I have done what u ask.
Juz I can't find all the files that u ask me 2 find & delete.
This is my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:27 PM, on 8/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\reveal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId= ... yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8177A3CE-E94D-4A5D-8E7D-E1EAC85016C1} - C:\WINDOWS\system32\icdglwgc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: hamachi.lnk = D:\Hamachi\hamachi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\BitComet\tools\BitCometBHO_1.1.7.4.dll
O15 - Trusted Zone:
http://download.windowsupdate.com
O15 - Trusted Zone:
http://*.windowsupdate.com
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) -
http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -
https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) -
http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) -
https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://jtackw.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 0881398453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 8162192265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) -
http://ahnlabdownload.nefficient.co.kr/ ... kdplus.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E493347-36C0-4FD9-A1A1-810E749E9C31}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E493347-36C0-4FD9-A1A1-810E749E9C31}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{0E493347-36C0-4FD9-A1A1-810E749E9C31}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 10138 bytes
------------------------------------------------------------------------------------
This is my windelf.txt
WIN32DELFKIL LOGFILE - by Marckie
version 3.130
Thu 08/16/2007 22:47:54.10
running from: "C:\Documents and Settings\user\Desktop"
--- File(s) found in Windows directory ---
--- File(s) found in system32 folder ---
--- Services ---
--- Export SharedTaskScheduler key ---
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
--- Notify key ---
--- rebooting the computer ---
--- File(s) found in Windows directory ---
--- File(s) found in system32 folder ---
--- Services ---
--- Export SharedTaskSchedulerkey ---
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
--- Notify key ---
Finished!
----------------------------------------------------------------------------------
This is my ComboFix.txt:
ComboFix 07-08-09.3 - "user" 2007-08-16 22:56:31.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.28 [GMT 8:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\user\APPLIC~1\..\new.txt
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\nm
((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 )))))))))))))))))))))))))))))))
2007-08-20 08:59 75,284 --a------ C:\WINDOWS\system32\fycagmsx.exe
2007-08-16 22:53 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-16 22:47 90,112 --a------ C:\WINDOWS\system32\regdacl.exe
2007-08-16 22:47 53,248 --a------ C:\WINDOWS\system32\process.exe
2007-08-16 22:47 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2007-08-16 22:47 280,230 --a------ C:\win32delfkil.exe
2007-08-16 22:47 16,384 --a------ C:\WINDOWS\system32\restart.exe
2007-08-16 22:47 <DIR> d-------- C:\WINDOWS\system32\regdacl
2007-08-16 22:47 <DIR> d-------- C:\_backupD
2007-08-14 00:47 <DIR> d-------- C:\Program Files\CCleaner
2007-08-13 20:42 <DIR> d-------- C:\VundoFix Backups
2007-08-13 09:37 75,284 --a------ C:\WINDOWS\system32\xkjoisda.exe
2007-08-12 16:22 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Comodo
2007-08-12 16:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-12 16:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-12 16:10 <DIR> d-------- C:\Program Files\Comodo
2007-08-12 11:56 75,284 --a------ C:\WINDOWS\system32\uifaotiu.exe
2007-08-11 21:20 72,704 --a------ C:\DOCUME~1\user\tfutax.exe
2007-08-11 21:12 72,704 --a------ C:\DOCUME~1\user\cjgdqa.exe
2007-08-11 18:56 75,284 --a------ C:\WINDOWS\system32\ipxitpke.exe
2007-08-11 18:56 643,905 ---hs---- C:\WINDOWS\system32\opqss.bak1
2007-08-11 18:08 75,284 --a------ C:\WINDOWS\system32\cvlqwabh.exe
2007-08-11 18:08 643,905 ---hs---- C:\WINDOWS\system32\mmllm.bak1
2007-08-11 11:57 120,852 --a------ C:\WINDOWS\system32\icdglwgc.dll
2007-08-11 11:56 75,284 --a------ C:\WINDOWS\system32\owrotpty.exe
2007-08-11 11:55 644,083 ---hs---- C:\WINDOWS\system32\egjlm.bak1
2007-08-11 11:21 120,852 --a------ C:\WINDOWS\system32\qceclevm.dll
2007-08-11 11:12 644,083 ---hs---- C:\WINDOWS\system32\qtstv.bak1
2007-08-11 09:19 72,704 --a------ C:\DOCUME~1\user\kiqheo.exe
2007-08-11 09:19 72,704 --a------ C:\DOCUME~1\user\aezory.exe
2007-08-11 08:47 72,704 --a------ C:\DOCUME~1\user\ijpigk.exe
2007-08-11 08:45 72,704 --a------ C:\DOCUME~1\user\awsguh.exe
2007-08-11 08:38 75,284 --a------ C:\WINDOWS\system32\kjhvscnt.exe
2007-07-18 09:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-17 20:07 8,576 --a------ C:\WINDOWS\system32\drivers\smikwtibwsnd.sys
2007-07-17 14:09 8,576 --a------ C:\WINDOWS\system32\drivers\ofwjiqpgdtpg.sys
2007-07-17 10:02 8,576 --a------ C:\WINDOWS\system32\drivers\cbubkiqlxwnh.sys
2007-07-16 15:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-16 15:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-07-16 11:09 <DIR> d-------- C:\DOCUME~1\user\awc_vaanbazooka
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-16 23:03 524288 --a------ C:\WINDOWS\system32\drivers\CnxE2FS.bin
2007-07-27 10:45 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-07-19 15:00 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-15 11:54 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-07-15 04:57 --------- d-------- C:\Program Files\Trend Micro
