Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help.. some .doc files appear by themselves

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help.. some .doc files appear by themselves

Unread postby nalduro » May 13th, 2009, 11:02 pm

hi. this is my symptoms. some strange files always show up even i had deleted them :( i already scan my laptop with avg 8 and spybot, both already updated. these files are .doc files with 392kb in size and the files name always same as the folder names which the doc file contain. please help. this is my hijack log. thx..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:12 AM, on 5/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\spool.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SpeedUp\SpeedUp3.5G HSPA Mobile Connect\USB Modem.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.Yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.Yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [wscntfy] C:\WINDOWS\wscntfy.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D2C872C-E31B-40EB-8C42-A2110D084BFB}: NameServer = 202.155.0.10 202.155.0.15
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

--
End of file - 6511 bytes
nalduro
Active Member
 
Posts: 8
Joined: November 15th, 2008, 5:23 pm
Advertisement
Register to Remove

Re: Please help.. some .doc files appear by themselves

Unread postby Rodav » May 17th, 2009, 3:29 pm

Hello! :hello2: and welcome to the Malware Removal forums.
I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Please help.. some .doc files appear by themselves

Unread postby Rodav » May 17th, 2009, 3:38 pm

You may have a file infector on board which is never good. :(

Step 1:
Please visit Virustotal

Copy/paste this file and path into the white box at the top:
C:\WINDOWS\spool.scr

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response. If VirusTotal is busy please use: Jotti


Step 2:
Note: Internet Explorer should be used.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply along with a fresh HJT log and the VirusTotal results.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Please help.. some .doc files appear by themselves

Unread postby nalduro » May 18th, 2009, 2:31 am

hi. thanks for the reply

:?: here are some additional symptoms of my netbook which appears lately.
1. sometimes my pointer stops to move suddenly and the only way i can move it again by pressing ctrl-alt-del key, but it stops again in 5 minutes or less..
2. these .docs file are also infected all of my flashdisc and extrernal hardisc, even my phone's memory card :pale:
3. when i change my folder option to view hidden files, it's turn automatically to "do not show hidden file" in seconds and i can see another strange file appears for a second.


this is the result from virus total


File spool.scr received on 05.18.2009 04:28:02 (CET)
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.05.18 Worm.Win32.VB.mz!IK
AhnLab-V3 5.0.0.2 2009.05.16 Win-Trojan/Brontok.77824
AntiVir 7.9.0.168 2009.05.17 TR/VB.Sicuffit
Antiy-AVL 2.0.3.1 2009.05.15 Virus/Win32.VB
Authentium 5.1.2.4 2009.05.17 -
Avast 4.8.1335.0 2009.05.17 Win32:Delf-ESJ
AVG 8.5.0.336 2009.05.17 -
BitDefender 7.2 2009.05.18 Win32.Generic.5126
CAT-QuickHeal 10.00 2009.05.15 Worm.Autorun.im
ClamAV 0.94.1 2009.05.16 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.18 Trojan.Copier.7
eSafe 7.0.17.0 2009.05.17 Suspicious File
eTrust-Vet 31.6.6508 2009.05.16 Win32/Boozity.A
F-Prot 4.4.4.56 2009.05.17 -
F-Secure 8.0.14470.0 2009.05.16 Virus.Win32.VB.ft
Fortinet 3.117.0.0 2009.05.18 W32/VB.K!worm
GData 19 2009.05.18 Win32.Generic.5126
Ikarus T3.1.1.49.0 2009.05.18 Worm.Win32.VB.mz
K7AntiVirus 7.10.737 2009.05.16 Trojan.Win32.VB
Kaspersky 7.0.0.125 2009.05.18 Virus.Win32.VB.ft
McAfee 5618 2009.05.17 W32/Rontokbro.gen@MM
McAfee+Artemis 5618 2009.05.17 W32/Rontokbro.gen@MM
McAfee-GW-Edition 6.7.6 2009.05.18 Trojan.VB.Sicuffit
Microsoft 1.4602 2009.05.17 Worm:Win32/Autorun.IM
NOD32 4081 2009.05.17 probably unknown NewHeur_PE
Norman 6.01.05 2009.05.16 W32/VBTroj.GYY
nProtect 2009.1.8.0 2009.05.17 -
Panda 10.0.0.14 2009.05.17 -
PCTools 4.4.2.0 2009.05.17 -
Prevx 3.0 2009.05.18 -
Rising 21.29.62.00 2009.05.17 Trojan.Win32.VB.xej
Sophos 4.41.0 2009.05.17 W32/VBSp-A
Sunbelt 3.2.1858.2 2009.05.17 -
Symantec 1.4.4.12 2009.05.18 W32.SillyFDC
TheHacker 6.3.4.1.326 2009.05.18 -
TrendMicro 8.950.0.1092 2009.05.15 WORM_VB.IAO
VBA32 3.12.10.5 2009.05.18 -
ViRobot 2009.5.15.1737 2009.05.15 -
VirusBuster 4.6.5.0 2009.05.17 -
Additional information
File size: 400931 bytes
MD5...: bea4dadfdccb4ad413b8f949d0d3d2a6
SHA1..: 4553097fe97b4e21149e47543fc4e712901971b2
SHA256: 709326d5dd462b8df0c78289e0be7c23661a726bb8cf901ab729fdc074bb8f5a
SHA512: 4f9e00c2cbb5804eb21f008bb2e50f9408fe023b2e1c8a97437e9a3e1c2cd8b7<br>72473b077502b489e19f0f36f297a6d4a1b8579570990ce37903a11604940065
ssdeep: 1536:nBNj+XEYe8vrBc/34bB8kDj0Vkwlc+xTYjyf8slVRsMWWbX:nrjg1vO/o9U<br>VkeYj6RsKX<br>
PEiD..: -
TrID..: File type identification<br>Win32 Dynamic Link Library (generic) (65.4%)<br>Generic Win/DOS Executable (17.2%)<br>DOS Executable Generic (17.2%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1cfc<br>timedatestamp.....: 0x46114540 (Mon Apr 02 18:02:40 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xe180 0xf000 5.42 2c6af9699571d9369ac7e4525381dd11<br>.data 0x10000 0xa64 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<br>.rsrc 0x11000 0x1fd4 0x2000 5.97 b829680d025e6d64aa6a04365269344d<br><br>( 1 imports ) <br>&gt; MSVBVM60.DLL: __vbaVarSub, _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaResume, __vbaStrCat, -, __vbaSetSystemError, __vbaNameFile, __vbaHresultCheckObj, _adj_fdiv_m32, -, -, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaBoolVarNull, _CIsin, -, __vbaVarCmpGt, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, -, __vbaVarTstEq, __vbaObjVar, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, __vbaVarAnd, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaVarDiv, -, -, __vbaFPException, __vbaStrVarVal, __vbaVarCat, -, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaVarCmpLt, __vbaFreeStrList, -, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarSetVar, __vbaI4Var, __vbaVarCmpEq, __vbaVarAdd, __vbaLateMemCall, __vbaVarDup, __vbaVarLateMemCallLd, -, _CIatan, __vbaStrMove, -, -, _allmul, -, -, _CItan, -, -, _CIexp, -, __vbaFreeStr, __vbaFreeObj<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-


this is kaspersky online log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, May 18, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, May 18, 2009 02:12:19
Records in database: 2189365
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 47785
Threat name: 1
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 02:35:14


