Hi kindly help.. Virus help - Free Antivirus Forum

Hi kindly help.. Virus help

BullGuard Antivirus Forum > Virus Removal > Removal Tools > Hi kindly help.. Virus help

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Gokul
New Member

Date Joined Dec 2007
Total Posts : 14

Posted 12-12-2007 9:32 (GMT +1)

here is my log. kindly help
thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 10:42:28 AM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\eTSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\YPOPs\ypops.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Goks\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [DSLAGENTEXE] "dslagent.exe" USB
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: YPOPs.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~2\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~2\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~2\save.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.samsung.com/plugin/vmpinstaller/installer/components/MTSInstallers/MetaStream3.cab?url=http://www.samsungblackjack.com/3d/SGH-i607/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dotphoto.com/DPImageUploader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.dotphoto.com/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8833C096-AB6C-4ED6-B072-E8357DBBCBAE}: NameServer = 203.145.184.13 203.145.184.40
O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O18 - Protocol: ezstor - {8D32BA61-D15B-11D4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O18 - Protocol: x-zip - {8D32BA61-D15B-11D4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O18 - Protocol: zip - {8D32BA61-D15B-11D4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 12-12-2007 10:56 (GMT +1)

Hi Gokul

Click here - ->> Before posting a log

After You have run the scan tools -

Reboot normally

Post Hijackthis log along with AVG Anti-Spyware log, C: Rootlog TXT, C: combofix txt in this topic

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Gokul
New Member

Date Joined Dec 2007
Total Posts : 14

Posted 12-17-2007 6:01 (GMT +1)

All logs attached.. pls help.. thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:39 PM, on 12/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\eTSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\YPOPs\ypops.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Goks\Desktop\New Folder\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [DSLAGENTEXE] "dslagent.exe" USB
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: YPOPs.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~2\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~2\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~2\save.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.samsung.com/plugin/vmpinstaller/installer/components/MTSInstallers/MetaStream3.cab?url=http://www.samsungblackjack.com/3d/SGH-i607/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dotphoto.com/DPImageUploader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.dotphoto.com/XUpload.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Goks/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

--
End of file - 10069 bytes
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 07-12-12.3 - Goks 2007-12-13 18:01:20.1 - NTFSx86
Running from: C:\Documents and Settings\Goks\Desktop\New Folder\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip

.
((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.

