[RESOLVED] Virus - Hard Disk Refuses to Open

**yohan** · 20-01-2008

Hi,

I have the same problem that has been mentioned in the post "Virus - I Cannot Open My Hard Disk" http://www.d-a-l.com/help/showthread.php?t=54907

I am posting my Hijack Log. Please tell me if I should follow the same steps as mentioned in the above mentioned post.

Thanks
Yohan

Hijack Log
----------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:30 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 172.32.0.253:3128
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.ex e
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware347\bin\Starware347.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O3 - Toolbar: Starware Jokes Toolbar - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware347\bin\Starware347.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{14363E8A-EDC5-4584-9147-A467AB4644A3}: NameServer = 4.2.2.2,202.56.250.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1ECD161-2F0E-4156-BF88-F1E9C2D22800}: NameServer = 4.2.2.2,202.56.250.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{14363E8A-EDC5-4584-9147-A467AB4644A3}: NameServer = 4.2.2.2,202.56.250.5
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 7458 bytes

--------------------------------------------------------------

**VopThis** · 20-01-2008

Follow the procedures in post #2:

http://www.d-a-l.com/help/showpost.p...74&postcount=2

There may be more to do once I see a revised HijackThis log.

Also,
Let us see/review what is loaded on your PC:

Run HijackThis and Click Open the Misc Tools section button.
Then click the Open Uninstall Manager… button.
Click the Save list… button. Save uninstall_list to your desktop.
Open the Uninstall list file and post in your next reply, please.

**yohan** · 21-01-2008

Gee Thanks

My computer is fixed now.

Thanks for all the help.

Please check these logs:

Hijacklog, Combofixlog, Uninstall List

Regards,
Yohan

Hijacklog
=============================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:34 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 172.32.0.253:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{14363E8A-EDC5-4584-9147-A467AB4644A3}: NameServer = 4.2.2.2,202.56.250.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1ECD161-2F0E-4156-BF88-F1E9C2D22800}: NameServer = 4.2.2.2,202.56.250.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{14363E8A-EDC5-4584-9147-A467AB4644A3}: NameServer = 4.2.2.2,202.56.250.5
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 6682 bytes