File name / Threat name / Threats count
wscntfy.exe\wscntfy.exe/wscntfy.exe\wscntfy.exe Infected: Virus.Win32.VB.ft 1
C:\WINDOWS\wscntfy.exe/C:\WINDOWS\wscntfy.exe Infected: Virus.Win32.VB.ft 1
C:\WINDOWS\spool.scr Infected: Virus.Win32.VB.ft 1
C:\WINDOWS\system32\1126\ctfmon.exe Infected: Virus.Win32.VB.ft 1
C:\WINDOWS\wscntfy.exe Infected: Virus.Win32.VB.ft 1
D:\data\data.exe Infected: Virus.Win32.VB.ft 1
D:\data\ebook\Color Atlas of Ultrasound Anatomy\Color Atlas of Ultrasound Anatomy.exe Infected: Virus.Win32.VB.ft 1

The selected area was scanned.



this is fresh hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:26:46 PM, on 5/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.Yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.Yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - c:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [wscntfy] C:\WINDOWS\wscntfy.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6993 bytes
nalduro
Active Member
 
Posts: 8
Joined: November 15th, 2008, 5:23 pm

Re: Please help.. some .doc files appear by themselves

Unread postby Rodav » May 18th, 2009, 11:19 am

I'm afraid I have unpleasant news for you. You have a Very Dangerous infection on this machine.
The infection is delivered by W32/Sdbot-TN
It allows outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to any other data present...
IF this computer has been used for any kind of important data, my best recommendation is to Disconnect from Internet, Re-Format the entire drive and re-install your Operating system and Applications.

We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that the infection didn't do something to your system to reduce the system security. In that instance, even after removal of the infection, you could be subject to another attack or takeover as soon as you re-connect to the Internet.

The Decision Whether to ReFormat or Not should be based on:
  • The use of the computer - this is the primary factor in the decision whether to re-format and re-install, or just disinfect.
  • The variety of malware - this influences the decision on whether to re-format and re-install, or just disinfect. IN THIS CASE we have a SDBot, the worst kind.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
  • Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
  • Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
    Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for an attempted identity theft.
  • Please read this for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
While you are deciding whether to ReFormat and Re-Install, a useful link is here: http://www.dslreports.com/faq/10063
Please let me know what you decide.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Please help.. some .doc files appear by themselves

Unread postby nalduro » May 18th, 2009, 10:41 pm

i don't use my netbook for important things. i don't have paypal account and access my bank account from here. the only password i access from here is my facebook, email and rapidshare account. do you think it is a valuable information for the thief?

i decide to clean my computer if you don't mind. thanks radov.
nalduro
Active Member
 
Posts: 8
Joined: November 15th, 2008, 5:23 pm

Re: Please help.. some .doc files appear by themselves

Unread postby Rodav » May 19th, 2009, 5:45 am

Your account details may indeed be useful to somebody. If it was my computer I would have no hesitation in reformatting and reinstalling my OS, while it can be a pain, it only takes a few hours and it should be running as good as new afterward. Please bear in mind that if we can remove the infections your computer may still have numerous errors which you may have to reformat anyway to resolve.

Anyway if you still want to continue please do the following:


Make sure all your external devices are connected to your computer before doing the next steps.

Step 1:
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log for further review.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Please help.. some .doc files appear by themselves

Unread postby nalduro » May 19th, 2009, 9:38 am

i'm sorry to ask radov, should i turn my firewall off too? i'm using online armor for now..
nalduro
Active Member
 
Posts: 8
Joined: November 15th, 2008, 5:23 pm

Re: Please help.. some .doc files appear by themselves

Unread postby nalduro » May 19th, 2009, 12:14 pm

never mind radov. i already read the tutorial. i turned the firewall off too.

anyway here is my combofix log

ComboFix 09-05-18.06 - HP 05/19/2009 22:37.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.573 [GMT 7:00]
Running from: c:\documents and settings\HP\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.

2009-05-18 23:45 . 2009-05-18 23:45 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-18 23:45 . 2008-11-12 09:44 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-18 23:45 . 2009-05-18 23:45 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-18 17:10 . 2009-05-18 17:10 -------- d-----w c:\documents and settings\HP\Local Settings\Application Data\Babylon
2009-05-18 17:05 . 2009-05-19 14:54 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-05-18 17:05 . 2009-05-19 00:41 -------- d-----w c:\documents and settings\HP\Application Data\Babylon
2009-05-18 10:56 . 2008-10-09 07:25 1221008 ----a-w c:\windows\system32\zpeng25.dll
2009-05-17 12:30 . 2009-05-18 15:45 -------- d-----w c:\windows\system32\ZoneLabs
2009-05-17 12:30 . 2009-05-17 12:30 -------- d-----w c:\program files\Zone Labs
2009-05-17 12:20 . 2009-05-18 14:19 -------- d-----w c:\program files\SpywareGuard
2009-05-14 02:14 . 2009-05-14 02:14 -------- d-----w c:\windows\Sun
2009-05-13 17:34 . 2009-05-13 17:34 -------- d-----w c:\documents and settings\HP\Application Data\Malwarebytes
2009-05-13 17:34 . 2009-04-06 08:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-13 17:33 . 2009-04-06 08:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-13 17:33 . 2009-05-13 17:33 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-13 17:33 . 2009-05-13 17:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-13 17:08 . 2009-05-13 17:08 -------- d-----w c:\program files\Trend Micro
2009-05-13 16:28 . 2009-05-19 14:55 -------- d-----w c:\windows\system32\NtmsData
2009-05-12 13:06 . 2009-05-18 14:12 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-05-12 13:03 . 2009-05-19 14:14 -------- d-----w c:\windows\Internet Logs
2009-05-12 12:57 . 2009-05-12 12:57 -------- d-----w c:\documents and settings\HP\Application Data\FastStone
2009-05-11 16:43 . 2009-05-11 16:43 -------- d--h--w c:\windows\PIF
2009-05-10 21:39 . 2009-05-10 21:39 -------- d-----w c:\documents and settings\HP\Local Settings\Application Data\Help
2009-05-10 08:42 . 2009-05-10 08:45 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-10 08:42 . 2009-05-10 08:45 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-10 08:09 . 2009-05-10 08:09 -------- d-----w c:\documents and settings\HP\Application Data\TuneUp Software
2009-05-10 08:08 . 2009-05-10 08:08 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-10 08:07 . 2009-05-10 08:07 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-10 07:18 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-05-10 07:18 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-05-10 07:18 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-05-10 07:18 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-05-10 07:18 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-05-10 07:18 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-10 07:18 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-10 07:18 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-05-10 07:18 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-05-10 07:17 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-05-10 07:17 . 2009-02-06 11:06 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-10 07:17 . 2009-02-06 11:08 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-10 07:17 . 2009-02-06 10:32 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-10 06:46 . 2009-05-10 06:46 0 ----a-w c:\windows\nsreg.dat
2009-05-10 06:45 . 2009-05-10 06:45 -------- d-----w c:\documents and settings\HP\Local Settings\Application Data\Mozilla
2009-04-24 05:14 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-24 05:14 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 02:18 . 2009-02-11 02:30 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-18 02:18 . 2009-02-11 02:30 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-18 02:18 . 2009-02-11 02:30 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-11 16:32 . 2008-11-13 10:07 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-11 14:36 . 2009-02-11 11:23 -------- d-----w c:\program files\Microsoft Money 2007
2009-03-06 14:22 . 2008-04-15 04:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2007-08-14 09:54 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-01 10:51 . 2009-03-01 10:51 92344 ----a-w c:\documents and settings\HP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-20 18:09 . 2008-04-15 04:00 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1343488]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-18 1947928]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-09 981904]
"Babylon Client"="d:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-02-14 3165920]

