Karl`s PC Help Forums Last active: Never
Not logged in [Login ]
Go To Bottom

In memory of Karl Davis, founder of this board, who made his final journey 12th June 2007

Post Reply
Who Can Post? All users can post new topics and all users can reply.
Username   Need to register?
Password:   Forgot password?
Subject: (optional)
Icon: [*]
Formatting Mode:
Normal
Advanced
Help

Insert Bold text Insert Italicised text Insert Underlined text Insert Centered text Insert a Hyperlink Insert E-mail Hyperlink Insert an Image Insert Code Formatted text Insert Quoted text Insert List
Message:
HTML is Off
Smilies are On
BB Code is On
[img] Code is On
:) :( :D ;)
:cool: :o shocked_yellow :P
confused2 smokin: waveysmiley waggyfinger
brshteeth nananana lips_sealed kewl_glasses
Show All Smilies

Disable Smilies?
Use signature?
Turn BBCode off?
Receive email on reply?
The file size of the attachment must be under 200K.
Do not preview if you have attached an image.
Attachment:
    

Topic Review
Pancake

[*] posted on 7-2-2008 at 21:49
Ok kkamshi


Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote:


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"onmuzfirstupdate"=-
"Systweak Wallpaper Changer"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{D4-4D-DA-AD-ZN}"=-



Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


[bad img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/bad img]

Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
Pancake

[*] posted on 7-2-2008 at 21:47
Quote:
Originally posted by LSemmens
Sorry, PK, the scrolling text is as a result of the board interpreting some of the text as BB code for scrolling, In future, when you ask people to post, it may be prudent to include in your instructions to check the "Turn BBCode off?" checkbox on the right of the "Quick Reply Box" or at the bottom of the normal reply box.



Yes I will have to remember that.
LSemmens

[*] posted on 7-2-2008 at 12:53
Sorry, PK, the scrolling text is as a result of the board interpreting some of the text as BB code for scrolling, In future, when you ask people to post, it may be prudent to include in your instructions to check the "Turn BBCode off?" checkbox on the right of the "Quick Reply Box" or at the bottom of the normal reply box.
Pancake

[*] posted on 7-2-2008 at 05:32
Strange....anyway how is your system now.Are you still getting the problem.Can you run your Trend Micro and do a scan.?
kkamshi

[*] posted on 7-2-2008 at 05:03
"Update process failed. No further Anti-virus actions can be performed
Attention You must be online toactivate Kaspersky online scanner, since the latest anti-virus bases version must be downloaded prior to scan, Otherwise we cannot gurantee detection of latest viruses (21)"
That's what it says when i try to run the webscan even after i turned off the anti-virus program and I am also online
Wat u think is goin on??
Pancake

[*] posted on 7-2-2008 at 05:02
Ok.It looks as if the infection has gone so now lets go with the Kaspersky scan and see what we have.
kkamshi

