Author Topic: Check up? (Read 1193 times)

LoRoC116 · « **on:** October 11, 2007, 11:35:55 PM »

Hello. My internet has strangely started becoming really slow and not recognizing all the letters that I type. Is there something you see wrong?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:06 AM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Yon Yak\Start Menu\Programs\Startup\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\vMW02a\vMW02a1065.exe
C:\WINDOWS\tsitra572.exe
C:\WINDOWS\tsitra1000106.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\WW9uIFlhaw\command.exe
C:\WINDOWS\system32\vMW02a\vMW02a1065.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wikipedia.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\WW9uIFlhaw\command.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - IntelÂ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\fsoxyx.html

--
End of file - 8674 bytes

guestolo · « **Reply #1 on:** October 11, 2007, 11:58:26 PM »

Hi again LoRoC116

[color=\"blue\"]Your Java Runtime Environment is out of date.[/color] Older versions have vulnerabilities that malware can use to infect your system.

Download the latest version of Java Runtime Environment (JRE) 6 Update 3.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement[/i]".
The page will refresh.
Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (13.93 MB).

DON'T install it yet>>I'll let you know when you can install the newest version

Your log indicates an infection that can be spread among removeable drives, among other problems

Can you do the following
Do a "System scan only" with Hijackthis and put a check next to these entries:

O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

O4 - Startup: ctfmon.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\WW9uIFlhaw\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\fsoxyx.html

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Download the Flash_Disinfector.exe from here
http://www.techsupportforum.com/sectools/s...Disinfector.exe
Run Flash_Disinfector.exe, Follow the prompts
Insert any removable flash drives you may have when prompted

Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

EDIT>>
Afterwards, can you do the following
Using IE to run this scan
Go to this link
http://www.bitdefender.com/
Once there select "Scan now" under Scan online on the left hand side
Agree to the agreement and follow the prompts to load

After the scan post back the results back here

Recap, I need to see all the following back here, even if it takes more than one reply to do so

1. Post the results of the BitDefender scan
2. Post the log from Combofix please
It's default location is C:\Combofix.txt
3. Also post a fresh hijackthis log

LoRoC116 · « **Reply #2 on:** October 13, 2007, 12:19:03 AM »

Here you go. I have attached the BitDefender log. Thanks.

[color=\"#ff0000\"]ComboFix 07-10-12.4 - Yon Yak 2007-10-12 22:11:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.496 [GMT -4:00]
Running from: C:\Documents and Settings\Yon Yak\Desktop\ComboFix.exe
* Created a new restore point
.[/color]

[color=\"#ff0000\"]((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.[/color]

[color=\"#ff0000\"]C:\Autorun.inf
C:\check_LSA7.txt
C:\Program Files\Common Files\bapuk.dll
C:\Program Files\Common Files\bapuk232.dll
C:\Program Files\Common Files\bapuk497.dll
C:\Program Files\Common Files\bapuk664.dll
C:\Program Files\Common Files\bapuk777.dll
C:\Program Files\Common Files\fsoxyx.html
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\TTC.dll
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe
C:\Program Files\Windows NT\wodeqabuk4444.dll
C:\Program Files\Windows NT\wodeqabuk83122.dll
C:\WINDOWS\b122.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\bcnppruq.dll
C:\WINDOWS\system32\bdsencrb.dll
C:\WINDOWS\system32\biofajch.exe
C:\WINDOWS\system32\iifefdc.dll
C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\qurppncb.ini
C:\WINDOWS\system32\ufnljmve.exe
C:\WINDOWS\system32\yayaaxy.dll
C:\WINDOWS\tk58.exe
C:\WINDOWS\tsitra572.exe
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\WW9uIFlhaw\asappsrv.dll
C:\WINDOWS\WW9uIFlhaw\command.exe[/color]

[color=\"#ff0000\"].
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))[/color]

[color=\"#ff0000\"].
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\DomainService
-------\Network Monitor[/color]

[color=\"#ff0000\"]((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
.[/color]