c:\i386\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-18 02:18 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"RocketDock"="d:\program files\RocketDock\RocketDock.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"wscntfy"=c:\windows\wscntfy.exe
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"IMEKRMIG6.1"=c:\windows\ime\imkr6_1\IMEKRMIG.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe"
"Persistence"=c:\windows\system32\igfxpers.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"HP Mobile Broadband"=c:\swsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode
"SysTrayApp"=%ProgramFiles%\IDT\WDM\sttray.exe
"IDTSysTrayApp"=sttray.exe
"hpWirelessAssistant"=c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"AESTFltr"=%SystemRoot%\system32\AESTFltr.exe /NoDlg
"WinampAgent"=c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/11/2009 9:30 AM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/11/2009 9:30 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/11/2009 9:30 AM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/11/2009 9:30 AM 298776]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/19/2009 6:45 AM 603904]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/13/2008 5:08 PM 112128]
R3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\drivers\cmusbser.sys [2/11/2009 6:50 PM 103552]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-05-19 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 09:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.Yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Translate with &Babylon - d:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
FF - ProfilePath - c:\documents and settings\HP\Application Data\Mozilla\Firefox\Profiles\v9kn91qa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 22:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3968)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-19 22:42
ComboFix-quarantined-files.txt 2009-05-19 15:42
ComboFix2.txt 2009-05-19 14:52

Pre-Run: 19,684,163,584 bytes free
Post-Run: 19,671,646,208 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

179 --- E O F --- 2009-05-10 10:15


and this is a new hijcakthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:10 PM, on 5/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SpeedUp\SpeedUp3.5G HSPA Mobile Connect\USB Modem.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - c:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Babylon Client] d:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Translate with &Babylon - res://D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7215 bytes

help me please radov.. thanks
nalduro
Active Member
 
Posts: 8
Joined: November 15th, 2008, 5:23 pm

Re: Please help.. some .doc files appear by themselves

Unread postby Rodav » May 19th, 2009, 3:22 pm

Make sure your external devices are still connected.

Step 1:
Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, after i tell you that your computer is clean.


Step 2:
Disable SpywareGuard until the computer is clean

  • Right click the running icon of Spywareguard, it will open the program.
  • Then go to Menu, file, exit.
  • Then confirm the program is closed.
Don't forget to re-enable it, after i tell you that your computer is clean.


Step 3:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\wscntfy.exe
C:\WINDOWS\spool.scr
C:\WINDOWS\system32\1126\ctfmon.exe
Folder::
D:\data
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"wscntfy"=-


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply along with a new HijackThis log.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Please help.. some .doc files appear by themselves