Combofix log
=================================================
ComboFix 08-01-20.1 - A 2008-01-21 21:35:48.1 - FAT32x86
Running from: C:\Documents and Settings\A\Desktop\ComboFix(3).exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\A\Application Data\Starware
C:\Documents and Settings\A\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\A\Application Data\Starware\BrowserSearch\BrowserSearch.xml.back up
C:\Documents and Settings\A\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\A\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.b ackup
C:\Documents and Settings\A\Application Data\Starware\Games\GamesOptions.xml
C:\Documents and Settings\A\Application Data\Starware\Games\GamesOptions.xml.backup
C:\Documents and Settings\A\Application Data\Starware\JokeSearch\JokeSearchOptions.xml
C:\Documents and Settings\A\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.bac kup
C:\Documents and Settings\A\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\A\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\A\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\A\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\A\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\A\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\A\Application Data\Starware\Movies\MoviesOptions.xml
C:\Documents and Settings\A\Application Data\Starware\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\A\Application Data\Starware\Pranks\PranksOptions.xml
C:\Documents and Settings\A\Application Data\Starware\Pranks\PranksOptions.xml.backup
C:\Documents and Settings\A\Application Data\Starware\RelatedSearch\RelatedSearchOptions.x ml
C:\Documents and Settings\A\Application Data\Starware\RelatedSearch\RelatedSearchOptions.x ml.backup
C:\Documents and Settings\A\Application Data\Starware\ScreensaversMarketingSitePager\Scree nsaversMarketingSitePagerOptions.xml
C:\Documents and Settings\A\Application Data\Starware\ScreensaversMarketingSitePager\Scree nsaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\A\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOpt ions.xml
C:\Documents and Settings\A\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOpt ions.xml.backup
C:\Documents and Settings\A\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\A\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.b ackup
C:\Documents and Settings\A\Application Data\Starware\SmileyTown\SmileyTownOptions.xml
C:\Documents and Settings\A\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.bac kup
C:\Documents and Settings\A\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\A\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\A\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\A\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.b ackup
C:\Documents and Settings\A\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.x ml
C:\Documents and Settings\A\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.x ml.backup
C:\Documents and Settings\A\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\A\Application Data\Starware\TravelSearch\TravelSearchOptions.xml .backup
C:\Documents and Settings\A\Application Data\Starware347
C:\Documents and Settings\A\Application Data\Starware347\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\A\Application Data\Starware347\BrowserSearch\BrowserSearch.xml.b ackup
C:\Documents and Settings\A\Application Data\Starware347\Configurator\Configurator.xml
C:\Documents and Settings\A\Application Data\Starware347\Configurator\Configurator.xml.bac kup
C:\Documents and Settings\A\Application Data\Starware347\EntertainmentMarketingSP\Entertai nmentMarketingSPOptions.xml
C:\Documents and Settings\A\Application Data\Starware347\EntertainmentMarketingSP\Entertai nmentMarketingSPOptions.xml.backup
C:\Documents and Settings\A\Application Data\Starware347\EntertainmentMarketingSP\images\a ctive\EntertainmentMarketingSP0.bmp
C:\Documents and Settings\A\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xm l
C:\Documents and Settings\A\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xm l.backup
C:\Documents and Settings\A\Application Data\Starware347\Games\GamesOptions.xml
C:\Documents and Settings\A\Application Data\Starware347\Games\GamesOptions.xml.backup
C:\Documents and Settings\A\Application Data\Starware347\Games\images\active\Games0.bmp
C:\Documents and Settings\A\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml
C:\Documents and Settings\A\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml. backup
C:\Documents and Settings\A\Application Data\Starware347\Layouts\ToolbarLayout.xml
C:\Documents and Settings\A\Application Data\Starware347\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\A\Application Data\Starware347\Manager\ManagerOptions.xml
C:\Documents and Settings\A\Application Data\Starware347\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\A\Application Data\Starware347\Movies\images\active\Movies0.bmp
C:\Documents and Settings\A\Application Data\Starware347\Movies\MoviesOptions.xml
C:\Documents and Settings\A\Application Data\Starware347\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\A\Application Data\Starware347\Pranks\PranksOptions.xml
C:\Documents and Settings\A\Application Data\Starware347\Pranks\PranksOptions.xml.backup
C:\Documents and Settings\A\Application Data\Starware347\RelatedSearch\RelatedSearchOption s.xml
C:\Documents and Settings\A\Application Data\Starware347\RelatedSearch\RelatedSearchOption s.xml.backup
C:\Documents and Settings\A\Application Data\Starware347\ScreensaversMarketingSitePager\im ages\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\A\Application Data\Starware347\ScreensaversMarketingSitePager\Sc reensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\A\Application Data\Starware347\ScreensaversMarketingSitePager\Sc reensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\A\Application Data\Starware347\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\A\Application Data\Starware347\Toolbar\TBProductsOptions.xml.bac kup
C:\Documents and Settings\A\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xm l
C:\Documents and Settings\A\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xm l.backup
C:\Documents and Settings\A\Application Data\Starware347\ToolbarSearch\ToolbarSearchOption s.xml
C:\Documents and Settings\A\Application Data\Starware347\ToolbarSearch\ToolbarSearchOption s.xml.backup
C:\Documents and Settings\A\Application Data\Starware347\TravelSearch\TravelSearchOptions. xml
C:\Documents and Settings\A\Application Data\Starware347\TravelSearch\TravelSearchOptions. xml.backup
C:\Documents and Settings\All Users\Application Data.\Starware
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\cursorcafe.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\cursorcafeA.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\games.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\gamesA.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\jokesearch.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\moviesA.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\pranks.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\smiley.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\smileyxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\contexts\error.xml
C:\Documents and Settings\All Users\Application Data.\Starware\contexts\related.xml
C:\Documents and Settings\All Users\Application Data.\Starware\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\ProductMessagingConfig .xml
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\ProductMessagingConfig .xml.backup
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\SimpleUpdateConfig.xml .backup
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\TimerManagerConfig.xml .backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\jokesearch.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\pranks.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smiley.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smileyxp.png
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig. xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig. xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml. backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml. backup
C:\Documents and Settings\All Users\Application Data\Starware347
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\jokesearch.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\pranks.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware347\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware347\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\ProductMessagingConf ig.xml
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\ProductMessagingConf ig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\SimpleUpdateConfig.x ml
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\SimpleUpdateConfig.x ml.backup
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\TimerManagerConfig.x ml
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\TimerManagerConfig.x ml.backup
C:\Documents and Settings\All Users\Documents\My Music\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0010185C\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Videos\Desktop_.ini
C:\Documents and Settings\Guest\Application Data\Starware347
C:\Documents and Settings\Guest\Application Data\Starware347\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Guest\Application Data\Starware347\BrowserSearch\BrowserSearch.xml.b ackup
C:\Documents and Settings\Guest\Application Data\Starware347\Configurator\Configurator.xml
C:\Documents and Settings\Guest\Application Data\Starware347\Configurator\Configurator.xml.bac kup
C:\Documents and Settings\Guest\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xm l
C:\Documents and Settings\Guest\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xm l.backup
C:\Documents and Settings\Guest\Application Data\Starware347\Manager\ManagerOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware347\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware347\RelatedSearch\RelatedSearchOption s.xml
C:\Documents and Settings\Guest\Application Data\Starware347\RelatedSearch\RelatedSearchOption s.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware347\TravelSearch\TravelSearchOptions. xml
C:\Documents and Settings\Guest\Application Data\Starware347\TravelSearch\TravelSearchOptions. xml.backup
C:\Program Files\Starware347
C:\Program Files\Starware347\bin\dlls\jokester.dll
C:\Program Files\Starware347\bin\Starware347.dll
C:\Program Files\Starware347\brand.bmp
C:\Program Files\Starware347\icons\star_16.ico
C:\Program Files\Starware347\Starware347Config.xml
C:\Program Files\Starware347\Starware347Uninstall.exe
C:\WINDOWS\system\_sv_CMD_
C:\WINDOWS\system32\amvo0.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.