2007-12-13 18:09 . 2007-12-13 18:09 31,534 --a------ C:\WINDOWS\system32\avpo0.dll.vir
2007-12-13 18:08 . 2007-12-13 18:08 44,083 --a------ C:\WINDOWS\system32\amvo1.dll.vir
2007-12-13 18:08 . 2007-12-13 18:08 44,083 --a------ C:\WINDOWS\system32\amvo0.dll.vir
2007-12-13 14:12 . 2007-12-13 14:12 <DIR> d-------- C:\Documents and Settings\Goks\Application Data\Grisoft
2007-12-13 14:11 . 2007-12-13 14:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-12-13 14:11 . 2007-05-30 17:40 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-11 15:00 . 2007-12-11 15:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-12-11 14:59 . 2007-12-13 15:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-11 14:59 . 2007-12-11 14:59 <DIR> d-------- C:\Program Files\CCleaner
2007-12-11 14:59 . 2007-12-13 15:11 <DIR> d-------- C:\Documents and Settings\Goks\Application Data\SUPERAntiSpyware.com
2007-12-10 11:22 . 2007-12-10 11:22 121,429 ---hs---- C:\nideiect.com
2007-12-10 11:22 . 2007-12-10 11:22 44,083 ---hs---- C:\WINDOWS\system32\amvo1.dll
2007-12-10 11:22 . 2007-12-13 18:09 260 -r-hs---- C:\autorun.inf
2007-12-10 11:21 . 2007-12-10 11:22 121,429 ---hs---- C:\WINDOWS\system32\amvo.exe
2007-12-10 11:21 . 2007-12-13 09:40 44,083 ---hs---- C:\WINDOWS\system32\amvo0.dll
2007-12-10 11:21 . 2007-12-10 11:21 31,534 --a------ C:\WINDOWS\system32\avpo0.dll
2007-12-03 20:37 . 2007-12-12 18:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-03 20:37 . 2007-12-03 20:37 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-03 20:16 . 2007-12-03 20:35 <DIR> d-------- C:\Program Files\QuickTime
2007-12-03 19:52 . 2007-12-04 02:03 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-03 19:52 . 2007-12-03 19:52 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-27 13:23 . 2007-11-27 13:23 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2007-11-27 13:23 . 2007-11-27 13:23 3,625 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2007-11-27 13:17 . 2007-11-27 13:17 <DIR> d-------- C:\Program Files\Illustrate
2007-11-27 13:17 . 2007-11-27 13:17 <DIR> d-------- C:\Documents and Settings\Goks\Application Data\AccurateRip
2007-11-27 13:17 . 2007-11-27 13:16 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2007-11-27 13:17 . 2007-11-27 13:17 13,015 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-11-17 11:47 . 2007-11-17 11:47 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-17 11:41 . 2006-08-21 14:44 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-11-17 11:41 . 2006-08-21 14:44 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-11-17 11:41 . 2006-08-21 17:51 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-11-17 11:37 . 2007-11-17 11:37 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-17 08:02 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-17 08:02 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-17 08:02 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-16 12:42 . 2007-11-16 12:42 <DIR> d-------- C:\Program Files\Windows Live
2007-11-16 12:42 . 2007-11-17 12:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2007-11-16 12:11 . 2007-08-20 15:34 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-16 12:11 . 2007-04-17 15:02 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-16 12:11 . 2007-03-08 10:40 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-16 12:11 . 2007-08-20 15:34 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-16 12:11 . 2007-08-20 15:34 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-16 12:11 . 2007-08-20 15:34 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-16 12:11 . 2007-08-20 15:34 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-16 12:11 . 2007-08-20 15:34 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-16 12:11 . 2007-08-17 15:50 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-16 11:59 . 2007-11-16 11:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2007-11-16 11:00 . 2007-07-09 18:46 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-16 10:18 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-11-16 10:18 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-11-16 10:18 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-11-16 10:18 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 12:39 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-12-13 09:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-13 04:10 --------- d-----w C:\Program Files\YPOPs
2007-12-13 04:08 --------- d-----w C:\Program Files\FlashGet
2007-12-12 10:02 3,982 ---ha-w C:\WINDOWSkj01d.sys
2007-12-11 09:37 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-12-11 07:06 --------- d-----w C:\Documents and Settings\Goks\Application Data\U3
2007-12-03 15:06 --------- d-----w C:\Program Files\iPod
2007-12-03 14:46 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-12-02 08:27 --------- d-----w C:\Documents and Settings\Goks\Application Data\MegauploadToolbar
2007-12-01 08:17 --------- d-----w C:\Program Files\Yahoo!
2007-12-01 08:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2007-11-27 07:52 1,071,480 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-11-27 04:11 --------- d-----w C:\Program Files\MegauploadToolbar
2007-11-25 06:32 --------- d-----w C:\Program Files\Picasa2
2007-11-21 08:38 --------- d-----w C:\Documents and Settings\Goks\Application Data\dvdcss
2007-11-19 07:19 159 ----a-w C:\Program Files\INSTALL.LOG
2007-11-17 06:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2007-11-16 06:29 --------- d-----w C:\Documents and Settings\Goks\Application Data\Yahoo!
2007-11-15 13:29 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-30 18:39 --------- d-----w C:\Program Files\Anton Tomov
2007-10-29 05:21 --------- d-----w C:\Program Files\ThemeMakerMcDeb
2007-10-29 04:41 --------- d-----w C:\Program Files\Google
2006-04-08 05:43 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLec.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-02 15:19 C:\WINDOWS\system32\nview.dll]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39]
"amva"="C:\WINDOWS\system32\amvo.exe" [2007-12-10 11:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLAGENTEXE"="dslagent.exe" [2002-05-02 11:15 C:\WINDOWS\system32\dslagent.exe]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-17 17:07]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-04-10 18:10]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINDOWS\system32\bthprops.cpl]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-29 10:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 14:55]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-24 02:48]