[color=\"#ff0000\"]2007-10-12 22:07 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-10-12 09:12 <DIR> d-------- C:\Program Files\Temporary
2007-10-11 23:30 <DIR> d--hs---- C:\WINDOWS\WW9uIFlhaw
2007-10-11 23:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-10-11 23:30 35,840 --a------ C:\WINDOWS\tsitra1000106.exe
2007-10-11 23:29 <DIR> d-------- C:\WINDOWS\system32\vMW02a
2007-10-11 23:29 <DIR> d-------- C:\WINDOWS\system32\que1
2007-10-11 23:29 <DIR> d-------- C:\WINDOWS\system32\hap1
2007-10-11 23:29 <DIR> d-------- C:\WINDOWS\system32\comms2
2007-10-09 16:54 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-04 23:00 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-10-02 20:23 <DIR> d-------- C:\Program Files\iPod
2007-10-02 20:22 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-09-24 23:41 <DIR> d-------- C:\Documents and Settings\Yon Yak\Application Data\acccore
2007-09-24 23:39 <DIR> d-------- C:\Program Files\AIM6
2007-09-24 21:45 <DIR> d-------- C:\Documents and Settings\Yon Yak\Application Data\Elluminate
2007-09-19 21:41 <DIR> dr-hs---- C:\Recycled
2007-09-19 19:37 <DIR> d-------- C:\Program Files\CONEXANT
2007-09-18 20:59 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-17 14:23 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 14:23 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 14:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 14:22 739,840 --a------ C:\WINDOWS\system32\DivX.dll[/color]

[color=\"#ff0000\"].
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 02:06 246 ----a-w C:\Program Files\Common Files\bapuk232
2007-10-11 04:59 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\uTorrent
2007-10-11 04:24 --------- d-----w C:\Program Files\ALZip
2007-10-09 22:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-03 00:26 --------- d-----w C:\Program Files\Apple Software Update
2007-10-03 00:23 --------- d-----w C:\Program Files\iTunes
2007-09-30 21:41 --------- d-----w C:\Program Files\DivX
2007-09-25 03:40 --------- d-----w C:\Program Files\Viewpoint
2007-09-25 03:40 --------- d-----w C:\Program Files\Common Files\AOL
2007-09-25 03:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-09-25 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-09-24 02:47 --------- d-----w C:\Program Files\Google
2007-09-19 00:57 --------- d-----w C:\Program Files\AIM
2007-09-19 00:57 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\Aim
2007-09-18 02:27 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-09-05 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-02 00:04 --------- d-----w C:\Program Files\Common Files\Canon
2007-09-02 00:04 --------- d-----w C:\Program Files\Canon
2007-08-27 19:38 --------- d-----w C:\Program Files\ESTsoft
2007-08-27 19:38 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\ESTsoft
2007-08-25 14:23 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\CyberLink
2007-08-25 03:58 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\Apple Computer
2007-08-25 03:53 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\Ahead
2007-08-25 02:18 --------- d-----w C:\Program Files\Common Files\Ahead
2007-08-25 02:16 --------- d-----w C:\Program Files\Nero
2007-08-24 16:23 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\Talkback
2007-08-23 02:58 --------- d-----w C:\Program Files\middle_man
2007-08-22 03:04 --------- d-----w C:\Program Files\Video Converter
2007-08-21 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-08-21 17:04 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\AdobeUM
2007-08-21 13:32 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\DivX
2007-08-21 11:24 --------- d-----w C:\Program Files\eMule
2007-08-21 11:22 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\eMule
2007-08-19 16:08 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-19 13:20 --------- d-----w C:\Program Files\Macrovision Corporation
2007-08-19 13:20 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\InstallShield
2007-08-19 00:31 --------- d-----w C:\Program Files\Common Files\Adobe
2007-08-18 14:49 --------- d-----w C:\Program Files\Logitech
2007-08-18 14:48 --------- d-----w C:\Program Files\Common Files\Logitech
2007-08-18 14:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-18 05:32 --------- d-----w C:\Program Files\Jasc Software Inc
2007-08-18 05:31 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\Jasc Software Inc
2007-08-18 05:28 --------- d-----w C:\Program Files\MSECache
2007-08-18 05:25 --------- d-----w C:\Program Files\Microsoft Works
2007-08-18 05:24 --------- d-----w C:\Program Files\Microsoft.NET
2007-08-18 04:28 --------- d-----w C:\Program Files\HP
2007-08-18 04:27 --------- d-----w C:\Program Files\Hewlett-Packard
2007-08-18 04:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-08-18 04:26 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-08-18 02:13 --------- d-----w C:\Program Files\QuickTime
2007-08-18 02:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-08-18 01:59 --------- d-----w C:\Program Files\uTorrent
2007-08-17 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-08-17 19:51 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-17 19:23 --------- d-----w C:\Program Files\Common Files\SWF Studio
2007-08-17 19:22 --------- d-----w C:\Program Files\Dell
2007-08-17 19:17 --------- d-----w C:\Program Files\Sonic
2007-08-17 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2007-08-17 19:16 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-08-17 19:15 --------- d--h--w C:\Documents and Settings\Yon Yak\Application Data\Gtek
2007-08-17 19:14 --------- d-----w C:\Program Files\Common Files\Real
2007-08-17 19:13 --------- d-----w C:\Program Files\Common Files\Intuit
2007-08-17 19:10 --------- d-----w C:\Program Files\MUSICMATCH
2007-08-17 19:09 --------- d-----w C:\Program Files\DellSupport
2007-08-17 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2007-08-17 18:47 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\McAfee.com Personal Firewall
2007-08-17 18:47 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\WW9uIFlhaw\qq6RKI51uT.vbs
.[/color]