[*] posted on 7-2-2008 at 04:51
sorru wrong log this is the correct one
ComboFix 08-02.05.3 - Compaq_Administrator 2008-02-05 16:55:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.560 [GMT -8:00]
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\winpfz32.sys
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-05 16:30 . 2008-02-05 16:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-05 16:05 . 2008-02-05 16:48 <DIR> d-------- C:\SDFix
2008-02-05 15:03 . 2008-02-05 15:03 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-05 14:58 . 2008-02-05 15:05 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\SecurityScans
2008-02-05 14:57 . 2008-02-05 14:57 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-02-04 22:47 . 2008-02-04 22:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-04 21:57 . 2008-02-04 22:33 <DIR> d-------- C:\Program Files\Madz Software
2008-02-04 21:57 . 2008-02-05 16:49 0 --a------ C:\FL.ini
2008-02-04 00:21 . 2008-02-05 15:15 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\FrostWire
2008-02-04 00:20 . 2008-02-04 11:52 <DIR> d-------- C:\Program Files\FrostWire
2008-02-04 00:20 . 2008-02-04 00:20 <DIR> d-------- C:\Program Files\AskSBar
2008-02-04 00:01 . 2008-02-04 00:01 <DIR> d-------- C:\Program Files\NotsoSoftware
2008-02-02 20:47 . 2008-02-05 16:49 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\OpenOffice.org2
2008-02-02 20:43 . 2008-02-04 12:01 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-02 20:43 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-02 20:11 . 2008-02-02 20:11 1,666,048 --a------ C:\WINDOWS\c01.ppt
2008-01-29 13:37 . 2008-01-29 13:37 3,877 --a------ C:\WINDOWS\assignement1.rtf
2008-01-15 22:44 . 2008-02-04 07:44 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Winamp
2008-01-15 22:01 . 2008-02-04 07:27 <DIR> d-------- C:\divx
2008-01-15 20:48 . 2008-01-15 20:48 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Yahoo!
2008-01-15 20:48 . 2008-01-15 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-07 17:16 . 2008-01-07 17:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 00:56 30,111,008 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-06 00:56 1,386,528 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-06 00:22 407,096 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-06 00:22 130,772 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-04 20:10 --------- d-----w C:\Program Files\WinQual
2008-02-04 20:10 --------- d-----w C:\Program Files\Winamp Toolbar
2008-02-04 20:10 --------- d-----w C:\Program Files\Winamp
2008-02-04 20:10 --------- d-----w C:\Program Files\_ffdshow
2008-02-04 20:08 --------- d-----w C:\Program Files\Warcraft III
2008-02-04 20:04 --------- d-----w C:\Program Files\Steam
2008-02-04 20:03 --------- d-----w C:\Program Files\SeaStorm 3D Screensaver
2008-02-04 20:03 --------- d-----w C:\Program Files\QuickTime
2008-02-04 20:02 --------- d-----w C:\Program Files\Quicken
2008-02-04 20:02 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
2008-02-04 19:58 --------- d-----w C:\Program Files\myLinker
2008-02-04 19:58 --------- d-----w C:\Program Files\MSN Encarta Standard
2008-02-04 19:58 --------- d-----w C:\Program Files\mIRC
2008-02-04 19:57 --------- d-----w C:\Program Files\Microsoft Works
2008-02-04 19:56 --------- d-----w C:\Program Files\Microsoft Plus! Dancer LE
2008-02-04 19:56 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-02-04 19:55 --------- d-----w C:\Program Files\MegauploadToolbar
2008-02-04 19:54 --------- d-----w C:\Program Files\iTunes
2008-02-04 19:54 --------- d-----w C:\Program Files\iPod
2008-02-04 19:52 --------- d-----w C:\Program Files\GemMaster
2008-02-04 19:52 --------- d-----w C:\Program Files\EnglishOtto
2008-02-04 19:51 --------- d-----w C:\Program Files\Easy Internet signup
2008-02-04 19:51 --------- d-----w C:\Program Files\DivX
2008-02-04 19:51 --------- d-----w C:\Program Files\Common Files\Palo Alto Software
2008-02-04 19:50 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-02-04 19:49 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-04 19:48 --------- d-----w C:\Program Files\AOD
2008-02-04 19:48 --------- d-----w C:\Program Files\AIM6
2008-02-04 19:47 --------- d-----w C:\Program Files\Advanced System Optimizer
2008-02-04 15:44 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent
2008-02-04 15:39 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\MSNInstaller
2008-02-04 15:39 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\MegauploadToolbar
2008-02-04 15:39 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Media Player Classic
2008-02-04 15:38 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Image Zone Express
2008-02-04 15:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-04 15:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-03 04:43 --------- d-----w C:\Program Files\Java
2008-01-29 21:38 10,066 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2008-01-16 04:47 --------- d-----w C:\Program Files\Yahoo!
2008-01-06 21:31 --------- d-----w C:\Program Files\Kaspersky Lab
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-06 08:10 24 ----a-w C:\Documents and Settings\Compaq_Administrator\mylist.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-02-04 00:20 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 12:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-04 00:20 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2A14C48F-9C74-4E60-A6A1-A5E134D5B436}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOT\clsid\{2a14c48f-9c74-4e60-a6a1-a5e134d5b436}]
[HKEY_CLASSES_ROOT\IP Tool.IP ToolObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{0D27D4BF-4799-48e3-986B-BDF5C4051F1A}]
[HKEY_CLASSES_ROOT\IP Tool.IP ToolObj]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 12:06 1135968]
"{2A14C48F-9C74-4E60-A6A1-A5E134D5B436}"= C:\WINDOWS\iptool.dll [2007-03-27 23:59 233472]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-02-04 00:20 267592]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOT\clsid\{2a14c48f-9c74-4e60-a6a1-a5e134d5b436}]
[HKEY_CLASSES_ROOT\IP Tool.IP ToolObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{0D27D4BF-4799-48e3-986B-BDF5C4051F1A}]
[HKEY_CLASSES_ROOT\IP Tool.IP ToolObj]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 11:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 15:24 1694208]
"Startup Manager"="C:\Documents and Settings\Compaq_Administrator\Application Data\Systweak\ASO 2\smstartUp manager.exe" [ ]
"Systweak Wallpaper Changer"="wallpaper.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-10 17:43 68856]
"Aim6"="" []
"onmuzfirstupdate"="C:\Program Files\onmuzplus\onmuzup.exe" [ ]
"RegistryCleanFixMFC"="C:\Program Files\RegistryCleaner\registrycleaner.exe" [ ]
"DriveDiscoveryMemoryResident"="C:\Program Files\NotsoSoftware\DriveDiscovery\NSSMR.exe" [2007-01-30 12:30 462848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 18:04 59392]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 21:34 245760]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 01:56 544768 C:\WINDOWS\sm56hlpr.exe]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 16:50 253952]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-05 08:28 180269]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 04:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 04:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 04:00 59392]
"{D4-4D-DA-AD-ZN}"="C:\windows\system32\dwdsregt.exe" [ ]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09 139367]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 07:16 37376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 04:53 34880]