C:\Documents and Settings\Goks\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]
YPOPs.lnk - C:\Program Files\YPOPs\ypops.exe [2007-12-10 10:29:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"= 00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^BTTray.lnk]
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Q-type2.2.lnk]
backup=C:\WINDOWS\pss\Q-type2.2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Goks^Start Menu^Programs^Startup^1-Calc.lnk]
backup=C:\WINDOWS\pss\1-Calc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Goks^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Goks^Start Menu^Programs^Startup^YPOPs.lnk]
backup=C:\WINDOWS\pss\YPOPs.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobemgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
2006-03-22 14:01 851968 --a------ C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTCertManger]
2006-01-25 15:03 98304 --a------ C:\WINDOWS\system32\eTCrtMng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GSICONEXE]
GSICON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 13:39 1289000 --a------ C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 11:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoonR]
C:\Program Files\SoonR\SoonR Desktop Client\SoonrClient.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-08-19 17:23 32873 --a------ C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Super Audio Grabber 3.0]
C:\Program Files\Ailansoft\Super Audio Grabber 3.0\SAGrab.exe/a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a22c906-a54a-11dc-af0d-000779300101}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c2d47b4-7512-11da-a28b-000779300101}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
\Shell\é_†™\command - J:\NETSVCS.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7caf5076-9f76-11dc-aefd-000779300101}]
\Shell\AutoRun\command - J:\nideiect.com
\Shell\explore\Command - J:\nideiect.com
\Shell\open\Command - J:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a26f693-83dd-11d8-82f1-806d6172696f}]
\Shell\AutoRun\command - C:\nideiect.com
\Shell\explore\Command - C:\nideiect.com
\Shell\open\Command - C:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a26f694-83dd-11d8-82f1-806d6172696f}]
\Shell\AutoRun\command - G:\nideiect.com
\Shell\explore\Command - G:\nideiect.com
\Shell\open\Command - G:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a26f695-83dd-11d8-82f1-806d6172696f}]
\Shell\AutoRun\command - nideiect.com
\Shell\explore\Command - nideiect.com
\Shell\open\Command - nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a26f696-83dd-11d8-82f1-806d6172696f}]
\Shell\AutoRun\command - nideiect.com
\Shell\explore\Command - nideiect.com
\Shell\open\Command - nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a26f697-83dd-11d8-82f1-806d6172696f}]
\Shell\AutoRun\command - nideiect.com
\Shell\explore\Command - nideiect.com
\Shell\open\Command - nideiect.com

*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 18:10:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-13 18:13:19
.
2007-11-17 06:24:12 --- E O F ---
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

********************************* ROOTCHK-(5-12-07)-LOG, by ejvindh
Thu 12/13/2007 17:54:31.71

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 17:54:35
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d18011687]
"0017e3b52706"=hex:bb,dc,31,67,31,7f,b8,bf,a1,bb,1f,3a,c9,62,fc,be
"00194f42a6fa"=hex:ae,2d,2b,fc,5b,a8,ba,99,09,0c,ba,e9,54,aa,1c,b6
"001c624fcfbe"=hex:cb,e6,de,6f,ee,10,e2,74,65,8a,2e,28,07,ed,9a,e9
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000d18011687]
"0017e3b52706"=hex:bb,dc,31,67,31,7f,b8,bf,a1,bb,1f,3a,c9,62,fc,be
"00194f42a6fa"=hex:ae,2d,2b,fc,5b,a8,ba,99,09,0c,ba,e9,54,aa,1c,b6
"001c624fcfbe"=hex:cb,e6,de,6f,ee,10,e2,74,65,8a,2e,28,07,ed,9a,e9

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
----------------------------------------------------------------------------------------------------------------------------------------------------------

Gokul
New Member

Date Joined Dec 2007
Total Posts : 14

Posted 12-17-2007 6:02 (GMT +1)

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 12-17-2007 7:13 (GMT +1)

Open notepad and copy/paste the text in the quote box below into it:

Quote:

-----------------------------------------------------

KILLALL::

File::

C:\WINDOWS\system32\avpo0.dll.vir

C:\WINDOWS\system32\amvo1.dll.vir

C:\WINDOWS\system32\amvo0.dll.vir

C:\nideiect.com

C:\WINDOWS\system32\amvo1.dll

C:\WINDOWS\system32\amvo.exe

C:\WINDOWS\system32\amvo0.dll

C:\WINDOWS\system32\avpo0.dll

C:\WINDOWSkj01d.sys

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"amva"=-

----------------------------------------------

Save this as CFScript.txt

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Referring to the picture above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system.

It may reboot your system when it finishes. This is normal.

Post new hijackthis log along with fresh combofix log and tell how things are running now ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Gokul
New Member

Date Joined Dec 2007
Total Posts : 14

Posted 12-17-2007 1:01 (GMT +1)

hi,
thanks a million for helping me out..

this the latest log created by COMBOFIX

and my BItdefender alerts me that i have this virus in my comp.

