Hello... I followed all the instructions... except that when running hijackthis in safe mode, i could not find
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e11.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e11.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e11.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
I hope that was good news actually... Hm judging from the long instructions as such, my computer seems to have lots of problems....
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> Thanks for your patience and time in sorting it out... really grateful for it!
1.Fresh hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 8:47:10 AM, on 9/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\HJT\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://searchbar.findthewebsiteyouneed.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.mail.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.fujitsu-pc.asia.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.fujitsu-pc-asia.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-pc.asia.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) -
http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) -
http://inst.c-wss.com/n019p/EN/install/gtdownlr.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A89551E8-992E-48D0-A90C-3E78CF66B217} -
http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
2. Ewido's report
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:16:43 AM 9/25/2006
+ Scan result:
C:\System Volume Information\_restore{1FC7B5CA-D40C-4640-AD3E-947323350E2B}\RP126\A0007963.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1FC7B5CA-D40C-4640-AD3E-947323350E2B}\RP126\A0008089.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1FC7B5CA-D40C-4640-AD3E-947323350E2B}\RP126\A0008098.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1FC7B5CA-D40C-4640-AD3E-947323350E2B}\RP127\A0010093.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1FC7B5CA-D40C-4640-AD3E-947323350E2B}\RP127\A0010112.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1FC7B5CA-D40C-4640-AD3E-947323350E2B}\RP127\A0010113.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1FC7B5CA-D40C-4640-AD3E-947323350E2B}\RP127\A0010114.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1FC7B5CA-D40C-4640-AD3E-947323350E2B}\RP127\A0010115.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1FC7B5CA-D40C-4640-AD3E-947323350E2B}\RP127\A0010116.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\DXC1205b.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1FC7B5CA-D40C-4640-AD3E-947323350E2B}\RP124\A0007838.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1FC7B5CA-D40C-4640-AD3E-947323350E2B}\RP124\A0007839.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1FC7B5CA-D40C-4640-AD3E-947323350E2B}\RP127\A0009117.exe -> Downloader.Adload.fk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1FC7B5CA-D40C-4640-AD3E-947323350E2B}\RP127\A0009112.exe -> Downloader.Adload.fs : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1FC7B5CA-D40C-4640-AD3E-947323350E2B}\RP127\A0009118.exe -> Downloader.Adload.fs : Cleaned with backup (quarantined).
C:\Documents and Settings\Shanty\Cookies\
[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shanty\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shanty\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shanty\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shanty\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shanty\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shanty\Cookies\shanty@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Shanty\Cookies\
[email protected][1].txt -> TrackingCookie.Adtrak : Cleaned.
:mozilla.70:C:\Documents and Settings\Shanty\Application Data\Mozilla\Firefox\Profiles\w26cytya.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Shanty\Cookies\
[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.63:C:\Documents and Settings\Shanty\Application Data\Mozilla\Firefox\Profiles\w26cytya.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Shanty\Cookies\shanty@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Shanty\Cookies\
[email protected][1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Shanty\Cookies\
[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Shanty\Cookies\
[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Shanty\Cookies\
[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Shanty\Application Data\Mozilla\Firefox\Profiles\w26cytya.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.29:C:\Documents and Settings\Shanty\Application Data\Mozilla\Firefox\Profiles\w26cytya.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.30:C:\Documents and Settings\Shanty\Application Data\Mozilla\Firefox\Profiles\w26cytya.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.59:C:\Documents and Settings\Shanty\Application Data\Mozilla\Firefox\Profiles\w26cytya.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.60:C:\Documents and Settings\Shanty\Application Data\Mozilla\Firefox\Profiles\w26cytya.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Shanty\Cookies\
[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Shanty\Cookies\
[email protected][1].txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.53:C:\Documents and Settings\Shanty\Application Data\Mozilla\Firefox\Profiles\w26cytya.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.54:C:\Documents and Settings\Shanty\Application Data\Mozilla\Firefox\Profiles\w26cytya.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.55:C:\Documents and Settings\Shanty\Application Data\Mozilla\Firefox\Profiles\w26cytya.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.56:C:\Documents and Settings\Shanty\Application Data\Mozilla\Firefox\Profiles\w26cytya.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.46:C:\Documents and Settings\Shanty\Application Data\Mozilla\Firefox\Profiles\w26cytya.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.47:C:\Documents and Settings\Shanty\Application Data\Mozilla\Firefox\Profiles\w26cytya.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