C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-08-05 08:46:22 36903]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-02-19 21:21:57 124152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{24282ED1-2289-4AE7-B1B9-88967EB00560}"= C:\Program Files\Hanmaro\MediaRose\Agent\ShellLauncher.dll [2006-09-25 23:25 122880]

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 03:55:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 16:56:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-05 16:57:11
ComboFix-quarantined-files.txt 2008-02-06 00:56:56
.
2008-01-09 07:56:29 --- E O F ---
kkamshi

[*] posted on 7-2-2008 at 04:49
SDFix: Version 1.137

Run by Compaq_Administrator on 02/05/2008 Tue at 04:33 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\aax24.tmp.exe - Deleted
C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Think-Adz.lnk - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted





Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 16:43:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\xb67e\x427\24\xc1cc]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\StartMenu2\Programs\\xb67e\x427\24\xc1cc\\xb67e\x427\24\xc1cc\xaff1]
"Order"=hex:08,00,00,00,02,00,00,00,02,01,00,00,01,00,00,00,02,00,00,00,7c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1133580026\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1133580026\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1133580026\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1133580026\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\1139962237\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1139962237\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1139962237\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1139962237\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\WINDOWS\\system32\\BugsSvr.exe"="C:\\WINDOWS\\system32\\BugsSvr.exe:*:Enabled:Bugs Music Player Control"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Documents and Settings\\Compaq_Administrator\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Compaq_Administrator\\Desktop\\utorrent.exe:*:Enabled:μTorrent"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"="C:\\Program Files\\Warcraft III\\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Disabled:AIM"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BugsCorp\\BugsAppPlayer\\bin\\BugsSvr.exe"="C:\\Program Files\\BugsCorp\\BugsAppPlayer\\bin\\BugsSvr.exe:*:Enabled:P3AoDSvr Module"
"C:\\WINDOWS\\system32\\p3bvsvr.exe"="C:\\WINDOWS\\system32\\p3bvsvr.exe:*:Enabled:Bugs VoD Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 18 Apr 2006 0 A.SH. --- "C:\WINDOWS\system32\wupdmgr.tmp"
Fri 2 Dec 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 20 Feb 2006 1,242 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"