File c:\docume~1\goks\locals~1\temp\ixp000.tmp\msupdate
infected with Packer.Expressor.B

ComboFix 07-12-12.3 - Goks 2007-12-17 15:26:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1050 [GMT 5.5:30]
Running from: C:\Documents and Settings\Goks\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Goks\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\nideiect.com
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo0.dll.vir
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\amvo1.dll.vir
C:\WINDOWS\system32\avpo0.dll
C:\WINDOWS\system32\avpo0.dll.vir
C:\WINDOWSkj01d.sys
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\amvo0.dll.vir
C:\WINDOWS\system32\amvo1.dll.vir
C:\WINDOWS\system32\avpo0.dll.vir
C:\WINDOWS\system32\service.exe
C:\WINDOWSkj01d.sys
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-11-17 to 2007-12-17 )))))))))))))))))))))))))))))))
.

2007-12-17 06:03 . 2007-12-17 06:03 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-12-15 18:19 . 2007-12-15 18:19 <DIR> d-------- C:\Program Files\YzShadow
2007-12-15 18:19 . 2007-12-15 18:19 <DIR> d-------- C:\Program Files\WinRoll
2007-12-15 18:19 . 2007-12-15 18:19 <DIR> d-------- C:\Program Files\UberIcon
2007-12-15 18:19 . 2007-12-15 18:19 <DIR> d-------- C:\Program Files\Tiger System Preferences v2
2007-12-15 18:06 . 2007-12-15 18:06 <DIR> d-------- C:\Program Files\iColorFolder
2007-12-15 18:05 . 2007-12-15 18:05 <DIR> d-------- C:\Program Files\RK Launcher
2007-12-15 17:53 . 2007-12-17 15:37 <DIR> d--h----- C:\WINDOWS\FlyakiteOSX
2007-12-15 17:23 . 2007-12-15 17:23 <DIR> d-------- C:\Program Files\Stardock
2007-12-13 14:12 . 2007-12-13 14:12 <DIR> d-------- C:\Documents and Settings\Goks\Application Data\Grisoft
2007-12-13 14:11 . 2007-12-13 14:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-12-13 14:11 . 2007-05-30 17:40 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-11 15:00 . 2007-12-11 15:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-12-11 14:59 . 2007-12-13 15:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-11 14:59 . 2007-12-11 14:59 <DIR> d-------- C:\Program Files\CCleaner
2007-12-11 14:59 . 2007-12-13 15:11 <DIR> d-------- C:\Documents and Settings\Goks\Application Data\SUPERAntiSpyware.com
2007-12-03 20:37 . 2007-12-16 01:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-03 20:37 . 2007-12-03 20:37 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-03 20:16 . 2007-12-03 20:35 <DIR> d-------- C:\Program Files\QuickTime
2007-12-03 19:52 . 2007-12-04 02:03 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-03 19:52 . 2007-12-03 19:52 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-27 13:23 . 2007-11-27 13:23 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2007-11-27 13:23 . 2007-11-27 13:23 3,625 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2007-11-27 13:17 . 2007-11-27 13:17 <DIR> d-------- C:\Program Files\Illustrate
2007-11-27 13:17 . 2007-11-27 13:17 <DIR> d-------- C:\Documents and Settings\Goks\Application Data\AccurateRip
2007-11-27 13:17 . 2007-11-27 13:16 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2007-11-27 13:17 . 2007-11-27 13:17 13,015 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-11-17 11:47 . 2007-11-17 11:47 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-17 11:41 . 2006-08-21 14:44 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-11-17 11:41 . 2006-08-21 14:44 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-11-17 11:41 . 2006-08-21 17:51 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-11-17 11:37 . 2007-11-17 11:37 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-17 08:02 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-17 08:02 . 2007-07-30 19:19 199,544 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-17 08:02 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 10:04 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-12-17 05:22 --------- d-----w C:\Program Files\YPOPs
2007-12-17 02:23 --------- d-----w C:\Program Files\FlashGet
2007-12-15 12:35 2,137,728 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2007-12-15 12:35 2,014,976 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2007-12-15 12:24 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-12-15 11:53 --------- d-----w C:\Program Files\Common Files\stardock
2007-12-13 09:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-11 09:37 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-12-11 07:06 --------- d-----w C:\Documents and Settings\Goks\Application Data\U3
2007-12-03 15:06 --------- d-----w C:\Program Files\iPod
2007-12-03 14:46 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-12-02 08:27 --------- d-----w C:\Documents and Settings\Goks\Application Data\MegauploadToolbar
2007-12-01 08:17 --------- d-----w C:\Program Files\Yahoo!
2007-12-01 08:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2007-11-27 07:52 1,071,480 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-11-27 04:11 --------- d-----w C:\Program Files\MegauploadToolbar
2007-11-25 06:32 --------- d-----w C:\Program Files\Picasa2
2007-11-21 08:38 --------- d-----w C:\Documents and Settings\Goks\Application Data\dvdcss
2007-11-19 07:19 159 ----a-w C:\Program Files\INSTALL.LOG
2007-11-17 07:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2007-11-17 06:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2007-11-16 07:12 --------- d-----w C:\Program Files\Windows Live
2007-11-16 06:29 --------- d-----w C:\Documents and Settings\Goks\Application Data\Yahoo!
2007-11-16 06:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2007-11-15 13:29 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-30 18:39 --------- d-----w C:\Program Files\Anton Tomov
2007-10-29 05:21 --------- d-----w C:\Program Files\ThemeMakerMcDeb
2007-10-29 04:41 --------- d-----w C:\Program Files\Google
2006-04-08 05:43 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLec.DAT
2007-06-13 10:23 1,426,944 --sh--r C:\WINDOWS\system32\mssetupconf.exe
.