[color=\"#ff0000\"]((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown [/color]

[color=\"#ff0000\"][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 18:33]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 16:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 21:05]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 16:15]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-25 17:15]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-25 17:06]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42][/color]

[color=\"#ff0000\"][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28]
"Aim6"="" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 10:16][/color]

[color=\"#ff0000\"]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38][/color]

[color=\"#ff0000\"][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 18:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll[/color]

[color=\"#ff0000\"]R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys[/color]

[color=\"#ff0000\"][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4472457d-4d09-11dc-8240-00123feaed2f}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command - G:\Recycled\ctfmon.exe[/color]

[color=\"#ff0000\"].
Contents of the 'Scheduled Tasks' folder
"2007-10-10 03:37:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************[/color]

[color=\"#ff0000\"]catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [/color][color=\"#ff0000\"]http://www.gmer.net[/color]
[color=\"#ff0000\"]Rootkit scan 2007-10-12 22:27:43
Windows 5.1.2600 Service Pack 2 NTFS[/color]

[color=\"#ff0000\"]scanning hidden processes ... [/color]

[color=\"#ff0000\"]scanning hidden autostart entries ...[/color]

[color=\"#ff0000\"]scanning hidden files ... [/color]

[color=\"#ff0000\"]scan completed successfully
hidden files: 0 [/color]

[color=\"#ff0000\"]**************************************************************************
.
Completion time: 2007-10-12 22:29:17 - machine was rebooted
.
--- E O F ---
[/color]

[color=\"#0000ff\"]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:28 AM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal[/color]

[color=\"#0000ff\"]Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\HijackThis.exe[/color]