2007-07-13 07:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 22:35 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 22:35 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 22:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 22:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 22:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 22:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 22:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 22:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 22:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 22:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 22:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 22:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 22:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 22:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 22:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 22:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 22:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 22:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 22:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 22:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 16:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 16:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 15:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 14:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 14:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-23 16:26 26056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-06-19 21:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 21:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 18:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 18:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-31 14:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 14:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 14:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 14:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 14:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-17 19:28 549376 --a------ C:\WINDOWS\system32\oleaut32.dll
2007-05-17 19:28 549376 --------- C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-05-16 23:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 23:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 23:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 23:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 23:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 23:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2006-11-11 18:43 774144 --a------ C:\Program Files\RngInterstitial.dll
2002-12-31 16:05:34 72,704 --sh--r C:\WINDOWS\service.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8177A3CE-E94D-4A5D-8E7D-E1EAC85016C1}]
2007-08-11 11:58 120852 --a------ C:\WINDOWS\system32\icdglwgc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 21:39]
"VTTimer"="VTTimer.exe" [2004-01-15 20:33 C:\WINDOWS\system32\VTTimer.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-23 16:41]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 15:54 C:\WINDOWS\SOUNDMAN.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:32]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-12 16:09]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-29 06:10]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"System"=rundl.exe
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"D:\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft]
Msrtmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSRT]
svcmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"D:\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
C:\Program Files\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
R0 Inspect;Comodo Network Engine;C:\WINDOWS\system32\DRIVERS\inspect.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R2 CdaC15BA;CdaC15BA;\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS
R3 CnxTrLan;ADSL USB Modem Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTrLan.sys
R3 CnxTrUsb;ADSL USB Modem Network Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxTrUsb.sys
R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys
R3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys
S3 CSDriver;CSDriver;\??\C:\WINDOWS\System32\drivers\CSDriver.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
S3 GMSIPCI;GMSIPCI;\??\E:\INSTALL\GMSIPCI.SYS
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 Mkd2kfNt;Mkd2kfNt;C:\WINDOWS\system32\drivers\Mkd2kfNt.sys
S3 Mkd2Usbf;Mkd2Usbf;C:\WINDOWS\system32\drivers\Mkd2Usbf.sys
S3 MzBot;MzBot;\??\C:\MzBot.sys
S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04ec9752-634f-11da-ae1b-00300a12a313}]
Autoplay\command- MySexy.exe
AutoRun\command- MySexy.exe
Explore\command- MySexy.exe
OPEN\command- MySexy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0739b543-cc9b-11db-b3dc-00300a12a313}]
Autoplay\command- G:\MySexy.exe
AutoRun\command- G:\MySexy.exe
Explore\command- G:\MySexy.exe
OPEN\command- G:\MySexy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e32ca9c-74b4-11db-b2ba-00300a12a313}]
Auto\command- setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e32ca9d-74b4-11db-b2ba-00300a12a313}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66929d70-b156-11db-b37b-00300a12a313}]
Auto\command- setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe
Contents of the 'Scheduled Tasks' folder
2007-08-16 15:06:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-08-16 23:05:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-16 23:09:57 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-16 23:09
--- E O F ---