((((((((((((((((((((((((((((( snapshot@2007-12-13_18.11.31.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-12-18 19:14:24 27,648 ----a-w C:\WINDOWS\Alt+Q Hotkey.exe
- 2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 10:23:07 1,365,504 ----a-w C:\WINDOWS\explorer.exe
+ 2001-08-23 15:00:00 64,512 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\acctres.dll
+ 2004-08-03 19:26:48 183,808 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\accwiz.exe
+ 2004-08-03 19:26:48 98,304 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\ahui.exe
+ 2006-10-18 16:17:08 276,992 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\audiodev.dll
+ 2004-08-03 19:26:42 28,672 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\batmeter.dll
+ 2004-08-03 19:26:42 8,704 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\batt.dll
+ 2006-09-23 07:42:50 1,022,976 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\browseui.dll
+ 2003-07-29 10:07:42 2,818,048 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\btrez.dll
+ 2007-11-17 06:21:54 20,240 ----a-r C:\WINDOWS\FlyakiteOSX\Backup\cagicon.exe
+ 2001-08-23 15:00:00 114,688 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\calc.exe
+ 2001-08-23 15:00:00 359,936 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\cards.dll
+ 2004-08-03 19:26:42 457,728 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\certmgr.dll
+ 2001-08-23 15:00:00 80,384 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\charmap.exe
+ 2001-08-23 15:00:00 163,328 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\ciadmin.dll
+ 2004-08-03 19:26:48 64,000 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\cleanmgr.exe
+ 2004-08-03 19:26:50 388,608 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\cmd.exe
+ 2004-08-03 19:26:42 343,040 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\cmdial32.dll
+ 2004-08-03 19:26:50 39,936 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\cmmon32.exe
+ 2006-08-25 15:45:58 617,472 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\comctl32.dll
+ 2004-08-03 19:26:42 792,064 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\comres.dll
+ 2001-08-23 15:00:00 66,560 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\console.dll
+ 2004-08-03 19:26:42 163,840 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\credui.dll
+ 2004-08-03 19:26:42 326,656 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\cscui.dll
+ 2001-08-23 15:00:00 16,384 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\deskadp.dll
+ 2001-08-23 15:00:00 16,896 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\deskmon.dll
+ 2004-08-03 19:26:44 282,624 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\devmgr.dll
+ 2001-08-23 15:00:00 51,200 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\dfrgres.dll
+ 2001-08-23 15:00:00 273,920 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\dmdlgs.dll
+ 2004-08-03 19:26:44 212,480 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\dpvoice.dll
+ 2004-08-03 19:26:50 83,456 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\dpvsetup.exe
+ 2001-08-23 15:00:00 45,568 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\drwtsn32.exe
+ 2004-08-03 19:26:44 239,104 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\dsquery.dll
+ 2001-08-23 15:00:00 55,296 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\dvdplay.exe
+ 2004-08-03 19:26:50 1,298,432 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\dxdiag.exe
+ 2004-08-03 19:26:44 183,296 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\els.dll
+ 2001-08-23 15:00:00 8,704 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\eventvwr.exe
+ 2006-10-27 09:37:36 17,891,112 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\EXCEL.EXE
+ 2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\explorer.exe
+ 2004-08-03 19:26:44 337,920 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\filemgmt.dll
+ 2004-08-03 19:26:44 87,552 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\fldrclnr.dll
+ 2004-08-03 19:26:44 382,976 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\fontext.dll
+ 2001-08-23 15:00:00 76,800 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\gcdef.dll
+ 2007-10-29 04:41:54 564,224 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\GoogleDesktopResources_en.dll
+ 2004-08-03 19:26:08 566,784 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\gpedit.dll
+ 2004-08-03 19:26:50 768,512 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\helpctr.exe
+ 2004-08-03 19:26:44 330,752 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\hnetwiz.dll