[color=\"#0000ff\"]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [/color][color=\"#0000ff\"]http://www.wikipedia.org/[/color]
[color=\"#0000ff\"]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [/color][color=\"#0000ff\"]http://go.microsoft.com/fwlink/?LinkId=69157[/color]
[color=\"#0000ff\"]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [/color][color=\"#0000ff\"]http://go.microsoft.com/fwlink/?LinkId=54896[/color]
[color=\"#0000ff\"]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [/color][color=\"#0000ff\"]http://go.microsoft.com/fwlink/?LinkId=54896[/color]
[color=\"#0000ff\"]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [/color][color=\"#0000ff\"]http://go.microsoft.com/fwlink/?LinkId=69157[/color]
[color=\"#0000ff\"]O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [/color][color=\"#0000ff\"]http://download.bitdefender.com/resources/scan8/oscan8.cab[/color]
[color=\"#0000ff\"]O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [/color][color=\"#0000ff\"]http://upload.facebook.com/controls/FacebookPhotoUploader.cab[/color]
[color=\"#0000ff\"]O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - [/color][color=\"#0000ff\"]https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx[/color]
[color=\"#0000ff\"]O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [/color][color=\"#0000ff\"]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/color]
[color=\"#0000ff\"]O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - IntelÂ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[/color]

[color=\"#0000ff\"]--
End of file - 8051 bytes
[/color]

LoRoC116 · « **Reply #3 on:** October 13, 2007, 12:20:15 AM »

Also. One quick question. What do I do with the Java runtime installer?

guestolo · « **Reply #4 on:** October 13, 2007, 10:40:09 AM »

It doesn't look like you uninstalled older versions of Java
We'll deal with that later

For now, can you do the following
Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work

Quote

File::
C:\WINDOWS\tsitra1000106.exe

Folder::
C:\WINDOWS\WW9uIFlhaw
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\WINDOWS\system32\vMW02a
C:\WINDOWS\system32\que1
C:\WINDOWS\system32\hap1
C:\WINDOWS\system32\comms2
C:\WINDOWS\WW9uIFlhaw

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4472457d-4d09-11dc-8240-00123feaed2f}]

DirLook::
C:\Program Files\Common Files\bapuk232
C:\Program Files\Temporary

Save this as txtfile
CFScript

Take note the pic above
Drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you,
By default, it also saves to C:\ComboFix.txt..

Post that log again please

Also, can you do the following
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

NOTE: Are you sharing flash drives with other computers in the household?

LoRoC116 · « **Reply #5 on:** October 13, 2007, 01:52:08 PM »

No, I do not share my flash drives with other computers. Here are the logs you've asked for. Thanks for all your help! =D

[color=\"#ff0000\"]ComboFix 07-10-12.4 - Yon Yak 2007-10-13 14:42:50.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.638 [GMT -4:00]
Running from: C:\Documents and Settings\Yon Yak\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Yon Yak\Desktop\CFScript.txt
* Created a new restore point[/color]

[color=\"#ff0000\"]FILE::
C:\WINDOWS\tsitra1000106.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\WINDOWS\system32\comms2
C:\WINDOWS\system32\hap1
C:\WINDOWS\system32\que1
C:\WINDOWS\system32\que1\aded83122.exe
C:\WINDOWS\system32\vMW02a
C:\WINDOWS\WW9uIFlhaw
C:\WINDOWS\WW9uIFlhaw\qq6RKI51uT.vbs

.
((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
.