Unread postby nalduro » May 20th, 2009, 3:12 am

hi.. this is the combofix log

ComboFix 09-05-18.06 - HP 05/20/2009 10:21.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.605 [GMT 7:00]
Running from: c:\documents and settings\HP\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
c:\windows\spool.scr
c:\windows\system32\1126\ctfmon.exe
c:\windows\wscntfy.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\spool.scr
c:\windows\system32\1126\ctfmon.exe
D:\data
d:\data\59SU.rar
d:\data\campbell urologi 8.docx
d:\data\CATATAN PERTANYAAN PREASESS N SMITH READING\catatan kuliah ronald.doc
d:\data\CATATAN PERTANYAAN PREASESS N SMITH READING\catatan reminder.doc
d:\data\CATATAN PERTANYAAN PREASESS N SMITH READING\pertanyaan-pertanyaan.txt
d:\data\Dept UROLOGY\Basic Physical Examination In Urology.ppt
d:\data\Dept UROLOGY\Erectile Dysfunction.ppt
d:\data\Dept UROLOGY\OBSTRUCTIVE UROPATHY.ppt
d:\data\Dept UROLOGY\UROGENITAL TRAUMA.ppt
d:\data\ebook\ADA guidelines Diabetes 2008.pdf
d:\data\ebook\CKD UK guideline.pdf
d:\data\ebook\Color Atlas of Ultrasound Anatomy\Color Atlas of Ultrasound Anatomy.pdf
d:\data\ebook\Color Atlas of Ultrasound Anatomy\index.jpg
d:\data\ebook\Color Atlas of Ultrasound Anatomy\Thumbs.db
d:\data\ebook\Deja Review Surgery.pdf
d:\data\ebook\Devita - Cancer Principles - Practice of Oncology 2008.chm
d:\data\ebook\Guyton & Hall Textbook Of Medical Physiology 11th Ed.pdf
d:\data\ebook\Harrisons17.chm
d:\data\ebook\JNC 7.pdf
d:\data\ebook\langmans - embryology - 10th 2006.chm
d:\data\ebook\MAOPER.CHM
d:\data\ebook\Operative Surgery Vivas for the MRCS .pdf
d:\data\ebook\SabistonTextbookofSurgery.chm
d:\data\ebook\schwartz8.chm
d:\data\ebook\simbryo\autorun.exe
d:\data\ebook\simbryo\buy.html
d:\data\ebook\simbryo\credits.html
d:\data\ebook\simbryo\credits2.html
d:\data\ebook\simbryo\detect.html
d:\data\ebook\simbryo\detect.swf
d:\data\ebook\simbryo\flashindex.html
d:\data\ebook\simbryo\flashzoom.html
d:\data\ebook\simbryo\fresh-bollywood.blogspot.com.txt
d:\data\ebook\simbryo\images\close.gif
d:\data\ebook\simbryo\images\close_over.gif
d:\data\ebook\simbryo\images\dm.gif
d:\data\ebook\simbryo\images\flashkitmusic.gif
d:\data\ebook\simbryo\images\hit.gif
d:\data\ebook\simbryo\images\intro.swf
d:\data\ebook\simbryo\images\logofullanim.swf
d:\data\ebook\simbryo\images\lww.gif
d:\data\ebook\simbryo\images\thumb_early.gif
d:\data\ebook\simbryo\images\thumb_gi.gif
d:\data\ebook\simbryo\images\thumb_gu.gif
d:\data\ebook\simbryo\images\thumb_head.gif
d:\data\ebook\simbryo\images\thumb_heart.gif
d:\data\ebook\simbryo\images\thumb_lung.gif
d:\data\ebook\simbryo\index.html
d:\data\ebook\simbryo\index2.html
d:\data\ebook\simbryo\keys.html
d:\data\ebook\simbryo\noflash.html
d:\data\ebook\simbryo\readme.rtf
d:\data\ebook\simbryo\site\3.0browsers.html
d:\data\ebook\simbryo\site\3.0lecture.html
d:\data\ebook\simbryo\site\early.html
d:\data\ebook\simbryo\site\earlylecture.html
d:\data\ebook\simbryo\site\gi.html
d:\data\ebook\simbryo\site\gilecture.html
d:\data\ebook\simbryo\site\gu.html
d:\data\ebook\simbryo\site\gulecture.html
d:\data\ebook\simbryo\site\head.html
d:\data\ebook\simbryo\site\headlecture.html
d:\data\ebook\simbryo\site\heart.html
d:\data\ebook\simbryo\site\heartlecture.html
d:\data\ebook\simbryo\site\images\close.gif
d:\data\ebook\simbryo\site\images\close_over.gif
d:\data\ebook\simbryo\site\images\early.swf
d:\data\ebook\simbryo\site\images\earlylecture.swf
d:\data\ebook\simbryo\site\images\gi.swf
d:\data\ebook\simbryo\site\images\gilecture.swf
d:\data\ebook\simbryo\site\images\gu.swf
d:\data\ebook\simbryo\site\images\gulecture.swf
d:\data\ebook\simbryo\site\images\head.swf
d:\data\ebook\simbryo\site\images\headlecture.swf
d:\data\ebook\simbryo\site\images\heart.swf
d:\data\ebook\simbryo\site\images\heartlecture.swf
d:\data\ebook\simbryo\site\images\lung.swf
d:\data\ebook\simbryo\site\images\lunglecture.swf
d:\data\ebook\simbryo\site\images\thumb_early.gif
d:\data\ebook\simbryo\site\images\thumb_gi.gif
d:\data\ebook\simbryo\site\images\thumb_gu.gif
d:\data\ebook\simbryo\site\images\thumb_head.gif
d:\data\ebook\simbryo\site\images\thumb_heart.gif
d:\data\ebook\simbryo\site\images\thumb_lung.gif
d:\data\ebook\simbryo\site\images\thumb_nopic.gif
d:\data\ebook\simbryo\site\index.html
d:\data\ebook\simbryo\site\lecture.html
d:\data\ebook\simbryo\site\lung.html
d:\data\ebook\simbryo\site\lunglecture.html
d:\data\ebook\simbryo\thumb.bmp
d:\data\ebook\simbryo\Thumbs.db
d:\data\ebook\Surgical Anatomy - Skandalakis (2004).chm
d:\data\ebook\Thumbs.db
d:\data\ebook\Trauma - 6th Ed Mattox.chm
d:\data\ebook\Viva Tutorials for Surgeons.pdf
d:\data\ebook\zollinger_atlas_of_surgical_operations__8th_edition.chm
d:\data\install_flash_player.exe
d:\data\music\01._3_hari_untuk_selamanya.mp3
d:\data\music\02 kau yang terindah.mp3
d:\data\music\03 gerangan cinta.mp3
d:\data\music\03 The Groove - Khayalan.mp3
d:\data\music\065 - Shanice - I Love Your Smile (1992).mp3
d:\data\music\07. Humania - persembahan.mp3
d:\data\music\1182450409607eb7f6ce10bb9ef55229c127b4a657.mp3
d:\data\music\ADA Band - Manusia Bodoh.mp3
d:\data\music\Afgan - Terima Kasih Cinta.MP3
d:\data\music\Afgan_-_Terimakasih_cinta.mp3
d:\data\music\All 4 One - All my life, I've prayed for someone like you.mp3
d:\data\music\All 4 One - I will be right here waiting for you.mp3
d:\data\music\All 4 One - These Arms.mp3
d:\data\music\All For One - I Can Love You Like That.mp3
d:\data\music\All for One - I Swear.MP3
d:\data\music\anthem.mp3
d:\data\music\Atlantic Starr - I'll Remember You.mp3
d:\data\music\Atlantic Starr - Masterpiece.mp3
d:\data\music\Atlantic Starr - Shower Me with Your Love.mp3
d:\data\music\Aura_Kasih_-_05._Sayang_Kau_Ada_Yang_Punya.mp3
d:\data\music\Aura_Kasih_-_08._Puncak_Asmara.mp3
d:\data\music\babybash-imback.wma
d:\data\music\Babyface - I Only Think Of You On Two Occasions.mp3
d:\data\music\Backstreet Boys - Quite playing games with my heart.mp3
d:\data\music\Backstreet Boys - The Shape of My Heart.mp3
d:\data\music\Bangles - Eternal Flame 71.mp3
d:\data\music\Barry Manilow - Could It Be Magic.mp3
d:\data\music\Barry Manilow - I Can't Smile Without You.mp3
d:\data\music\Barry Manilow - Mandy.mp3
d:\data\music\Barry White - I'm gonna love you just a little more babe.MP3
d:\data\music\Barry White - Just The Way You Are.mp3
d:\data\music\Barry White - Never, Never Gonna Give You Up.mp3
d:\data\music\Basil Valdez - You.mp3
d:\data\music\beep.mp3
d:\data\music\Ben E. King - Stand By Me.mp3
d:\data\music\Billie Joel - I Love You Just The Way You Are.mp3
d:\data\music\BJ Thomas - Rain Drops Keep Falling On My Head.mp3
d:\data\music\Blackstreet - In a Rush.mp3
d:\data\music\Bobby Caldwell - The Real Thing.mp3
d:\data\music\Bon Jovi - Bad Medicine.mp3
d:\data\music\Bon Jovi - You Give Love A Bad Name.mp3
d:\data\music\Boys 2 Men - Boyz II Men - I ll Make.mp3
d:\data\music\Boys to Men - Boyz II Men - I Swear(2).mp3
d:\data\music\boyz ii men - boys 2 men - end of the road.mp3
d:\data\music\Boyzone - Picture Of You.mp3
d:\data\music\Brian McKnight - B. Mcnight - One Last Cry.mp3
d:\data\music\Brian McKnight - Back At One.mp3
d:\data\music\Bryan Adams, Rod Stewart, Sting - All for One, All for Love.mp3
d:\data\music\buat tidur.m3u
d:\data\music\Bukannya Aku Takut.mp3
d:\data\music\Bunglon - Dulu.mp3
d:\data\music\Celebrate.MP3
d:\data\music\Christopher Cross - Arthur's Theme (Best That You Can Do).mp3
d:\data\music\code red - can we talk.mp3
d:\data\music\Code Red - This Is Our Song(1).mp3
d:\data\music\Code Red - This Is Our Song.mp3
d:\data\music\Dan Hill - Sometimes When We Touch.mp3
d:\data\music\Delon feat. Irene - Indah pada Waktunya.MP3
d:\data\music\Firehouse - You are my Religion.mp3
d:\data\music\Frank Sinatra - My Way.mp3
d:\data\music\gadis malam.mp3
d:\data\music\Gary Barlow - Forever Love.mp3
d:\data\music\George Benson - The Greatest Love Of All.mp3
d:\data\music\George Benson & Al Jarreau - Nothing's Gonna Change My Love.mp3
d:\data\music\George Duke - Born To Love You.mp3
d:\data\music\Glenn Medeiros - Nothing's Gonna Change My Love For You.mp3
d:\data\music\glory manutd.mp3
d:\data\music\Halmahera - Alam Dan Seniku.mp3
d:\data\music\Halmahera - Khayalanku.mp3
d:\data\music\Halmahera - Pasti.mp3
d:\data\music\Halmahera - Waktu.mp3
d:\data\music\Halmahera_-_Alam_dan_Seniku_-_01_-_Khayalanku.mp3
d:\data\music\Humania - Terserah.mp3
d:\data\music\i feel good.mp3
d:\data\music\IWA K - kuingin kembali.mp3
d:\data\music\IWA K - malam indah.mp3
d:\data\music\J-Rock's - Topeng Sahabat - 01 - Lepaskan Diriku.mp3
d:\data\music\James Ingram - I Don't Have The Heart.mp3
d:\data\music\James Ingram - Just Once.mp3
d:\data\music\James_Morrison_-_You_Give_Me_Something.mp3
d:\data\music\Joey Scarbury - Believe it or not.mp3
d:\data\music\John Legend.Someday.mp3
d:\data\music\Jon Bon Jovi - Janie, Don't Take Your Love to Town.mp3
d:\data\music\Karaoke - Bon Jovi - Blaze Of Glory.mp3
d:\data\music\karnak_cut_v2.mp3
d:\data\music\Keith Martin - I'll Never Find Someone Like You.mp3
d:\data\music\Kool And The Gang - Cherish the Love.mp3
d:\data\music\Krakatau - The Best Of - 20 - Lasamba - Primadona.mp3
