDefender 7.2 2007.12.06 -
CAT-QuickHeal 9.00 2007.12.06 -
ClamAV 0.91.2 2007.12.06 -
DrWeb 4.44.0.09170 2007.12.06 -
eSafe 7.0.15.0 2007.12.06 -
eTrust-Vet 31.3.5356 2007.12.06 -
Ewido 4.0 2007.12.06 -
FileAdvisor 1 2007.12.06 -
Fortinet 3.14.0.0 2007.12.06 -
F-Prot 4.4.2.54 2007.12.05 -
F-Secure 6.70.13030.0 2007.12.06 -
Ikarus T3.1.1.12 2007.12.06 -
Kaspersky 7.0.0.125 2007.12.06 -
McAfee 5179 2007.12.06 -
Microsoft 1.3007 2007.12.06 -
NOD32v2 2707 2007.12.06 -
Norman 5.80.02 2007.12.06 -
Panda 9.0.0.4 2007.12.06 -
Prevx1 V2 2007.12.06 -
Rising 20.21.32.00 2007.12.06 -
Sophos 4.24.0 2007.12.06 -
Sunbelt 2.2.907.0 2007.12.05 -
Symantec 10 2007.12.06 -
TheHacker 6.2.9.151 2007.12.05 -
VBA32 3.12.2.5 2007.12.05 -
VirusBuster 4.3.26:9 2007.12.06 -
Webwasher-Gateway 6.6.2 2007.12.06 -
Additional information
File size: 45056 bytes
MD5: 53f471cc7693f73bbb65f0ed200167fd
SHA1: cc687d7080a51821756d69933a3e8b1885185412
PEiD: Armadillo v1.71


Here New Hijack Log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:39 AM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\program files\tata\tata indicom broadband\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Secunia\PSI (BETA)\PSI.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eyep2p.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "c:\program files\tata\tata indicom broadband\CnxDslTb.exe" "Tata\Tata Indicom Broadband"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Secunia PSI (BETA).lnk = C:\Program Files\Secunia\PSI (BETA)\PSI.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Secunia PSI (BETA).lnk = C:\Program Files\Secunia\PSI (BETA)\PSI.exe (User 'Default user')
O4 - Startup: Secunia PSI (BETA).lnk = C:\Program Files\Secunia\PSI (BETA)\PSI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{32E059DB-CCB7-4AC8-B538-381933EC2BE1}: NameServer = 202.54.29.5 202.54.6.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B041E7E-B9FB-40E8-A3AE-F8AB919B12B8}: NameServer = 202.54.6.60,202.54.29.5
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symant