Finished!
Pancake

[*] posted on 7-2-2008 at 00:42
It would help if this page stopped scrolling.I cant see the other part of you log..it a pain. Disable your virus program and then try the download again.If you not sure how to disable go here :

http://www.bleepingcomputer.com/forums/topic114351.html
kkamshi

[*] posted on 7-2-2008 at 00:12
i cant run the internet scan it says its not able to let me download it and i installed the internet explorer 7.0 and its still not lettin me run the scan any suggestions? is it because i have the anti-virus program on my desktop???i also hav Tor, privoxy for some reason should i delete these. I think they are some kind of cleaner programs but not sure
LSemmens

[*] posted on 6-2-2008 at 14:05
Thankyou for jumping in Pancake, I'll leave kkamshi in your capable hands! FYI kkamshi, Pancake is our resident expert and will help you to resolve the "nasties", once they are fixed, the other items may also be resolved, otherwise we'll keep plugging at it until it is.
Pancake

[*] posted on 6-2-2008 at 01:26
Let me know if there is an improvment..



Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.


O4 - Startup: spysheriff.lnk = ?
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\asysgdiz.exe

Reboot..

===========================


Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • [color=#6666CC]Extended[/color]
    • Scan Options:
      • [color=#6666CC]Scan Archives
      • ScanMail Bases[/color]
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [bad img]http://i204.photobucket.com/albums/bb106/Juliet702/Kas-SaveReport-1.gif[/bad img]

    [bad img]http://i204.photobucket.com/albums/bb106/Juliet702/Kas-Savetxt.gif[/bad img]


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
Dreamweaver

[*] posted on 6-2-2008 at 01:23
I am merging this with the other post as it's getting rather confusing.

Apologlies to Pancake if this is somewhat confusing.
kkamshi

[*] posted on 6-2-2008 at 01:02
But my computer is still havin runtime error problems same as before
thanks fo the help though
here are the new logs

SDFix: Version 1.137

Run by Compaq_Administrator on 02/05/2008 Tue at 04:33 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\aax24.tmp.exe - Deleted
C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Think-Adz.lnk - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted





Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 16:43:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\xb67e\x427\24\xc1cc]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\StartMenu2\Programs\\xb67e\x427\24\xc1cc\\xb67e\x427\24\xc1cc\xaff1]
"Order"=hex:08,00,00,00,02,00,00,00,02,01,00,00,01,00,00,00,02,00,00,00,7c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1133580026\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1133580026\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1133580026\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1133580026\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\1139962237\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1139962237\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1139962237\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1139962237\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\WINDOWS\\system32\\BugsSvr.exe"="C:\\WINDOWS\\system32\\BugsSvr.exe:*:Enabled:Bugs Music Player Control"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Documents and Settings\\Compaq_Administrator\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Compaq_Administrator\\Desktop\\utorrent.exe:*:Enabled:μTorrent"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"="C:\\Program Files\\Warcraft III\\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Disabled:AIM"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BugsCorp\\BugsAppPlayer\\bin\\BugsSvr.exe"="C:\\Program Files\\BugsCorp\\BugsAppPlayer\\bin\\BugsSvr.exe:*:Enabled:P3AoDSvr Module"
"C:\\WINDOWS\\system32\\p3bvsvr.exe"="C:\\WINDOWS\\system32\\p3bvsvr.exe:*:Enabled:Bugs VoD Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 18 Apr 2006 0 A.SH. --- "C:\WINDOWS\system32\wupdmgr.tmp"
Fri 2 Dec 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 20 Feb 2006 1,242 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"