d:\data\music\Krakatau - The Best Of - 06 - Sekitar kita.mp3
d:\data\music\LAKE - CELEBRATE.mp3
d:\data\music\Lea Salonga & Brad Kane - We Could Be In Love.mp3
d:\data\music\Linda Rondstat & James Ingram - Somewhere Out There.mp3
d:\data\music\Maliq & D'essentials - DIa (Ost. Claudia Jasmine).MP3
d:\data\music\Mc_Hammer_-_You_can_t_touch_this.MP3
d:\data\music\mchampions.mp3
d:\data\music\mfollow.mp3
d:\data\music\Michael Bolton - How Am I Supposed To Live Without You.mp3
d:\data\music\Michael Bolton - I Can Go The Distance (Hercules).mp3
d:\data\music\Michael Bolton - Said I Loved You But I Lied.mp3
d:\data\music\Michael Bubble - Everything.mp3
d:\data\music\Michael Learns To Rock - Take Me To Your Heart.mp3
d:\data\music\Midnight Soul Collection Disc 2 - 05 - Babyface - When Can I See You Again.mp3
d:\data\music\Never Gonna Let You Go.mp3
d:\data\music\Nsync - Bye Bye Bye.mp3
d:\data\music\Nsync - Its Gonna Be Me.mp3
d:\data\music\NSync - N Sync - God Must Have Spent A Little More Time On You.mp3
d:\data\music\Nsync - This I Promise You.mp3
d:\data\music\Nu Flavor - Heaven.mp3
d:\data\music\Oasis - Champagne Supernova.mp3
d:\data\music\Oasis - Dont Look Back In Anger.mp3
d:\data\music\Oasis - Stand By Me.mp3
d:\data\music\Oasis - Wonderwall.mp3
d:\data\music\OPM - Basil Valdez - You.mp3
d:\data\music\Peaches & Herbs - Reunited.mp3
d:\data\music\Philip_Bailey_With_Phil_Collins_-_Easy_Lover.mp3
d:\data\music\Protonema - Kiranya.mp3
d:\data\music\Protonema - Rinduku Adinda.mp3
d:\data\music\RAN - Pandangan Pertama.MP3
d:\data\music\RAN Feat. Shila - Tunjukkan Cintamu.mp3.mp3
d:\data\music\regine velasquez - jacky cheung - in love with you.mp3
d:\data\music\Richard Marx - I Will Be Right Here Waiting For You.mp3
d:\data\music\Ronan Keating & Boyzone - I Love the Way You Love Me.mp3
d:\data\music\Rossa - Terlalu Cinta.mp3
d:\data\music\Samsons - Luluh.mp3
d:\data\music\samsons - penantian_hidup_-_02_- hey gadis.mp3
d:\data\music\samsons_hey_gadis.mp3
d:\data\music\Santa Esmeralda - You're My Everything2.mp3
d:\data\music\Savage Garden - I Knew I Loved You.mp3
d:\data\music\Savage Garden - Santa Monica.mp3
d:\data\music\Saving Forever For You.mp3
d:\data\music\Seal - Crazy.mp3
d:\data\music\Seal - Fly Like An Eagle.mp3
d:\data\music\Seal - Kiss From A Rose.mp3
d:\data\music\Semenjak Ada Dirimu.mp3
d:\data\music\Shanice - Saving Forever For You.mp3
d:\data\music\Smooth Jazz - George Benson - Just The Two of Us.mp3
d:\data\music\ST12_-_03._Cari_Pacar_Lagi.mp3
d:\data\music\ST12_-_06._Saat_Terakhir.mp3
d:\data\music\Sugar Ray - Every morning.mp3
d:\data\music\The Rembrandts - I'll Be There For You.mp3
d:\data\music\Tic - Terbaik Untukmu.mp3
d:\data\music\Titi Kamal feat anji drive - Resah Tanpamu.mp3
d:\data\music\Tofu - Mimpi Terindah.mp3
d:\data\music\Tommy Page - Paintings In My Mind.mp3
d:\data\music\Tommy Page - Shoulder To Cry On.mp3
d:\data\music\Tompi - 04. Sedari Dulu.mp3
d:\data\music\tompi - sedari dulu.mp3
d:\data\music\Tompi_-_Menghujam_Jantungku.mp3
d:\data\music\Toto - Lea.mp3
d:\data\music\Toto - Rosanna.mp3
d:\data\music\Welcome To My Paradise.mp3
d:\data\music\wish_you_were_here_incubus.mp3
d:\data\music\you to me are everything - the real thing.mp3
d:\data\music\Yovie & Nuno - Dia Milikku.mp3
d:\data\music\Yovie & Nuno - Indah Kuingat dirimu.mp3
d:\data\music\Yovie Nuno - 11 - The Special One - Sempat Memiliki.mp3
d:\data\OnlineArmor_Setup_Free.exe
d:\data\percutaneous_nephrostomy.flv
d:\data\spywareguardsetup.exe
d:\data\UP Prof Aji\MAGISTER IKK 12 FEBR09.doc
d:\data\UP Prof Aji\THESIS-DISERTASI FKUP.doc
d:\data\UROLOGY STUFFS\2006__Vol.1__Issues_1__Genitourinary_Ultrasound-Vascular_Ultrasound.pdf
d:\data\UROLOGY STUFFS\A_guide_to_laparoscpic_surgery.pdf
d:\data\UROLOGY STUFFS\Acquired_Cystic_Disease_of_the_Kidney_and_Renal_Cell_Carcinoma.pdf
d:\data\UROLOGY STUFFS\Adrenal G lands.pdf
d:\data\UROLOGY STUFFS\AJCC Cancer Staging Atlas.pdf
d:\data\UROLOGY STUFFS\Andrology for the Clinician.pdf
d:\data\UROLOGY STUFFS\Atlas of Urodynamics.pdf
d:\data\UROLOGY STUFFS\Basic and Advanced Techniques in Prostate Brachytherapy.pdf
d:\data\UROLOGY STUFFS\Campbell Welsh Urology 9th ed.chm
d:\data\UROLOGY STUFFS\Carcinoma of the Kidney.pdf
d:\data\UROLOGY STUFFS\Carcinoma pf the bladder.pdf
d:\data\UROLOGY STUFFS\Challenges in Prostate Cancer, 2nd edition.pdf
d:\data\UROLOGY STUFFS\Chronic Prostatitis.pdf
d:\data\UROLOGY STUFFS\Clinical Nephrotoxins.pdf
d:\data\UROLOGY STUFFS\Clinical Problems in Pediatric Urology.pdf
d:\data\UROLOGY STUFFS\Color Doppler US of the Penis.pdf
d:\data\UROLOGY STUFFS\Complication of Urology Laparoscopic Surgery.pdf
d:\data\UROLOGY STUFFS\Complications of Urologic Surgery and Practice.pdf
d:\data\UROLOGY STUFFS\Comprehensive_Textbook_of_Genitourinary_Oncology__3rd_ed.chm
d:\data\UROLOGY STUFFS\Contemporary Interventional Ultrasonography in Urology.pdf
d:\data\UROLOGY STUFFS\Current_STD_2007.CHM
d:\data\UROLOGY STUFFS\Drug treatment in Urology.pdf
d:\data\UROLOGY STUFFS\Drugs Compromising Male Sexual Health.pdf
d:\data\UROLOGY STUFFS\Educating, Evaluating, and Selecting Living Kidney Donors.pdf
d:\data\UROLOGY STUFFS\Emergencies in Urology.pdf
d:\data\UROLOGY STUFFS\Endoscopic Extraperitoneal Radical Prostatectomy.pdf
d:\data\UROLOGY STUFFS\Endourological Management of Urogenital Carcinoma.pdf
d:\data\UROLOGY STUFFS\Essential of Pediatric Urology 2nd ed.pdf
d:\data\UROLOGY STUFFS\Female Genital Prolapse and Urinary Incontinence.pdf
d:\data\UROLOGY STUFFS\Functional and Dysfunctional Sexual Behavior.pdf
d:\data\UROLOGY STUFFS\Handbook of Renal Biopsy Pathology.pdf
d:\data\UROLOGY STUFFS\Handbook of Sexual Dysfunction.pdf
d:\data\UROLOGY STUFFS\Handbook of Urologic Cryoablation.pdf
d:\data\UROLOGY STUFFS\HandBook of Urology Diagnosis and Therapy.chm
d:\data\UROLOGY STUFFS\Image guided raddiation therapy of prostate cancer.pdf
d:\data\UROLOGY STUFFS\Imaging in Transplantation.pdf
d:\data\UROLOGY STUFFS\Imaging of Kidney Cancer.pdf
d:\data\UROLOGY STUFFS\invasive_bladder_cancer.pdf
d:\data\UROLOGY STUFFS\Key Clinical Trials in Erectile Dysfunction_Carson.pdf
d:\data\UROLOGY STUFFS\Key Topics in Urology.pdf
d:\data\UROLOGY STUFFS\Kidney Transplantation.pdf
d:\data\UROLOGY STUFFS\Living Donor Kidney Transplantation, Gaston R.pdf
d:\data\UROLOGY STUFFS\Living Donor Organ Transplantation, Bennedetti E.pdf
d:\data\UROLOGY STUFFS\Living Donor Transplantation, Saphiro R.pdf
d:\data\UROLOGY STUFFS\Male Sexual Dysfunction Pathophysiology and Treatment.pdf
d:\data\UROLOGY STUFFS\Male Sexual Function. A guide to clinical management.pdf
d:\data\UROLOGY STUFFS\Medical Complication of Kidney Transplantation.pdf
d:\data\UROLOGY STUFFS\Metastasis of Prostate Cancer.pdf
d:\data\UROLOGY STUFFS\Minimally Invasive Procedures in Urology.pdf
d:\data\UROLOGY STUFFS\Multidisciplinary Treatment for Prostate Cancer.pdf
d:\data\UROLOGY STUFFS\Nephron sparing surgery.pdf
d:\data\UROLOGY STUFFS\New Techniques in Uroradiology.pdf
d:\data\UROLOGY STUFFS\New Treatment Paradigms in Renal Cell Carcinoma.pdf
d:\data\UROLOGY STUFFS\Office Andrology.pdf
d:\data\UROLOGY STUFFS\Oral Pharmacotherapy for Male Sexual Dysfunction.pdf
d:\data\UROLOGY STUFFS\Oxford Handbook of Urology.chm
d:\data\UROLOGY STUFFS\Pediatric Surgery and Urology.pdf
d:\data\UROLOGY STUFFS\Positioning Techniques in Surgical Applications.pdf
d:\data\UROLOGY STUFFS\POSTER--- QuickStudy - Urogenital System.pdf
d:\data\UROLOGY STUFFS\Prostate Cancer - Translational and Emerging Therapies.pdf
d:\data\UROLOGY STUFFS\Prostate Cancer Biology, Genetics, and the New Therapeutics.pdf
d:\data\UROLOGY STUFFS\Questions in Daily Urologic Practice.pdf
d:\data\UROLOGY STUFFS\Radical Prostatectomy From Open to Robotic.pdf
d:\data\UROLOGY STUFFS\Renal and Adrenal Tumors Biology and Management.pdf
d:\data\UROLOGY STUFFS\Renal Cell Cancer Diagnosis and Therapy.pdf
d:\data\UROLOGY STUFFS\Renal Cell Carcinoma - Molecular Biology,Immunology and Clinical Management.pdf
d:\data\UROLOGY STUFFS\Robotic Urologic Surgery.pdf
d:\data\UROLOGY STUFFS\Robotic Urology.pdf
d:\data\UROLOGY STUFFS\SEcret Series Urology 3rd ed\SecretsSeries_Urology3ed2003Resnick_1560535105p341.djvu
d:\data\UROLOGY STUFFS\SEcret Series Urology 3rd ed\WinDjView-0.5.exe
d:\data\UROLOGY STUFFS\Sex, The Heart and Erectile Dysfunction.pdf
d:\data\UROLOGY STUFFS\Smith's General Urology, 17th edition.pdf
d:\data\UROLOGY STUFFS\smith gen uro 17th.PDF
d:\data\UROLOGY STUFFS\Standard practice in sexual medicine.pdf
d:\data\UROLOGY STUFFS\Testosterone Action, Deficiency, Substitution.pdf
d:\data\UROLOGY STUFFS\Textbook of Clinical Pediatric Urology 5th ed.pdf
d:\data\UROLOGY STUFFS\Textbook of Female Urology and Urogynaecology.pdf
d:\data\UROLOGY STUFFS\Textbook of Laparoscopic Urolog.pdf
d:\data\UROLOGY STUFFS\Textbook of the Neurogenic Bladder, 2nd edition.pdf
d:\data\UROLOGY STUFFS\TextbookOfClinicalPediatricUrology StudyGuide 1stEdition.pdf
d:\data\UROLOGY STUFFS\The Female Pelvic Floor, 2nd ed\0-front-matter.pdf
d:\data\UROLOGY STUFFS\The Female Pelvic Floor, 2nd ed\1-Overview.pdf