2007-10-13 01:32 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-10-13 01:32 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-10-13 01:31 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-10-12 22:30 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-12 22:07 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-10-12 09:12 <DIR> d-------- C:\Program Files\Temporary
2007-10-09 16:54 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-04 23:00 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-10-02 20:23 <DIR> d-------- C:\Program Files\iPod
2007-10-02 20:22 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-09-24 23:41 <DIR> d-------- C:\Documents and Settings\Yon Yak\Application Data\acccore
2007-09-24 23:39 <DIR> d-------- C:\Program Files\AIM6
2007-09-24 21:45 <DIR> d-------- C:\Documents and Settings\Yon Yak\Application Data\Elluminate
2007-09-19 21:41 <DIR> dr-hs---- C:\Recycled
2007-09-19 19:37 <DIR> d-------- C:\Program Files\CONEXANT
2007-09-18 20:59 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-17 14:23 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 14:23 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 14:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 14:22 739,840 --a------ C:\WINDOWS\system32\DivX.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 05:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-13 03:26 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\uTorrent
2007-10-13 02:06 246 ----a-w C:\Program Files\Common Files\bapuk232
2007-10-11 04:24 --------- d-----w C:\Program Files\ALZip
2007-10-03 00:26 --------- d-----w C:\Program Files\Apple Software Update
2007-10-03 00:23 --------- d-----w C:\Program Files\iTunes
2007-09-30 21:41 --------- d-----w C:\Program Files\DivX
2007-09-25 03:40 --------- d-----w C:\Program Files\Viewpoint
2007-09-25 03:40 --------- d-----w C:\Program Files\Common Files\AOL
2007-09-25 03:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-09-25 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-09-24 02:47 --------- d-----w C:\Program Files\Google
2007-09-19 00:57 --------- d-----w C:\Program Files\AIM
2007-09-19 00:57 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\Aim
2007-09-18 02:27 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-05 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-02 00:04 --------- d-----w C:\Program Files\Common Files\Canon
2007-09-02 00:04 --------- d-----w C:\Program Files\Canon
2007-08-27 19:38 --------- d-----w C:\Program Files\ESTsoft
2007-08-27 19:38 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\ESTsoft
2007-08-25 14:23 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\CyberLink
2007-08-25 03:58 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\Apple Computer
2007-08-25 03:53 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\Ahead
2007-08-25 02:18 --------- d-----w C:\Program Files\Common Files\Ahead
2007-08-25 02:16 --------- d-----w C:\Program Files\Nero
2007-08-24 16:23 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\Talkback
2007-08-23 02:58 --------- d-----w C:\Program Files\middle_man
2007-08-22 03:04 --------- d-----w C:\Program Files\Video Converter
2007-08-21 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-08-21 17:04 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\AdobeUM
2007-08-21 13:32 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\DivX
2007-08-21 11:24 --------- d-----w C:\Program Files\eMule
2007-08-21 11:22 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\eMule
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-20 10:04 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-19 16:08 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-19 13:20 --------- d-----w C:\Program Files\Macrovision Corporation
2007-08-19 13:20 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\InstallShield
2007-08-19 00:31 --------- d-----w C:\Program Files\Common Files\Adobe
2007-08-18 14:49 --------- d-----w C:\Program Files\Logitech
2007-08-18 14:48 --------- d-----w C:\Program Files\Common Files\Logitech
2007-08-18 14:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-18 05:32 --------- d-----w C:\Program Files\Jasc Software Inc
2007-08-18 05:31 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\Jasc Software Inc
2007-08-18 05:28 --------- d-----w C:\Program Files\MSECache
2007-08-18 05:25 --------- d-----w C:\Program Files\Microsoft Works
2007-08-18 05:24 --------- d-----w C:\Program Files\Microsoft.NET
2007-08-18 04:28 --------- d-----w C:\Program Files\HP
2007-08-18 04:27 --------- d-----w C:\Program Files\Hewlett-Packard
2007-08-18 04:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-08-18 04:26 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-08-18 02:13 --------- d-----w C:\Program Files\QuickTime
2007-08-18 02:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-08-18 01:59 --------- d-----w C:\Program Files\uTorrent
2007-08-17 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-08-17 19:51 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-17 19:23 --------- d-----w C:\Program Files\Common Files\SWF Studio
2007-08-17 19:22 --------- d-----w C:\Program Files\Dell
2007-08-17 19:17 --------- d-----w C:\Program Files\Sonic
2007-08-17 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2007-08-17 19:16 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-08-17 19:15 --------- d--h--w C:\Documents and Settings\Yon Yak\Application Data\Gtek
2007-08-17 19:14 --------- d-----w C:\Program Files\Common Files\Real
2007-08-17 19:13 --------- d-----w C:\Program Files\Common Files\Intuit
2007-08-17 19:10 --------- d-----w C:\Program Files\MUSICMATCH
2007-08-17 19:09 --------- d-----w C:\Program Files\DellSupport
2007-08-17 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2007-08-17 18:47 --------- d-----w C:\Documents and Settings\Yon Yak\Application Data\McAfee.com Personal Firewall
2007-08-17 18:47 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\Common Files\bapuk232 ----