3. combofix scan
Shanty - 06-09-25 8:33:14.38 Service Pack 2
ComboFix 06.09.23.2 - Running from: "C:\Documents and Settings\Shanty\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-08-25 to 2006-09-25 ))))))))))))))))))))))))))))))))))
2006-09-21 16:16 1,233 --a------ C:\WINDOWS\system32\sqgb40de.sys
2006-09-12 20:59 5,632 --a------ C:\WINDOWS\system32\CNMVS3w.DLL
2006-09-12 20:54 97,280 --------- C:\WINDOWS\system32\CNMLM3w.DLL
2006-09-12 20:54 36,864 --a------ C:\WINDOWS\system32\CNMCP3W.EXE
2006-09-11 22:22 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-09-02 07:43 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-09-02 07:43 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-09-02 07:43 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-09-02 07:33 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2006-09-02 07:33 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-09-02 07:33 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-09-02 07:33 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-09-02 07:33 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-09-02 07:33 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-09-02 07:33 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-09-02 07:33 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-09-02 07:33 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-09-02 07:33 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-09-02 07:33 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-09-02 07:33 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-09-02 07:33 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2006-09-02 07:33 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-09-02 07:33 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-09-02 07:33 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-09-02 07:33 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-08-30 21:45 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-08-30 19:55 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-08-30 19:55 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-08-30 19:55 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-08-30 19:54 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-08-30 19:54 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll
2006-08-30 19:54 82,432 --a------ C:\WINDOWS\system32\dmscript.dll
2006-08-30 19:54 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2006-08-30 19:54 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2006-08-30 19:54 71,680 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2006-08-30 19:54 70,656 --a------ C:\WINDOWS\system32\amstream.dll
2006-08-30 19:54 63,768 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-08-30 19:54 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll
2006-08-30 19:54 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-08-30 19:54 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-08-30 19:54 59,904 --a------ C:\WINDOWS\system32\devenum.dll
2006-08-30 19:54 57,344 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-08-30 19:54 562,176 --a------ C:\WINDOWS\system32\qedit.dll
2006-08-30 19:54 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-08-30 19:54 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-08-30 19:54 385,024 --a------ C:\WINDOWS\system32\qdvd.dll
2006-08-30 19:54 375,296 --a------ C:\WINDOWS\system32\dpnet.dll
2006-08-30 19:54 367,616 --a------ C:\WINDOWS\system32\dsound.dll
2006-08-30 19:54 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-08-30 19:54 35,840 --a------ C:\WINDOWS\system32\dmloader.dll
2006-08-30 19:54 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll
2006-08-30 19:54 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-08-30 19:54 30,208 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-08-30 19:54 3,584 --a------ C:\WINDOWS\system32\dpnlobby.dll
2006-08-30 19:54 3,584 --a------ C:\WINDOWS\system32\dpnaddr.dll
2006-08-30 19:54 28,672 --a------ C:\WINDOWS\system32\dmband.dll
2006-08-30 19:54 279,040 --a------ C:\WINDOWS\system32\qdv.dll
2006-08-30 19:54 27,136 --a------ C:\WINDOWS\system32\ddrawex.dll
2006-08-30 19:54 266,240 --a------ C:\WINDOWS\system32\ddraw.dll
2006-08-30 19:54 237,568 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-30 19:54 23,552 --a------ C:\WINDOWS\system32\dpmodemx.dll
2006-08-30 19:54 229,888 --a------ C:\WINDOWS\system32\dplayx.dll
2006-08-30 19:54 212,480 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-08-30 19:54 21,504 --a------ C:\WINDOWS\system32\dpvacm.dll
2006-08-30 19:54 204,288 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-08-30 19:54 20,480 --a------ C:\WINDOWS\system32\encapi.dll
2006-08-30 19:54 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-08-30 19:54 192,512 --a------ C:\WINDOWS\system32\qcap.dll
2006-08-30 19:54 19,456 --a------ C:\WINDOWS\system32\dswave.dll
2006-08-30 19:54 181,760 --a------ C:\WINDOWS\system32\dsdmo.dll
2006-08-30 19:54 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-08-30 19:54 18,432 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-08-30 19:54 17,408 --a------ C:\WINDOWS\system32\msyuv.dll
2006-08-30 19:54 14,336 --a------ C:\WINDOWS\system32\msdmo.dll
2006-08-30 19:54 116,736 --a------ C:\WINDOWS\system32\dpvvox.dll
2006-08-30 19:54 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-08-30 19:54 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2006-08-30 19:54 103,424 --a------ C:\WINDOWS\system32\dmsynth.dll
2006-08-30 19:54 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll
2006-08-30 19:54 1,428,480 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-08-30 19:54 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-08-30 19:54 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2006-08-30 19:54 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll
2006-08-30 19:54 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