d:\data\UROLOGY STUFFS\The Female Pelvic Floor, 2nd ed\2-The Anatomy and Dynamics of Pelvic Floor Function and Dysfunction.pdf
d:\data\UROLOGY STUFFS\The Female Pelvic Floor, 2nd ed\3-Diagnosis of Connective Tissue Damage.pdf
d:\data\UROLOGY STUFFS\The Female Pelvic Floor, 2nd ed\4-Reconstructive Pelvic Floor Surgery According to the Integral Theory.pdf
d:\data\UROLOGY STUFFS\The Female Pelvic Floor, 2nd ed\5-Pelvic Floor Rehabilitation.pdf
d:\data\UROLOGY STUFFS\The Female Pelvic Floor, 2nd ed\6-Mapping the Dynamics of Connective Tissue Dysfunction.pdf
d:\data\UROLOGY STUFFS\The Female Pelvic Floor, 2nd ed\7-Current and Emerging Research Issues.pdf
d:\data\UROLOGY STUFFS\The Female Pelvic Floor, 2nd ed\8-Conclusion.pdf
d:\data\UROLOGY STUFFS\The Female Pelvic Floor, 2nd ed\9-back-matter.pdf
d:\data\UROLOGY STUFFS\The Female Pelvic Floor, 2nd ed\cover-image-large.jpg
d:\data\UROLOGY STUFFS\The Female Pelvic Floor, 2nd ed\Thumbs.db
d:\data\UROLOGY STUFFS\The genetic of renal disease.pdf
d:\data\UROLOGY STUFFS\The Prostate, New Concepts and Developments.pdf
d:\data\UROLOGY STUFFS\The Surgery of Childhood Tumors, 2nd Edition.pdf
d:\data\UROLOGY STUFFS\The_Comprehensive_Laparoscopic_Surgery.pdf
d:\data\UROLOGY STUFFS\Therapeutic_Management_of_Incontinence_and_Pelvic_Pain-xmhefny.pdf
d:\data\UROLOGY STUFFS\Therapy for Erectile Dysfunction Pocketbook.pdf
d:\data\UROLOGY STUFFS\Thumbs.db
d:\data\UROLOGY STUFFS\TNM Atlas Illustrated Guide to the TNM pTNM Classification of Malignant Tumours.pdf
d:\data\UROLOGY STUFFS\Transurethral Resection, 5th ed.pdf
d:\data\UROLOGY STUFFS\Treatment and Management of Bladder Cance.pdf
d:\data\UROLOGY STUFFS\Treatment Methods of Early and Advanced Prostate Cancer.pdf
d:\data\UROLOGY STUFFS\Trestment option in urologial cancer.pdf
d:\data\UROLOGY STUFFS\urodynamics 3rd ed.pdf
d:\data\UROLOGY STUFFS\Urogynecology- Evidence-Based Clinical Practice.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2002, Vol.29, Issues 1, Complementary Medicine.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2002, Vol.29, Issues 2, Urethral Reconstruction.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2002, Vol.29, Issues 3, Female Urology.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2002, Vol.29, Issues 4, Male Infertility.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2003, Vol.30, Issues 1, Urologic Manifestations of Non-urologic Disease.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2003, Vol.30, Issues 2, Localized Prostate Cancer.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2003, Vol.30, Issues 3, Renal Cell Carcinoma.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2003, Vol.30, Issues 4, Management of Recurrence in Urologic Oncology.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2004, Vol.31, Issues 1, Advances in Ureteroscopy.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2004, Vol.31, Issues 2, Preventive Medicine in Urology.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2004, Vol.31, Issues 3, Pediatric Urology for the General Urologist.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2004, Vol.31, Issues 4, Robotic Urologic Surgery.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2005, Vol.32, Issues 1, Neuromodulation.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2005, Vol.32, Issues 2, Bladder Cancer.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2005, Vol.32, Issues 3, Office Urology.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2005, Vol.32, Issues 4, Erectile Dysfunction.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2006, Vol.33, Issues 1, Genitourinary Trauma.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2006, Vol.33, Issues 2, New Approaches in the Treatment of Advanced Prostate Cancer.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2006, Vol.33, Issues 3, Urologic Imaging.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2006, Vol.33, Issues 4, Overactive Bladder.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2007, Vol.34, Issues 1, Pregnancy - Urologic Complications.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2007, Vol.34, Issues 2, Testicular Cancer.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\2007, Vol.34, Issues 3, Urolithiasis.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\Sexual Medicine State of the Art, An Issue of Urologic Clinics of North America, November 2007.pdf
d:\data\UROLOGY STUFFS\Urologic Clinics of NA 2002 - 2007 PDF\Uro2008, Vol.35, Issues 3, Minimally Invasive Genitourinary Procedures.pdf
d:\data\UROLOGY STUFFS\Urological Oncology (Landes Bioscience Medical Handbook ).pdf
d:\data\UROLOGY STUFFS\Urology-AHandBookForMedicalStudent_naldfkuki98.pdf
d:\data\UROLOGY STUFFS\Urology - An Atlas of Investigation and Management (Probert, 1st Ed. 2008).pdf
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\Acute scrotum.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\Benign Prostatic Hyperplasia.doc
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\Congenital Anomalies of uro-genital Tract (factor-x).ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\Investigations in Urology.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\Obstructive Uropathy + BPH.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\Scrotal Swellings.doc
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\Thumbs.db
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\Urinary Stones.doc
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\Urogenital Infections-Nonspecific Infections.doc
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\Urogenital Infections-Specific Infections.doc
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\Urogenital Infections (factor-x).ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\Urogenital Infections.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\Urogenital Infections\Nonspecific Infections.doc
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\Urogenital Infections\Specific Infections.doc
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\Urogenital Trauma.doc
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\Urology Investigations.doc
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\Urology Oncology.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\urology presentation\10. Injuries.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\urology presentation\11. Renal Angiograms.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\urology presentation\2. Plain. Stones and Other Shadows.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\urology presentation\3. Intravenous Urograms.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\urology presentation\4. Nephrostomy_ Suprapubic Cystostomy.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\urology presentation\5. Ascending Pyelograms.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\urology presentation\6. Cystograms.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\urology presentation\7. Cystograms. Obstructive Uropathy.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\urology presentation\8. Urethrograms.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\urology presentation\9. Anomalies.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\urology presentation\Normal Urinary System.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\urology presentation\Normal.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\urology presentation\Obstructive Uropathy.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\urology presentation\Urology X-rays Captions.doc
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\UROLOGYCATHETERS.doc
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\windows-1256''Investigations in Urology.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\windows-1256__1. Normal.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\windows-1256__2. Plain. Stones and Other Shadows.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\windows-1256__3. Intravenous Urograms.ppt
d:\data\UROLOGY STUFFS\UROLOGY LECTURES\windows-1256__Urology Oncology.ppt
d:\data\UROLOGY STUFFS\urology presentation\10. Injuries.ppt
d:\data\UROLOGY STUFFS\urology presentation\11. Renal Angiograms.ppt
d:\data\UROLOGY STUFFS\urology presentation\2. Plain. Stones and Other Shadows.ppt
d:\data\UROLOGY STUFFS\urology presentation\3. Intravenous Urograms.ppt
d:\data\UROLOGY STUFFS\urology presentation\4. Nephrostomy_ Suprapubic Cystostomy.ppt
d:\data\UROLOGY STUFFS\urology presentation\5. Ascending Pyelograms.ppt
d:\data\UROLOGY STUFFS\urology presentation\6. Cystograms.ppt
d:\data\UROLOGY STUFFS\urology presentation\7. Cystograms. Obstructive Uropathy.ppt
d:\data\UROLOGY STUFFS\urology presentation\8. Urethrograms.ppt
d:\data\UROLOGY STUFFS\urology presentation\9. Anomalies.ppt
d:\data\UROLOGY STUFFS\urology presentation\Normal Urinary System.ppt
d:\data\UROLOGY STUFFS\urology presentation\Normal.ppt
d:\data\UROLOGY STUFFS\urology presentation\Obstructive Uropathy.ppt
d:\data\UROLOGY STUFFS\urology presentation\Thumbs.db
d:\data\UROLOGY STUFFS\urology presentation\Urology X-rays Captions.doc