2008-01-21 21:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-20 22:27 . 2008-01-20 22:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-04 22:45 . 2007-10-11 05:25 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-03 22:49 . 2007-07-06 18:17 660,992 --------- C:\WINDOWS\system32\dllcache\mqqm.dll
2008-01-03 22:49 . 2007-07-06 18:17 471,552 --------- C:\WINDOWS\system32\dllcache\mqutil.dll
2008-01-03 22:49 . 2007-07-06 18:17 177,152 --------- C:\WINDOWS\system32\dllcache\mqrt.dll
2008-01-03 22:49 . 2007-07-06 18:17 138,240 --------- C:\WINDOWS\system32\dllcache\mqad.dll
2008-01-03 22:49 . 2007-07-06 18:17 95,744 --------- C:\WINDOWS\system32\dllcache\mqsec.dll
2008-01-03 22:49 . 2007-07-06 15:35 72,960 --------- C:\WINDOWS\system32\dllcache\mqac.sys
2008-01-03 22:49 . 2007-07-06 18:17 48,640 --------- C:\WINDOWS\system32\dllcache\mqupgrd.dll
2008-01-03 22:49 . 2007-07-06 18:17 47,104 --------- C:\WINDOWS\system32\dllcache\mqdscli.dll
2008-01-03 22:49 . 2007-07-06 18:17 16,896 --------- C:\WINDOWS\system32\dllcache\mqise.dll
2008-01-03 22:48 . 2007-07-09 18:46 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-03 22:47 . 2007-10-30 04:13 1,287,680 --------- C:\WINDOWS\system32\dllcache\quartz.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-17 03:16 --------- d-----w C:\Documents and Settings\A\Application Data\U3
2007-11-28 20:19 --------- d-----w C:\Documents and Settings\Guest\Application Data\Apple Computer
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 12:09 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 12:09 230,912 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-27 12:07 2,109,440 ------w C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2005-11-24 09:17 18,480 ------w C:\Documents and Settings\A\Application Data\GDIPFONTCACHEV1.DAT
2004-03-11 07:57 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Yahoo! Pager"="C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe" [2005-02-24 11:57 2506752]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-30 19:28 68856]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-04 23:11 579072]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-04 23:11 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-08-06 16:48 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^A^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\A\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2004-07-22 11:08 88361 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvMon.exe]
--------- 2005-02-01 08:52 53248 C:\WINDOWS\system32\DrvMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
--a------ 2004-08-06 16:52 356352 C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 02:52 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2003-10-02 11:49 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2003-10-02 12:07 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2004-09-07 18:55 1400944 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2004-08-06 16:48 385024 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2004-10-01 14:16 262144 C:\PROGRA~1\LAUNCH~1\LManager.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--------- 2003-03-18 22:09 184320 C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
F:\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2003-12-08 17:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-07-27 14:31 68096 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-07-26 03:03 49263 C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go ogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-08-12 12:42 684032 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-08-12 12:43 102400 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