C:\Program Files\Common Files\bapuk232\

---- Directory of C:\Program Files\Temporary ----

[/color]

[color=\"#ff8c00\"]((((((((((((((((((((((((((((( [/color][color=\"#ff0000\"]snapshot@2007-10-12_22.28.25.76[/color][color=\"#ff0000\"] )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-01-28 19:44:28 164,864 -c----w C:\WINDOWS\$NtUninstallKB894476$\cewmdm.dll
+ 2004-11-18 14:44:50 209,632 -c----w C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe
+ 2004-11-18 14:45:18 371,936 -c----w C:\WINDOWS\$NtUninstallKB894476$\spuninst\updspapi.dll
+ 2004-08-04 11:00:00 30,080 -c----w C:\WINDOWS\$NtUninstallKB909394$\rndismp.sys
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB909394$\spuninst\updspapi.dll
+ 2004-08-04 11:00:00 12,672 -c----w C:\WINDOWS\$NtUninstallKB909394$\usb8023.sys
+ 2007-10-13 05:44:26 920,376 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2007-10-13 05:44:26 35,648 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2007-10-13 05:44:31 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2007-10-13 05:44:31 12,632 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2007-10-13 02:31:16 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2007-10-13 02:31:16 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2007-10-13 02:31:16 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2007-10-13 02:31:20 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2005-03-01 18:08:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2005-03-01 18:08:52 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2007-10-13 02:31:21 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2007-10-13 02:31:17 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-25 05:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2005-03-01 18:08:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2005-03-01 18:08:52 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2005-10-21 01:47:04 30,592 ------w C:\WINDOWS\Driver Cache\i386\rndismpx.sys
+ 2005-10-21 01:47:05 12,800 ------w C:\WINDOWS\Driver Cache\i386\usb8023x.sys
+ 2007-10-13 05:32:01 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe
+ 2007-10-13 05:32:01 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe
+ 2006-11-13 17:38:40 22,824 ----a-w C:\WINDOWS\system32\ceutil.dll
- 2005-01-28 19:44:28 164,864 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2005-02-18 09:59:52 226,816 ----a-w C:\WINDOWS\system32\CEWMDM.dll
- 2005-01-28 19:44:28 164,864 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2005-02-18 09:59:52 226,816 ----a-w C:\WINDOWS\system32\dllcache\CEWMDM.dll
+ 2006-11-06 22:04:56 28,672 ----a-w C:\WINDOWS\system32\dllcache\wceusbsh.sys
- 2004-08-04 11:00:00 30,080 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
+ 2005-10-21 01:47:04 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
- 2004-08-04 11:00:00 12,672 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
+ 2005-10-21 01:47:05 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
+ 2006-11-06 22:04:56 28,672 ----a-w C:\WINDOWS\system32\drivers\wceusbsh.sys
- 2007-09-24 21:45:18 277,352 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-10-13 06:45:02 278,152 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2006-11-13 17:39:28 138,024 ----a-w C:\WINDOWS\system32\rapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 18:33]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 16:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 21:05]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 16:15]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-25 17:15]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-25 17:06]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28]
"Aim6"="" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 10:16]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 18:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-10 03:37:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [/color][color=\"#ff0000\"]http://www.gmer.net[/color]
[color=\"#ff0000\"]Rootkit scan 2007-10-13 14:45:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-13 14:45:47
C:\ComboFix2.txt ... 2007-10-12 22:29
.
--- E O F ---
[/color]