.
((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
.

2009-05-18 23:45 . 2009-05-18 23:45 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-18 23:45 . 2008-11-12 09:44 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-18 23:45 . 2009-05-18 23:45 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-18 17:10 . 2009-05-18 17:10 -------- d-----w c:\documents and settings\HP\Local Settings\Application Data\Babylon
2009-05-18 17:05 . 2009-05-20 03:16 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-05-18 17:05 . 2009-05-19 00:41 -------- d-----w c:\documents and settings\HP\Application Data\Babylon
2009-05-18 10:56 . 2008-10-09 07:25 1221008 ----a-w c:\windows\system32\zpeng25.dll
2009-05-17 12:30 . 2009-05-20 03:10 -------- d-----w c:\windows\system32\ZoneLabs
2009-05-17 12:30 . 2009-05-17 12:30 -------- d-----w c:\program files\Zone Labs
2009-05-17 12:20 . 2009-05-19 15:48 -------- d-----w c:\program files\SpywareGuard
2009-05-14 02:14 . 2009-05-14 02:14 -------- d-----w c:\windows\Sun
2009-05-13 17:34 . 2009-05-13 17:34 -------- d-----w c:\documents and settings\HP\Application Data\Malwarebytes
2009-05-13 17:34 . 2009-04-06 08:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-13 17:33 . 2009-04-06 08:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-13 17:33 . 2009-05-13 17:33 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-13 17:33 . 2009-05-13 17:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-13 17:08 . 2009-05-13 17:08 -------- d-----w c:\program files\Trend Micro
2009-05-13 16:28 . 2009-05-19 14:55 -------- d-----w c:\windows\system32\NtmsData
2009-05-12 13:06 . 2009-05-18 14:12 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-05-12 13:03 . 2009-05-20 03:16 -------- d-----w c:\windows\Internet Logs
2009-05-12 12:57 . 2009-05-12 12:57 -------- d-----w c:\documents and settings\HP\Application Data\FastStone
2009-05-11 16:43 . 2009-05-11 16:43 -------- d--h--w c:\windows\PIF
2009-05-10 21:39 . 2009-05-10 21:39 -------- d-----w c:\documents and settings\HP\Local Settings\Application Data\Help
2009-05-10 08:42 . 2009-05-10 08:45 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-10 08:42 . 2009-05-10 08:45 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-10 08:09 . 2009-05-10 08:09 -------- d-----w c:\documents and settings\HP\Application Data\TuneUp Software
2009-05-10 08:08 . 2009-05-10 08:08 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-10 08:07 . 2009-05-10 08:07 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-10 07:18 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-05-10 07:18 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-05-10 07:18 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-05-10 07:18 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-05-10 07:18 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-05-10 07:18 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-10 07:18 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-10 07:18 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-05-10 07:18 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-05-10 07:17 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-05-10 07:17 . 2009-02-06 11:06 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-10 07:17 . 2009-02-06 11:08 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-10 07:17 . 2009-02-06 10:32 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-10 06:46 . 2009-05-10 06:46 0 ----a-w c:\windows\nsreg.dat
2009-05-10 06:45 . 2009-05-10 06:45 -------- d-----w c:\documents and settings\HP\Local Settings\Application Data\Mozilla
2009-04-24 05:14 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-24 05:14 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 02:18 . 2009-02-11 02:30 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-18 02:18 . 2009-02-11 02:30 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-18 02:18 . 2009-02-11 02:30 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-11 16:32 . 2008-11-13 10:07 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-11 14:36 . 2009-02-11 11:23 -------- d-----w c:\program files\Microsoft Money 2007
2009-03-06 14:22 . 2008-04-15 04:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2007-08-14 09:54 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-01 10:51 . 2009-03-01 10:51 92344 ----a-w c:\documents and settings\HP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-20 18:09 . 2008-04-15 04:00 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-19_14.50.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-18 10:57 . 2009-05-20 03:10 12231155 c:\windows\system32\ZoneLabs\spyware.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1343488]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-18 1947928]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-09 981904]
"Babylon Client"="d:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-02-14 3165920]