S3 PAC207;SoC PC-Camera Beta3;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2006-01-16 16:23]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{01a9917a-3946-11dc-905c-000fb5897ca9}]
\Shell\Auto\command - sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{186022bc-bae7-11dc-91a2-000fb5897ca9}]
\Shell\AutoRun\command - juok3st.bat
\Shell\explore\Command - juok3st.bat
\Shell\open\Command - juok3st.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{26a3e750-3dab-11dc-9067-000fb5897ca9}]
\Shell\Auto\command - sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{46ae1f9a-efde-11db-8fd4-000fb5897ca9}]
\Shell\AutoRun\command - H:\ie.exe
\Shell\explore\Command - H:\ie.exe
\Shell\open\Command - H:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{59f297d4-ad0d-11db-8f06-000fb5897ca9}]
\Shell\AutoRun\command - H:\juok3st.bat
\Shell\explore\Command - H:\juok3st.bat
\Shell\open\Command - H:\juok3st.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6bf1047a-ac4e-11dc-9192-000fb5897ca9}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{72249436-479e-11da-8ab3-000fb07f80db}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7bbb6b74-ac5f-11db-8f04-000fb5897ca9}]
\Shell\Auto\command - H:\sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8430aeb0-015e-11da-9785-806d6172696f}]
\Shell\AutoRun\command - juok3st.bat
\Shell\explore\Command - juok3st.bat
\Shell\open\Command - juok3st.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8430aeb1-015e-11da-9785-806d6172696f}]
\Shell\AutoRun\command - juok3st.bat
\Shell\explore\Command - juok3st.bat
\Shell\open\Command - juok3st.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8430aeb2-015e-11da-9785-806d6172696f}]
\Shell\AutoRun\command - juok3st.bat
\Shell\explore\Command - juok3st.bat
\Shell\open\Command - juok3st.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8430aeb3-015e-11da-9785-806d6172696f}]
\Shell\AutoRun\command - juok3st.bat
\Shell\explore\Command - juok3st.bat
\Shell\open\Command - juok3st.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8aff3fa8-0340-11da-898b-000fb07f80db}]
\Shell\Auto\command - sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{aa7ecfe2-0fe3-11da-89c8-000fb07f80db}]
\Shell\AutoRun\command - H:\loaderw.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{adf3763a-ea81-11db-8fb8-000fb5897ca9}]
\Shell\AutoRun\command - H:\ie.exe
\Shell\explore\Command - H:\ie.exe
\Shell\open\Command - H:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e1c180d7-407a-11da-8a9f-000fb07f80db}]
\Shell\AutoRun\command - H:\ie.exe
\Shell\explore\Command - H:\ie.exe
\Shell\open\Command - H:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ee375782-ea83-11db-8fb9-000fb5897ca9}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f3d7ccb6-643c-11dc-90e7-000fb5897ca9}]
\Shell\AutoRun\command - H:\u.bat
\Shell\explore\Command - H:\u.bat
\Shell\open\Command - H:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f3d7ccb7-643c-11dc-90e7-000fb5897ca9}]
\Shell\AutoRun\command - I:\u.bat
\Shell\explore\Command - I:\u.bat
\Shell\open\Command - I:\u.bat

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-17 17:03:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 21:38:44
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-01-21 21:39:31
ComboFix-quarantined-files.txt 2008-01-21 16:09:30
.
2008-01-09 20:02:51 --- E O F ---

================================================== =

Un install log
===============================================
Adobe Reader 7.0.9
Agere Systems AC'97 Modem
Apple Software Update
AVG 7.5
DivX
DivX Player
DVD Solution
Google Talk (remove only)
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
InCD
Intel(R) Extreme Graphics 2 Driver
Intel(R) PROSet/Wireless Software
InterActual Player
J2SE Runtime Environment 5.0 Update 8
Launch Manager
Macromedia Flash Player 8
mCore
mDriver
mDrWiFi
mEoU.msi
mHelp
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
mIWA
mIWCA
mLogView
mMHouse
Mozilla Firefox (1.5)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Launcher
mWlsSafe
mXML
mZConfig
Nero Suite
PowerDVD
PowerProducer
QuickTime
Realtek AC'97 Audio
River Past Cam In Style
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
SMSC IrCC V5.1.3600.5 SP2
Synaptics Pointing Device Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

**VopThis** · 22-01-2008

J2SE Runtime Environment 5.0 Update 8

Your system has an outdated version of Sun Java that could create serious security exposure issues for your PC.

Update your Java.

Older JAVA versions have vulnerabilities that malware can and are using to infect systems.

Please follow these steps to remove older version Java components.

Close any programs you may have running, ESPECIALLY your web browser
Click Start > Control Panel.
Click Add/Remove Programs.
Check any item with Java Runtime Environment (JRE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.

Download the latest version of Java Runtime Environment (JRE) 6.0 Update 3 or higher, and install it to your computer.

New Version should show as (HijackThis log):

C:\Program Files\Java\jre1.6.0_03\… or higher

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.

POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

[RESOLVED] Virus - Hard Disk Refuses to Open

[RESOLVED] Virus - Hard Disk Refuses to Open

Similar Threads

My PC has a virus and won't let me open any files please help

[Resolved] can't open HJT from hard disc

[RESOLVED] Virus - I Cannot Access My Hard Disk

windows message disk boot failure, insert system disk and press enter no hard drive

faulty hard disk or virus ?