2006-08-30 19:30 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-08-30 18:54 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-30 18:20 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-08-30 18:20 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-08-30 18:20 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-08-30 18:20 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-08-30 18:13 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-08-30 18:13 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-08-30 18:13 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-08-30 18:13 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-08-30 18:13 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-08-30 18:13 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-08-29 23:13 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-08-29 23:13 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-24 15:45 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-22 08:42 -------- d-------- C:\Program Files\Qtn
2006-09-22 08:42 -------- d-------- C:\Program Files\Nse
2006-09-22 08:41 -------- d-------- C:\Program Files\config
2006-09-22 08:40 -------- d-------- C:\Program Files\bin
2006-09-22 08:37 -------- d-------- C:\Program Files\Temp
2006-09-22 08:37 -------- d-------- C:\Program Files\NVC
2006-09-22 08:37 -------- d-------- C:\Program Files\Logs
2006-09-22 00:30 -------- d-------- C:\Program Files\PrintView
2006-09-21 18:08 -------- d-------- C:\Program Files\SoftwareRevenue.org
2006-09-21 18:08 -------- d-------- C:\Program Files\Google Toolbar
2006-09-19 22:09 -------- d-------- C:\Documents and Settings\Shanty\Application Data\vlc
2006-09-19 22:00 -------- d-------- C:\Program Files\VideoLAN
2006-09-19 20:58 -------- d-------- C:\Program Files\WinRAR
2006-09-16 22:06 -------- d-------- C:\Documents and Settings\Shanty\Application Data\uTorrent
2006-09-16 21:12 -------- d-------- C:\Program Files\MSN Messenger
2006-09-12 20:51 -------- d-------- C:\Documents and Settings\Shanty\Application Data\Gtek
2006-09-10 18:37 -------- d-------- C:\Program Files\Skype
2006-09-10 18:37 -------- d-------- C:\Documents and Settings\Shanty\Application Data\Skype
2006-09-04 21:12 -------- d-------- C:\Documents and Settings\Shanty\Application Data\Google
2006-09-04 19:39 -------- d-------- C:\Documents and Settings\Shanty\Application Data\AdobeUM
2006-09-01 00:55 875 --a------ C:\Documents and Settings\Shanty\Application Data\AdobeDLM.log
2006-09-01 00:55 0 --a------ C:\Documents and Settings\Shanty\Application Data\dm.ini
2006-09-01 00:55 -------- d-------- C:\Program Files\Adobe
2006-09-01 00:52 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-01 00:52 -------- d-------- C:\Documents and Settings\Shanty\Application Data\Adobe
2006-08-30 21:49 -------- d-------- C:\Program Files\MyGlobalSearch
2006-08-30 21:45 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-08-30 21:36 -------- d-------- C:\Documents and Settings\Shanty\Application Data\CyberLink
2006-08-30 19:44 -------- d-------- C:\Documents and Settings\Shanty\Application Data\Macromedia
2006-08-30 19:44 -------- d-------- C:\Documents and Settings\Shanty\Application Data\Help
2006-08-30 19:42 -------- d-------- C:\Program Files\BitTorrent
2006-08-29 23:14 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-29 23:14 -------- d-------- C:\Program Files\Google
2006-08-29 23:14 -------- d-------- C:\Documents and Settings\Shanty\Application Data\Talkback
2006-08-29 23:14 -------- d-------- C:\Documents and Settings\Shanty\Application Data\Mozilla
2006-08-29 23:12 -------- d-------- C:\Program Files\DivX
2006-08-29 22:59 -------- d-------- C:\Program Files\BearShare
2006-08-29 22:55 -------- d-------- C:\Documents and Settings\Shanty\Application Data\BitTorrent
2006-08-29 17:46 -------- d-------- C:\Documents and Settings\Shanty\Application Data\MSN6
2006-08-24 11:30 -------- d-------- C:\Program Files\Lavasoft
2006-08-24 11:30 -------- d-------- C:\Documents and Settings\Shanty\Application Data\Lavasoft
2006-08-21 20:13 -------- d-------- C:\Program Files\Microsoft.NET
2006-08-21 20:13 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-21 20:10 -------- d-------- C:\Program Files\Microsoft Works
2006-08-21 20:10 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-08-21 20:08 -------- d-------- C:\Program Files\Microsoft Office
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-04 16:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-04 16:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-27 03:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-07-27 03:05 20640 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-03 22:40 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-07-03 22:40 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-07-03 22:40 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-07-03 22:40 620180 --a------ C:\WINDOWS\system32\DivX.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"IndicatorUtility"="C:\\Program Files\\Fujitsu\\Fujitsu Hotkey Utility\\IndicatorUty.exe"
"LoadBtnHnd"="C:\\Program Files\\Fujitsu\\BtnHnd\\BtnHnd.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"LoadFujitsuQuickTouch"="C:\\Program Files\\Fujitsu\\Application Panel\\QuickTouch.exe"
"PRONoMgr.exe"="C:\\Program Files\\Intel\\NCS\\PROSet\\PRONoMgr.exe"
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"PVModule"="C:\\PROGRA~1\\PRINTV~1\\pvmodule.exe"
"Norman ZANDA"="C:\\Program Files\\bin\\ZLH.EXE /LOAD /SPLASH"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Online Services\\pomo.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\Messenger\\mekefe.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e5,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Completion time: Mon 09/25/2006 8:33:38.05
ComboFix2.txt
ComboFix.txt
4. jotti virus scan
Service load: 0% 100%
File: pvmodule.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 1599c68387c28ea6d32a65941930d12c
Packers detected: -
Scanner results
AntiVir Found Trojan/Dldr.Agent.alb
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
I believe that's all.... cheers
Show Posts
\' /> 
\' /> . Please help me... I will really appreciate it! Thanks in advance.