+ 2004-08-03 19:26:44 144,896 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\hotplug.dll
+ 2001-08-23 15:00:00 44,544 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\hticons.dll
+ 2001-11-19 00:48:00 28,160 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\hypertrm.exe
+ 2001-08-23 15:00:00 54,784 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\icmui.dll
+ 2004-08-03 19:26:44 73,728 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\icwdial.dll
+ 2007-08-20 10:04:35 230,400 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\ieaksie.dll
+ 2007-08-17 10:21:21 625,152 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\iexplore.exe
+ 2001-08-23 15:00:00 110,592 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\inetcplc.dll
+ 2006-10-27 09:40:08 1,439,032 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\INFOPATH.EXE
+ 2007-11-17 06:21:53 184,080 ----a-r C:\WINDOWS\FlyakiteOSX\Backup\joticon.exe
+ 2004-08-03 19:26:44 150,528 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\keymgr.dll
+ 2004-08-03 19:26:58 220,672 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\logon.scr
+ 2004-08-03 19:26:52 514,560 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\logonui.exe
+ 2004-08-03 19:26:52 72,704 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\magnify.exe
+ 2004-08-03 19:26:44 118,272 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\mdminst.dll
+ 2001-08-23 15:00:00 51,712 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\migpwd.exe
+ 2004-08-03 19:26:52 240,128 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\migwiz.exe
+ 2007-11-17 06:21:53 217,864 ----a-r C:\WINDOWS\FlyakiteOSX\Backup\misc.exe
+ 2004-08-03 19:26:52 815,104 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\mmc.exe
+ 2004-08-03 19:26:44 207,360 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\mobsync.dll
+ 2004-08-03 19:26:52 143,360 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\mobsync.exe
+ 2004-08-03 19:26:44 153,600 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\modemui.dll
+ 2004-08-03 19:26:12 216,064 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\moricons.dll
+ 2004-08-03 19:26:54 3,555,328 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\moviemk.exe
+ 2004-08-03 19:26:44 471,552 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\mqutil.dll
+ 2006-10-27 09:31:34 10,371,880 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\MSACCESS.EXE
+ 2004-08-03 19:26:54 158,208 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\msconfig.exe
+ 2004-08-03 19:26:44 994,304 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\msgina.dll
+ 2001-08-23 15:00:00 126,976 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\mshearts.exe
+ 2007-08-20 10:04:42 3,584,512 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\mshtml.dll
+ 2004-08-03 19:26:44 51,712 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\msident.dll
+ 2004-08-03 19:26:44 248,832 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\msieftp.dll
+ 2005-05-03 07:28:36 78,848 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\msiexec.exe
+ 2004-08-03 19:26:54 60,416 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\msimn.exe
+ 2001-11-19 00:48:58 39,936 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\msinfo32.exe
+ 2004-10-13 16:24:38 1,694,208 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\msmsgs.exe
+ 2004-08-03 19:26:20 2,479,616 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\msoeres.dll
+ 2004-08-03 19:26:54 343,040 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\mspaint.exe
+ 2007-11-17 06:21:54 18,704 ----a-r C:\WINDOWS\FlyakiteOSX\Backup\mspicons.exe
+ 2007-05-25 14:34:00 9,585,024 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\MSPUB.EXE
+ 2004-08-03 19:26:44 274,944 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\mstask.dll
+ 2004-08-03 17:29:42 407,552 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\mstsc.exe
+ 2004-08-03 17:29:44 655,360 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\mstscax.dll
+ 2007-07-30 13:49:04 207,736 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\muweb.dll
+ 2001-08-23 15:00:00 90,112 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\mycomput.dll
+ 2004-08-03 19:26:46 90,624 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\mydocs.dll
+ 2004-08-03 19:26:56 53,760 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\narrator.exe
+ 2004-08-03 19:26:46 139,264 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\netid.dll
+ 2004-08-03 19:26:46 875,008 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\netplwiz.dll
+ 2004-08-03 19:32:46 329,728 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\netsetup.exe