Finished!
ComboFix 08-02.05.3 - Compaq_Administrator 2008-02-05 16:55:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.560 [GMT -8:00]
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\winpfz32.sys
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-05 16:30 . 2008-02-05 16:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-05 16:05 . 2008-02-05 16:48 <DIR> d-------- C:\SDFix
2008-02-05 15:03 . 2008-02-05 15:03 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-05 14:58 . 2008-02-05 15:05 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\SecurityScans
2008-02-05 14:57 . 2008-02-05 14:57 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-02-04 22:47 . 2008-02-04 22:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-04 21:57 . 2008-02-04 22:33 <DIR> d-------- C:\Program Files\Madz Software
2008-02-04 21:57 . 2008-02-05 16:49 0 --a------ C:\FL.ini
2008-02-04 00:21 . 2008-02-05 15:15 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\FrostWire
2008-02-04 00:20 . 2008-02-04 11:52 <DIR> d-------- C:\Program Files\FrostWire
2008-02-04 00:20 . 2008-02-04 00:20 <DIR> d-------- C:\Program Files\AskSBar
2008-02-04 00:01 . 2008-02-04 00:01 <DIR> d-------- C:\Program Files\NotsoSoftware
2008-02-02 20:47 . 2008-02-05 16:49 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\OpenOffice.org2
2008-02-02 20:43 . 2008-02-04 12:01 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-02 20:43 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-02 20:11 . 2008-02-02 20:11 1,666,048 --a------ C:\WINDOWS\c01.ppt
2008-01-29 13:37 . 2008-01-29 13:37 3,877 --a------ C:\WINDOWS\assignement1.rtf
2008-01-15 22:44 . 2008-02-04 07:44 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Winamp
2008-01-15 22:01 . 2008-02-04 07:27 <DIR> d-------- C:\divx
2008-01-15 20:48 . 2008-01-15 20:48 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Yahoo!
2008-01-15 20:48 . 2008-01-15 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-07 17:16 . 2008-01-07 17:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 00:56 30,111,008 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-06 00:56 1,386,528 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-06 00:22 407,096 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-06 00:22 130,772 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-04 20:10 --------- d-----w C:\Program Files\WinQual
2008-02-04 20:10 --------- d-----w C:\Program Files\Winamp Toolbar
2008-02-04 20:10 --------- d-----w C:\Program Files\Winamp
2008-02-04 20:10 --------- d-----w C:\Program Files\_ffdshow
2008-02-04 20:08 --------- d-----w C:\Program Files\Warcraft III
2008-02-04 20:04 --------- d-----w C:\Program Files\Steam
2008-02-04 20:03 --------- d-----w C:\Program Files\SeaStorm 3D Screensaver
2008-02-04 20:03 --------- d-----w C:\Program Files\QuickTime
2008-02-04 20:02 --------- d-----w C:\Program Files\Quicken
2008-02-04 20:02 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
2008-02-04 19:58 --------- d-----w C:\Program Files\myLinker
2008-02-04 19:58 --------- d-----w C:\Program Files\MSN Encarta Standard
2008-02-04 19:58 --------- d-----w C:\Program Files\mIRC
2008-02-04 19:57 --------- d-----w C:\Program Files\Microsoft Works
2008-02-04 19:56 --------- d-----w C:\Program Files\Microsoft Plus! Dancer LE
2008-02-04 19:56 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-02-04 19:55 --------- d-----w C:\Program Files\MegauploadToolbar
2008-02-04 19:54 --------- d-----w C:\Program Files\iTunes
2008-02-04 19:54 --------- d-----w C:\Program Files\iPod
2008-02-04 19:52 --------- d-----w C:\Program Files\GemMaster
2008-02-04 19:52 --------- d-----w C:\Program Files\EnglishOtto
2008-02-04 19:51 --------- d-----w C:\Program Files\Easy Internet signup
2008-02-04 19:51 --------- d-----w C:\Program Files\DivX
2008-02-04 19:51 --------- d-----w C:\Program Files\Common Files\Palo Alto Software
2008-02-04 19:50 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-02-04 19:49 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-04 19:48 --------- d-----w C:\Program Files\AOD
2008-02-04 19:48 --------- d-----w C:\Program Files\AIM6
2008-02-04 19:47 --------- d-----w C:\Program Files\Advanced System Optimizer
2008-02-04 15:44 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent
2008-02-04 15:39 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\MSNInstaller
2008-02-04 15:39 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\MegauploadToolbar
2008-02-04 15:39 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Media Player Classic
2008-02-04 15:38 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Image Zone Express
2008-02-04 15:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-04 15:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-03 04:43 --------- d-----w C:\Program Files\Java
2008-01-29 21:38 10,066 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2008-01-16 04:47 --------- d-----w C:\Program Files\Yahoo!
2008-01-06 21:31 --------- d-----w C:\Program Files\Kaspersky Lab
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-06 08:10 24 ----a-w C:\Documents and Settings\Compaq_Administrator\mylist.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-02-04 00:20 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 12:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-04 00:20 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2A14C48F-9C74-4E60-A6A1-A5E134D5B436}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOT\clsid\{2a14c48f-9c74-4e60-a6a1-a5e134d5b436}]
[HKEY_CLASSES_ROOT\IP Tool.IP ToolObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{0D27D4BF-4799-48e3-986B-BDF5C4051F1A}]
[HKEY_CLASSES_ROOT\IP Tool.IP ToolObj]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 12:06 1135968]
"{2A14C48F-9C74-4E60-A6A1-A5E134D5B436}"= C:\WINDOWS\iptool.dll [2007-03-27 23:59 233472]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-02-04 00:20 267592]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOT\clsid\{2a14c48f-9c74-4e60-a6a1-a5e134d5b436}]
[HKEY_CLASSES_ROOT\IP Tool.IP ToolObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{0D27D4BF-4799-48e3-986B-BDF5C4051F1A}]
[HKEY_CLASSES_ROOT\IP Tool.IP ToolObj]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 11:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 15:24 1694208]
"Startup Manager"="C:\Documents and Settings\Compaq_Administrator\Application Data\Systweak\ASO 2\smstartUp manager.exe" [ ]
"Systweak Wallpaper Changer"="wallpaper.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-10 17:43 68856]
"Aim6"="" []
"onmuzfirstupdate"="C:\Program Files\onmuzplus\onmuzup.exe" [ ]
"RegistryCleanFixMFC"="C:\Program Files\RegistryCleaner\registrycleaner.exe" [ ]
"DriveDiscoveryMemoryResident"="C:\Program Files\NotsoSoftware\DriveDiscovery\NSSMR.exe" [2007-01-30 12:30 462848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 18:04 59392]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 21:34 245760]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 01:56 544768 C:\WINDOWS\sm56hlpr.exe]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 16:50 253952]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-05 08:28 180269]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 04:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 04:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 04:00 59392]
"{D4-4D-DA-AD-ZN}"="C:\windows\system32\dwdsregt.exe" [ ]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09 139367]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 07:16 37376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 04:53 34880]