[color=\"#0000ff\"]Adobe Flash Player 9 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
AIM 6
ALPS Touch Pad Driver
ALUpdate
ALZip
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Broadcom Management Programs 2
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities ZoomBrowser EX
CleanUp!
Conexant D110 MDC V.9x Modem
Dell Driver Reset Tool
DellSupport
DivX Codec
eMule
Google Gmail Notifier
HijackThis 2.0.2
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
Intelï¿½ PROSet/Wireless Software
Internal Network Card Power Management
iTunes
Jasc Paint Shop Pro 8
Java 2 Runtime Environment, SE v1.4.2_03
Logitech MouseWare 9.79.1
Logitech QuickCam
LogitechÂ® Camera Driver
Macromedia Flash Player
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
mIWA
mIWCA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB936181)
mToolkit
mWlsSafe
mXML
mZConfig
Nero 7 Ultra Edition
PowerDVD 5.5
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb942575)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Word 2007 (KB934173)
Videora iPod Converter 2.25
VobSub v2.23 (Remove Only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859[/color]

guestolo · « **Reply #6 on:** October 13, 2007, 02:31:54 PM »

Go ahead and delete this folder
C:\Program Files\Temporary <-folder

[color=\"blue\"]Your Java Runtime Environment is out of date.[/color] Older versions have vulnerabilities that malware can use to infect your system.

Download the latest version of Java Runtime Environment (JRE) 6 Update 3.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement[/i]".
The page will refresh.
Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (13.93 MB).
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.

- Examples of older versions in Add or Remove Programs:

* Java 2 Runtime Environment, SE v1.4.2
* J2SE Runtime Environment 5.0
* J2SE Runtime Environment 5.0 Update 6

Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.

DON'T install the latest version yet
In your case I only see the following that needs uninstalled
Java 2 Runtime Environment, SE v1.4.2_03
Reboot your computer

Go ahead and install the latest version of Java from the installer on desktop

I mistakenly identified a folder which should be file
Can you do the following
Go to the following link
http://www.virustotal.com/flash/index_en.html
Copy>>Paste (You may have to use the Ctrl + V keys to paste)
to the open field under Upload a file
(Or you can manually browse to the filename)

The exact line in bold below

C:\Program Files\Common Files\bapuk232

Then click the Send File button, wait for the scan to finish
Post back the results of the scan

LoRoC116 · « **Reply #7 on:** October 13, 2007, 03:04:42 PM »

File bapuk232 received on 10.13.2007 21:47:49 (CET)

EDITED

guestolo · « **Reply #8 on:** October 13, 2007, 03:16:02 PM »

Don't copy>>>paste back here the whole page
Just the results of the scan, Exactly how they show on the web page

Ensure to uncheck word wrap under Format if your saving the results in a notepad textfile

LoRoC116 · « **Reply #9 on:** October 13, 2007, 04:22:58 PM »

I'm not sure if this is what you were asking for, but I've attached a notepad file.

guestolo · « **Reply #10 on:** October 14, 2007, 03:10:17 AM »

If I'm mistaken, I see you running without AntiVirus software
If I'm mistaken, Enable your AV NOW, If I'm not mistaken, I highly recommend you install one of these
free AV's from this link
http://www.thetechguide.com/forum/index.php?showtopic=15894

Choose Either AVG>>Avast>>AntiVir
ONLY choose one, more than one will cause conflicts with your machine

Also, do the following
add SpywareBlaster to your protection software
SpywareBlaster 3.5.1 by JavaCool

After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

That should do it , let me know how everything else is doing

LoRoC116 · « **Reply #11 on:** October 14, 2007, 03:53:39 PM »

Thank you! I have downloaded AVG. I forgot to download that when I reformatted my laptop. Thank you so much!

guestolo · « **Reply #12 on:** October 14, 2007, 04:28:09 PM »

Your welcome, I'll lock this topic as your problems appear resolved
Take care

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: Check up? (Read 1193 times)

LoRoC116

Check up?

guestolo

Check up?

LoRoC116

Check up?

LoRoC116

Check up?

guestolo

Check up?

LoRoC116

Check up?

guestolo

Check up?

LoRoC116

Check up?

guestolo

Check up?

LoRoC116

Check up?

guestolo

Check up?

LoRoC116

Check up?

guestolo

Check up?