+ 2004-08-03 19:26:46 1,708,032 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\netshell.dll
+ 2004-08-03 19:26:46 248,832 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\newdev.dll
+ 2004-08-03 19:26:56 69,120 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\notepad.exe
+ 2004-08-03 19:26:56 1,200,128 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\ntbackup.exe
+ 2007-02-28 08:38:55 2,057,600 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\ntkrnlpa.exe
+ 2004-08-03 19:26:46 488,448 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\ntmsmgr.dll
+ 2007-02-28 09:10:57 2,180,352 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\ntoskrnl.exe
+ 2004-08-03 19:26:46 143,872 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\ntshrui.dll
+ 2003-05-02 09:49:00 49,152 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\nvmctray.dll
+ 2007-08-20 10:04:42 102,400 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\occache.dll
+ 2004-08-03 19:26:56 32,768 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\odbcad32.exe
+ 2004-08-03 19:26:24 94,208 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\odbcint.dll
+ 2006-10-26 14:30:08 274,744 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\OIS.EXE
+ 2007-11-17 06:21:54 35,088 ----a-r C:\WINDOWS\FlyakiteOSX\Backup\oisicon.exe
+ 2005-07-26 04:39:48 1,285,120 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\ole32.dll
+ 2006-10-27 09:33:04 1,018,664 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\ONENOTE.EXE
+ 2006-10-26 14:54:54 98,632 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\ONENOTEM.EXE
+ 2004-08-03 19:26:56 215,552 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\osk.exe
+ 2001-08-23 15:00:00 40,448 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\osuninst.exe
+ 2007-11-17 06:21:53 845,584 ----a-r C:\WINDOWS\FlyakiteOSX\Backup\outicon.exe
+ 2006-10-27 09:46:48 12,813,096 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\OUTLOOK.EXE
+ 2004-08-03 19:26:56 58,368 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\packager.exe
+ 2004-08-03 19:26:56 15,872 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\perfmon.exe
+ 2004-08-03 19:26:46 176,128 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\photowiz.dll
+ 2006-10-27 09:34:06 465,200 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\POWERPNT.EXE
+ 2007-11-17 06:21:53 922,384 ----a-r C:\WINDOWS\FlyakiteOSX\Backup\pptico.exe
+ 2004-08-03 19:26:46 560,640 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\printui.dll
+ 2005-08-03 17:02:08 125,440 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\RarExt.dll
+ 2004-08-03 19:26:46 657,920 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\rasdlg.dll
+ 2004-08-03 19:26:56 35,840 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\rcimlby.exe
+ 2004-08-03 19:26:56 146,432 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\regedit.exe
+ 2004-08-03 19:26:46 397,824 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\regwizc.dll
+ 2004-08-03 19:26:46 60,416 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\remotepg.dll
+ 2004-08-03 19:26:56 380,416 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\rstrui.exe
+ 2004-08-03 19:26:56 77,312 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\rtcshare.exe
+ 2004-08-03 19:26:46 29,184 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\sdhcinst.dll
+ 2004-08-03 19:26:46 55,296 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\sendmail.dll
+ 2004-08-03 19:26:46 983,552 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\setupapi.dll
+ 2004-08-03 19:26:28 549,376 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\shdoclc.dll
+ 2006-09-23 07:42:50 1,497,088 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\shdocvw.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\shell32.dll
+ 2004-08-03 19:26:46 438,272 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\shimgvw.dll
+ 2004-08-03 19:26:58 77,824 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\shrpubw.exe
+ 2004-08-03 19:26:58 70,144 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\sigverif.exe
+ 2004-08-03 19:26:58 131,584 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\sndrec32.exe
+ 2001-08-23 15:00:00 138,752 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\sndvol32.exe
+ 2001-08-23 15:00:00 56,832 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\sol.exe
+ 2004-08-03 19:26:58 538,624 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\spider.exe
+ 2004-08-03 19:26:46 725,566 ----a-w C:\WINDOWS\FlyakiteOSX\Backup\srchui.dll
+ 2004-08-03 19:26:46