C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-08-05 08:46:22 36903]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-02-19 21:21:57 124152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{24282ED1-2289-4AE7-B1B9-88967EB00560}"= C:\Program Files\Hanmaro\MediaRose\Agent\ShellLauncher.dll [2006-09-25 23:25 122880]

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 03:55:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 16:56:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-05 16:57:11
ComboFix-quarantined-files.txt 2008-02-06 00:56:56
.
2008-01-09 07:56:29 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:42 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NotsoSoftware\DriveDiscovery\NSSMR.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: IP Tool - {2A14C48F-9C74-4e60-A6A1-A5E134D5B436} - C:\WINDOWS\iptool.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [{D4-4D-DA-AD-ZN}] C:\windows\system32\dwdsregt.exe CCM001
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Compaq_Administrator\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - HKCU\..\Run: [Systweak Wallpaper Changer] wallpaper.exe -minimize
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [onmuzfirstupdate] C:\Program Files\onmuzplus\onmuzup.exe
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleaner\registrycleaner.exe
O4 - HKCU\..\Run: [DriveDiscoveryMemoryResident] C:\Program Files\NotsoSoftware\DriveDiscovery\NSSMR.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: spysheriff.lnk = ?
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.co.kr/install/BugsInstall_2006_02_11.cab
O16 - DPF: {39C23151-5D69-4142-85A2-E0CCBC0A3A9B} (OnmuzWebActiveCtl Control) - http://211.168.120.7/~goldnboy/OnmuzWebActive.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202251726468
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools_2006_02_11.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada/Setup/20060830/SBStart.CAB
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O16 - DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} (PlayerCue Control) - http://touch.imbc.com/ActiveX/iMBCOnlineService.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/SetGlb.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/test/Online.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10663 bytes
hope u can help me more
Pancake

[*] posted on 5-2-2008 at 23:29
You do have some malware that may be causing it....



Please download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe SDFix from here and save it to your desktop


Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.


Open the extracted SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as[B] Report.txt [/B]
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.


=========================================


Download Combofix from any of the links below, and save it to your desktop. For further information regarding this download you can see this on this http://www.bleepingcomputer.com/combofix/how-to-use-combofix Information Page

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Caution...Never run and remove files using ComboFix without being supervised by a security analyst
kkamshi

[*] posted on 5-2-2008 at 23:05
which logs should i delete?
Quaver

[*] posted on 5-2-2008 at 22:58
Why not try emailing P2P Doctor as well?
http://www.p2pdoctor.com/contact_us.htm
kkamshi

[*] posted on 5-2-2008 at 22:46
even when i try to run a mpg file on winamp or media player the same error occurs
kkamshi

[*] posted on 5-2-2008 at 22:44
i am running kasperksy anti-virus, adware. and advanced system optimizer
LSemmens

[*] posted on 5-2-2008 at 12:35
Hi. kkamshi, I've replied to your query elsewhere, in future, it would be prudent to just post your question in one forum as most members do tend to a)check all the fora, anyway and b) it saves confusion in getting multiple, possibly conflicting, replies from different members in different threads.
LSemmens

[*] posted on 5-2-2008 at 12:31
Hi kkamshi, welcome to KF. The information that you have given may not be enough to allow us to help you unless someone has had experience with that identical program. I am not familiar with "P2P doctor" that is the program that you are asking about, so I can't offer too much help there. Have you tried re-installing it? A subscript error indicates that there may be a programming issue, it may need to be referred back to the company that sold you the software, Have a look on their website for FAQ's and see if there are others with the same issue. Your HJT log shows a couple of things that are flagged as worries. What security are you running, apart from P2P Doctor? Is it all up to date? Are windows Updates turned on?
kkamshi

[*] posted on 5-2-2008 at 07:24
forgot the post
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:18 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: IP Tool - {2A14C48F-9C74-4e60-A6A1-A5E134D5B436} - C:\WINDOWS\iptool.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [{D4-4D-DA-AD-ZN}] C:\windows\system32\dwdsregt.exe CCM001
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Compaq_Administrator\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - HKCU\..\Run: [Systweak Wallpaper Changer] wallpaper.exe -minimize
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [onmuzfirstupdate] C:\Program Files\onmuzplus\onmuzup.exe
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleaner\registrycleaner.exe
O4 - HKCU\..\Run: [DriveDiscoveryMemoryResident] C:\Program Files\NotsoSoftware\DriveDiscovery\NSSMR.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: spysheriff.lnk = ?
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\asysgdiz.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.co.kr/install/BugsInstall_2006_02_11.cab
O16 - DPF: {39C23151-5D69-4142-85A2-E0CCBC0A3A9B} (OnmuzWebActiveCtl Control) - http://211.168.120.7/~goldnboy/OnmuzWebActive.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools_2006_02_11.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada/Setup/20060830/SBStart.CAB
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O16 - DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} (PlayerCue Control) - http://touch.imbc.com/ActiveX/iMBCOnlineService.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/SetGlb.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/test/Online.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\WINDOWS\system32\ITSS.DLL
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\WINDOWS\system32\ITSS.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12913 bytes
kkamshi

[*] posted on 5-2-2008 at 07:22
HEllo i have just recently purchased p2p doctor but after i installed it i realized i could not use it due to this runtime error. please help me i spent 15 dollars on tat program i would hate to put tat to waste
i attached the log file as attachment
i would appreciate reply at post or email thank u
kkamshi

[*] posted on 5-2-2008 at 07:12
HEllo i have just recently purchased p2p doctor but after i installed it i realized i could not use it due to this runtime error. please help me i spent 15 dollars on tat program i would hate to put tat to waste
i attached the log file as attachment
i would appreciate reply at post
thank u