c:\i386\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-18 02:18 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"RocketDock"="d:\program files\RocketDock\RocketDock.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"IMEKRMIG6.1"=c:\windows\ime\imkr6_1\IMEKRMIG.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe"
"Persistence"=c:\windows\system32\igfxpers.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"HP Mobile Broadband"=c:\swsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode
"SysTrayApp"=%ProgramFiles%\IDT\WDM\sttray.exe
"IDTSysTrayApp"=sttray.exe
"hpWirelessAssistant"=c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"AESTFltr"=%SystemRoot%\system32\AESTFltr.exe /NoDlg
"WinampAgent"=c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/11/2009 9:30 AM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/11/2009 9:30 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/11/2009 9:30 AM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/11/2009 9:30 AM 298776]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/19/2009 6:45 AM 603904]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/13/2008 5:08 PM 112128]
S3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\drivers\cmusbser.sys [2/11/2009 6:50 PM 103552]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-05-20 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 09:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.Yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Translate with &Babylon - d:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
FF - ProfilePath - c:\documents and settings\HP\Application Data\Mozilla\Firefox\Profiles\v9kn91qa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 10:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-20 10:35
ComboFix-quarantined-files.txt 2009-05-20 03:35
ComboFix2.txt 2009-05-19 15:42
ComboFix3.txt 2009-05-19 14:52

Pre-Run: 19,647,983,616 bytes free
Post-Run: 15,661,043,712 bytes free

625 --- E O F --- 2009-05-10 10:15


and this i the new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:56 PM, on 5/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - c:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Babylon Client] d:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Translate with &Babylon - res://D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7170 bytes

thanks radov
nalduro
Active Member
 
Posts: 8
Joined: November 15th, 2008, 5:23 pm

Re: Please help.. some .doc files appear by themselves

Unread postby Rodav » May 20th, 2009, 2:47 pm

That's better looking there was some legitimate looking items from D:\data that were removed along with the malware in it, I can return the legit files from the quarantine if still need them, also let me know how your computer is running.

Step 1:
Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post along with a new HijackThis log and a description of how your computer is running.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Please help.. some .doc files appear by themselves

Unread postby Rodav » May 24th, 2009, 4:26 pm

Do you still need any help?
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Please help.. some .doc files appear by themselves

Unread postby Elrond » May 26th, 2009, 10:40 am

Due to inactivity this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 330 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware