Jump to content
Sign in to follow this  
Bossof69

Bad Image Error (Resolved)

Recommended Posts

From when i start my computer i am barraged with bad image errors, which consist of "The application or DLL (insert path of whatever i just clicked).dll is not a valid Windows image. Please check this against your installation diskette." I constantly get them for any programs i open, all the time. I had random crashes when this problem started, but i ran an AVG virus scan on safe mode, and it got rid of the crashing virus, but the bad image errors still pop up. I have the RSIT info and log files, and I have the hijack log files. I would really appreciate if someone could help me on the issue. Thanks in advance.

 

HIJACK THIS LOG FILE

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:10:05, on 2009/06/23

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

D:\DANNYS~1\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

D:\DANNYS~1\AVG8\avgrsx.exe

D:\DANNYS~1\AVG8\avgnsx.exe

D:\Danny Stuff\AVG8\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\conime.exe

C:\WINDOWS\SYSTEM32\cidaemon.exe

D:\Danny Stuff\Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

 

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Danny Stuff\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)

R3 - URLSearchHook: (no name) - *_{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

R3 - URLSearchHook: (no name) - *_{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

R3 - URLSearchHook: (no name) - *_{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\DOCUME~1\Lillie\LOCALS~1\Temp\920.exe

O2 - BHO: VoiceIPObj Class - {00000250-0320-4DD4-BE4F-7566D2314352} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - D:\Danny Stuff\AVG8\avgssie.dll

O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: iComment - {9005D5D6-4DD4-4D15-B550-2CCE057D6E86} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: AVG Security Toolbar BHO - {a3bc75a2-1f87-4686-aa43-5347d756017c} - D:\Danny Stuff\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - D:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll

O2 - BHO: 796525 helper - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\WINDOWS\system32\796525\796525.dll (file missing)

O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Danny Stuff\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Lillie\LOCALS~1\Temp\{0B6E5CE9-8354-4B6A-8F22-0A830D7317C1}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0011"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "D:\Danny Stuff\Quicktime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Network Data Management System Service] "C:\DOCUME~1\Lillie\LOCALS~1\Temp\920.exe" *

O4 - HKLM\..\Run: [AVG8_TRAY] D:\DANNYS~1\AVG8\avgtray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "D:\Danny Stuff\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] D:\Danny Stuff\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Danny Stuff\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [kell] C:\program Files\Manson\liser.exe

O4 - HKCU\..\Run: [sYSDLL] SYSDLL

O4 - HKCU\..\Run: [Windows Network Data Management System Service] "C:\DOCUME~1\Lillie\LOCALS~1\Temp\920.exe" *

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Startup: MagicDisc.lnk = D:\Danny Stuff\MagicDisc\MagicDisc.exe

O4 - Startup: AutorunsDisabled

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk121YYCA

O8 - Extra context menu item: Add Hyperlink iComment - res://C:\Program Files\iComment 1.0.21\iComment.dll/267

O8 - Extra context menu item: Add Picture iComment - res://C:\Program Files\iComment 1.0.21\iComment.dll/267

O8 - Extra context menu item: Add Text iComment - res://C:\Program Files\iComment 1.0.21\iComment.dll/267

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Search Using Copernic Agent - res://D:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)

O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)

O9 - Extra button: iComment - {9005D5D6-4DD4-4D15-B550-2CCE057D6E86} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com

O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...lup/install.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab

O18 - Protocol: bw+0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Danny Stuff\AVG8\avgpp.dll

O18 - Protocol: offline-8876480 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: rpcc - C:\WINDOWS\

O20 - Winlogon Notify: windows - windows.dll (file missing)

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Danny Stuff\Ares\chatServer.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\DANNYS~1\AVG8\avgwdsvc.exe

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Windows Network Data Management System Service (bndmss) - Unknown owner - C:\WINDOWS\system32\bndmss.exe (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\DLL\RUNDLL32.exe (file missing)

O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\fci.exe.exe:ext.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\icf.exe.exe:ext.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Security Service (MYFI) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Danny Stuff\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

O24 - Desktop Component 0: (no name) - http://www.dreamhomesource.com/images/Plan.../FE/at23432.gif

O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Lillie/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg

O24 - Desktop Component 2: (no name) - http://members.aol.com/BeautifulJudeLaw/pict52.jpg

O24 - Desktop Component 3: (no name) - http://members.aol.com/BeautifulJudeLaw/pict56.jpg

O24 - Desktop Component 4: (no name) - http://members.aol.com/BeautifulJudeLaw/pict129.jpg

 

--

End of file - 25233 bytes

 

RSIC LOG FILE

RSIC LOG FILE

RSIC LOG FILE

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Lillie at 2009-06-23 04:08:55

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 8 GB (31%) free of 25 GB

Total RAM: 512 MB (11% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:09:03, on 2009/06/23

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

D:\DANNYS~1\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

D:\DANNYS~1\AVG8\avgrsx.exe

D:\DANNYS~1\AVG8\avgnsx.exe

D:\Danny Stuff\AVG8\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\conime.exe

C:\WINDOWS\SYSTEM32\cidaemon.exe

D:\Danny Stuff\Firefox\firefox.exe

C:\Documents and Settings\Lillie\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Trend Micro\HijackThis\Lillie.exe

 

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Danny Stuff\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)

R3 - URLSearchHook: (no name) - *_{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

R3 - URLSearchHook: (no name) - *_{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

R3 - URLSearchHook: (no name) - *_{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\DOCUME~1\Lillie\LOCALS~1\Temp\920.exe

O2 - BHO: VoiceIPObj Class - {00000250-0320-4DD4-BE4F-7566D2314352} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - D:\Danny Stuff\AVG8\avgssie.dll

O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: iComment - {9005D5D6-4DD4-4D15-B550-2CCE057D6E86} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: AVG Security Toolbar BHO - {a3bc75a2-1f87-4686-aa43-5347d756017c} - D:\Danny Stuff\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - D:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll

O2 - BHO: 796525 helper - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\WINDOWS\system32\796525\796525.dll (file missing)

O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Danny Stuff\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Lillie\LOCALS~1\Temp\{0B6E5CE9-8354-4B6A-8F22-0A830D7317C1}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0011"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "D:\Danny Stuff\Quicktime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Network Data Management System Service] "C:\DOCUME~1\Lillie\LOCALS~1\Temp\920.exe" *

O4 - HKLM\..\Run: [AVG8_TRAY] D:\DANNYS~1\AVG8\avgtray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "D:\Danny Stuff\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] D:\Danny Stuff\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Danny Stuff\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [kell] C:\program Files\Manson\liser.exe

O4 - HKCU\..\Run: [sYSDLL] SYSDLL

O4 - HKCU\..\Run: [Windows Network Data Management System Service] "C:\DOCUME~1\Lillie\LOCALS~1\Temp\920.exe" *

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Startup: MagicDisc.lnk = D:\Danny Stuff\MagicDisc\MagicDisc.exe

O4 - Startup: AutorunsDisabled

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk121YYCA

O8 - Extra context menu item: Add Hyperlink iComment - res://C:\Program Files\iComment 1.0.21\iComment.dll/267

O8 - Extra context menu item: Add Picture iComment - res://C:\Program Files\iComment 1.0.21\iComment.dll/267

O8 - Extra context menu item: Add Text iComment - res://C:\Program Files\iComment 1.0.21\iComment.dll/267

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Search Using Copernic Agent - res://D:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)

O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)

O9 - Extra button: iComment - {9005D5D6-4DD4-4D15-B550-2CCE057D6E86} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com

O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...lup/install.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab

O18 - Protocol: bw+0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Danny Stuff\AVG8\avgpp.dll

O18 - Protocol: offline-8876480 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: rpcc - C:\WINDOWS\

O20 - Winlogon Notify: windows - windows.dll (file missing)

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Danny Stuff\Ares\chatServer.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\DANNYS~1\AVG8\avgwdsvc.exe

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Windows Network Data Management System Service (bndmss) - Unknown owner - C:\WINDOWS\system32\bndmss.exe (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\DLL\RUNDLL32.exe (file missing)

O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\fci.exe.exe:ext.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\icf.exe.exe:ext.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Security Service (MYFI) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Danny Stuff\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

O24 - Desktop Component 0: (no name) - http://www.dreamhomesource.com/images/Plan.../FE/at23432.gif

O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Lillie/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg

O24 - Desktop Component 2: (no name) - http://members.aol.com/BeautifulJudeLaw/pict52.jpg''>http://members.aol.com/BeautifulJudeLaw/pict52.jpg'>http://members.aol.com/BeautifulJudeLaw/pict52

Edited by Bossof69

Share this post


Link to post
Share on other sites

Please note that all instructions given are customised for this computer only,

the tools used may cause damage if used on a computer with different infections.

 

If you think you have similar problems, please post a log in the HJT forum and wait for help.

 

Hello and welcome to the forums

 

My name is Katana and I will be helping you to remove any infection(s) that you may have.

 

Please observe these rules while we work:

  • Please Read All Instructions Carefully
  • If you don't understand something, stop and ask! Don't keep going on.
  • Please do not run any other tools or scans whilst I am helping you
  • Failure to reply within 5 days will result in the topic being closed.
  • Please continue to respond until I give you the "All Clear"

    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly Posted Image

 

Please Note, your security programs may give warnings for some of the tools I will ask you to use.

Be assured, any links I give are safe

----------------------------------------------------------------------------------------

 

IMPORTANT

I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

 

ares

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

 

Also available here.

 

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs

Please note: you must NOT use any P2P whilst we are cleaning your machine.

 

 

Malwarebytes' Anti-Malware

 

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If requested, please reboot
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download and Run ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:

 

Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop

  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

  • Double click combofix.exe & follow the prompts.

  • When finished, it will produce a log. Please save that log to post in your next reply

  • Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

Share this post


Link to post
Share on other sites

These are the logs from malwarebytes and and combofix. Running malwarebytes fixed the initial problem, but i ran combofix anyway.

 

Malware Bytes log

 

Malwarebytes' Anti-Malware 1.38

Database version: 2327

Windows 5.1.2600 Service Pack 3

 

2009/06/23 21:24:33

mbam-log-2009-06-23 (21-24-33).txt

 

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 343175

Time elapsed: 1 hour(s), 17 minute(s), 30 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 39

Registry Values Infected: 17

Registry Data Items Infected: 1

Folders Infected: 26

Files Infected: 110

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot.

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\y537.y537mgr (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\y537.y537mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e7f15ac4-e0a9-43f0-921b-70dfea621220} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e055c02e-6258-40ff-80a7-3bda52facad7} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e7f15ac4-e0a9-43f0-921b-70dfea621220} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7f15ac4-e0a9-43f0-921b-70dfea621220} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isadisk (Rootkit.GamesThief) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\isadisk (Rootkit.GamesThief) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\isadisk (Rootkit.GamesThief) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sopidkc (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RPCHE (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\lpvideo.lpvideoplugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\lpvideo.lpvideoplugin.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\lpvideo.xmldomdocumenteventssink (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\lpvideo.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\LPVideoPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\LPVideo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc (Spyware.LDPinch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ICF (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\retro64_loader.r64loader.1 (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\legacy_windev-cb4-4eab (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_RUNTIME (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DhcpSrv (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BNDMSS (Trojan.Backdoor) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmenadrv (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmena (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kell (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdll (Worm.Autorun) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\progra~1\manson\liser.dll -> Quarantined and deleted successfully.

 

Folders Infected:

c:\documents and settings\free man\application data\Starware (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\searchmatch\searchMatchPages (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\JokeSearch (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Pranks (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\SmileyTown (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Games (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Movies (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Layouts (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully.

C:\Program Files\Video ActiveX Object (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Program Files\LPVideoPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\796525 (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\podmena (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\Manson (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\3361 (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Files Infected:

c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot.

c:\WINDOWS\system32\wtukd32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\tpszxyd.sys (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\isadisk.sys (Rootkit.GamesThief) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\calc.ifo (Trojan.Oficla) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\drivers\79fc8318.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\txpxr_215341478209.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\txpxr_710265660708.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\tmp0_65960596662.bk.old (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\t4m0_892273374216.bk.old (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\txpxr_513740644667.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\txpxr_229015384659.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\txpxr_564896661388.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\txpxr_583425393063.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\txpxr_355624712407.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\txpxr_520839401629.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\txpxr_376670106285.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\txpxr_60096033335.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\txpxr_689148725284.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\txpxr_62749029040.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\temporary internet files\Content.IE5\KJWHUF2R\wscmp[1].dll (Trojan.Zlob) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\ODYZ4DYN\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\ODYZ4DYN\w[2].bin (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\58GEV2U9\ms[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\58GEV2U9\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\58GEV2U9\w[2].bin (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\G73ND33P\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\X7B8JFQJ\w[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\X7B8JFQJ\so[1].bin (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\X7B8JFQJ\w[2].bin (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\Lillie\local settings\Temp\379.exe (Trojan.Crypt) -> Quarantined and deleted successfully.

c:\documents and settings\Lillie\local settings\Temp\834.exe (Trojan.Crypt) -> Quarantined and deleted successfully.

c:\documents and settings\Lillie\local settings\Temp\jkio965hgwt43qawhgefhaewqqf36.log (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\Lillie\local settings\Temp\13.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.

c:\documents and settings\Lillie\local settings\Temp\~TME.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Lillie\local settings\Temp\14.tmp (Rootkit.Rustock) -> Quarantined and deleted successfully.

c:\documents and settings\Lillie\local settings\Temp\~TMF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Lillie\local settings\Temp\906.exe (Trojan.Crypt) -> Quarantined and deleted successfully.

c:\documents and settings\Lillie\local settings\temporary internet files\Content.IE5\G76TKP0A\loaderadv563[1].exe (Trojan.Crypt) -> Quarantined and deleted successfully.

c:\documents and settings\Lillie\local settings\temporary internet files\Content.IE5\AG0HQ8LV\d[1].bin (Trojan.VB) -> Quarantined and deleted successfully.

c:\documents and settings\Lillie\local settings\temporary internet files\Content.IE5\AG0HQ8LV\ms[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\browsersearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\browsersearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\travelsearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\travelsearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\relatedsearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\relatedsearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\errorsearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\errorsearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\searchmatch\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\searchmatch\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\toolbarlogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\toolbarlogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\toolbarsearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\toolbarsearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\jokesearch\JokeSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\jokesearch\JokeSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Pranks\PranksOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Pranks\PranksOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\smileytown\SmileyTownOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\smileytown\SmileyTownOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\screensaversmarketingsitepager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\screensaversmarketingsitepager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Layouts\PreferencesLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\Layouts\PreferencesLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\searchassistplus\SearchAssistPlusOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.

c:\documents and settings\free man\application data\Starware\searchassistplus\SearchAssistPlusOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\program files\Manson\liser.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\msmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\documents and settings\Lillie\favorites\MP3 Download Review 24-7 Downloads Review.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\ntdtcsetup.log (Trojan.Agent) -> Delete on reboot.

c:\documents and settings\Lillie\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dncyool32.sys (Trojan.Backdoor) -> Quarantined and deleted successfully.

c:\WINDOWS\ro123222.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\WINDOWS\ro123623.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\documents and settings\Lillie\local settings\Temp\stron_1244858339.exe (Worm.Koobface) -> Quarantined and deleted successfully.

c:\documents and settings\Lillie\local settings\Temp\stron_1244853759.exe (Worm.Koobface) -> Quarantined and deleted successfully.

c:\documents and settings\Lillie\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\KBPK090612.log (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\KBPK090613.log (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\KBPK090614.log (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\KBPK090615.log (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\KBPK090616.log (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\KBPK090617.log (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\KBPK090618.log (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\KBPK090619.log (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\KBPK090620.log (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\KBPK090621.log (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\KBPK090622.log (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\zaponce53290.dat (Worm.Koobface) -> Quarantined and deleted successfully.

c:\WINDOWS\zaponce53222.dat (Worm.Koobface) -> Quarantined and deleted successfully.

c:\WINDOWS\zaponce53623.dat (Worm.Koobface) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

 

Combo Fix Log

 

ComboFix 09-06-22.0E - Lillie 2009/06/23 21:57.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.512.240 [GMT -4:00]

Running from: c:\documents and settings\Lillie\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: F-Secure Anti-Virus 2005 5.10 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\free man\Application Data\Hotbar

c:\recycler\S-1-5-21-2853563178-0140612277-418686338-5501

c:\recycler\S-1-5-21-5143764448-3458716958-983023910-8086

c:\recycler\S-1-5-21-7309143771-2486207794-050355544-4459

c:\recycler\S-1-5-21-7795208573-3014429037-938812722-6119

c:\recycler\S-1-5-21-7830346878-1551943928-119382123-6078

c:\windows\dll

c:\windows\Downloaded Program Files\PurpleBean.exe

c:\windows\system32\drivers\npf.sys

c:\windows\system32\drivers\SKYNETqbbmttim.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\SKYNETlyptwylj.dll

c:\windows\system32\SKYNETpgwruwrk.dat

c:\windows\system32\SKYNETquhyiynu.dat

c:\windows\system32\SKYNETrtpfwxyx.dll

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055531.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\1057928.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\1065003.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\1420235.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\2089495.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\237280.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\541854.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\573421.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\983651.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat\3152.dat

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\12776

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13615

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13617

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14633

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14643

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18721

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\228229

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23021

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25043

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25839

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26664

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27503

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\28383

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29115

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34123

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34186

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34237

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39897

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39972

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43638

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44878

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45833

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52335

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\538263

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\55841

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\55865

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\5898

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59844

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61779

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61837

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\65112

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67226

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67491

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67831

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\69019

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72846

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73876

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\78839

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79674

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79676

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80193

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83216

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83706

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86379

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87385

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\94789

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95325

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\3152.dat

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar10.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar11.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar12.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar13.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar14.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar2.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar3.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar5.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar6.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar8.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar9.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_x.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_fastutilities.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_idx.idx

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_sdf.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar12.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar13.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar14.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_idx.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_sdf.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip

c:\documents and settings\Lillie\Local Settings\Temporary Internet Files\hgstarterjp_verinfo.dat

c:\recycler\S-1-5-21-2853563178-0140612277-418686338-5501\Desktop.ini

c:\recycler\S-1-5-21-5143764448-3458716958-983023910-8086\Desktop.ini

c:\recycler\S-1-5-21-7309143771-2486207794-050355544-4459\Desktop.ini

c:\recycler\S-1-5-21-7795208573-3014429037-938812722-6119\Desktop.ini

c:\recycler\S-1-5-21-7830346878-1551943928-119382123-6078\Desktop.ini

c:\windows\Install.txt

c:\windows\irc.txt

c:\windows\patch.exe

c:\windows\Readme.txt

c:\windows\system32\CID

c:\windows\system32\drivers\a7f72540.sys

c:\windows\system32\drivers\SKYNETqbbmttim.sys

c:\windows\system32\launcher.exe

c:\windows\system32\SKYNETlyptwylj.dll

c:\windows\system32\SKYNETpgwruwrk.dat

c:\windows\system32\SKYNETquhyiynu.dat

c:\windows\system32\SKYNETrtpfwxyx.dll

c:\windows\system32\sopidkc.exe

c:\windows\system32\SvcNm

c:\windows\system32\url1

c:\windows\system32\url2

c:\windows\system32\url3

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_SKYNETvkinetid

-------\Legacy_bndmss

-------\Legacy_dhcpsrv

-------\Legacy_fci

-------\Legacy_FWDRV.SYS

-------\Legacy_ias

-------\Legacy_icf

-------\Legacy_isadisk

-------\Legacy_MSNCACHE

-------\Legacy_NPF

-------\Legacy_podmena

-------\Legacy_podmenadrv

-------\Legacy_sopidkc

-------\Service_ias

-------\Service_NPF

-------\Service_a7f72540

 

 

((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))

.

 

2009-06-24 01:52 . 2009-06-24 01:52 -------- d-sh--w- C:\FOUND.001

2009-06-24 00:01 . 2009-06-24 00:01 -------- d-----w- c:\documents and settings\Lillie\Application Data\Malwarebytes

2009-06-24 00:00 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-24 00:00 . 2009-06-24 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-06-24 00:00 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-23 08:08 . 2009-06-23 08:08 -------- d-----w- C:\rsit

2009-06-23 08:07 . 2009-06-23 08:07 -------- d-----w- c:\program files\Trend Micro

2009-06-23 03:05 . 2009-06-17 13:51 781435 ----a-w- c:\documents and settings\Lillie\Application Data\Mozilla\Firefox\Profiles\bo7q3s03.default\extensions\firedownload@mozilla.org\Download.dll

2009-06-23 03:05 . 2009-05-07 16:49 22528 ----a-w- c:\documents and settings\Lillie\Application Data\Mozilla\Firefox\Profiles\bo7q3s03.default\extensions\firedownload@mozilla.org\components\firedownload.dll

2009-06-23 02:48 . 2009-06-23 02:48 -------- d-----w- c:\documents and settings\Lillie\Local Settings\Application Data\AVG Security Toolbar

2009-06-23 00:31 . 2009-06-23 00:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar

2009-06-23 00:29 . 2009-06-23 00:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2009-06-22 23:33 . 2009-06-22 23:33 -------- d-----w- c:\documents and settings\danny\Local Settings\Application Data\AVG Security Toolbar

2009-06-22 23:25 . 2009-06-22 23:25 -------- d--h--w- C:\$AVG8.VAULT$

2009-06-22 22:32 . 2009-06-22 22:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-06-22 22:32 . 2009-06-22 22:32 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-06-22 22:32 . 2009-06-22 22:32 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-06-22 22:32 . 2009-06-22 22:32 -------- d-----w- c:\windows\system32\drivers\Avg

2009-06-22 22:32 . 2009-06-22 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2009-06-22 22:32 . 2009-06-22 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-06-22 22:26 . 2009-06-22 22:26 -------- d-----w- c:\program files\AVG

2009-06-15 03:28 . 2009-06-22 22:47 598016 ----a-w- c:\windows\system32\drivers\15d5d41.sys

2009-06-12 16:04 . 2009-06-12 16:04 151 ----a-w- c:\documents and settings\Lillie\check.bat

2009-06-12 03:22 . 2009-06-12 03:22 -------- d-----w- c:\program files\Common Files\Audio

2009-06-11 02:34 . 2009-06-11 02:34 7382192 ----a-w- c:\documents and settings\Lillie\Application Data\Raptr\raptr-0_2_83_06091200.exe

2009-05-28 23:31 . 2009-03-28 23:52 94208 ----a-w- c:\documents and settings\Lillie\Application Data\Soldat\Battleye\BEServer.dll

2009-05-28 23:31 . 2009-03-28 23:52 102400 ----a-w- c:\documents and settings\Lillie\Application Data\Soldat\Battleye\BEClient.dll

2009-05-28 23:31 . 2009-05-28 23:31 0 ----a-r- C:\logwmemory.bin

2009-05-28 23:15 . 2009-05-28 23:15 -------- d-----w- c:\documents and settings\Lillie\Application Data\Soldat

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-22 22:32 . 2008-02-27 21:50 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-06-09 23:12 . 2008-08-09 02:08 34 ----a-w- c:\documents and settings\Lillie\jagex_runescape_preferences.dat

2009-06-04 17:17 . 2004-01-04 01:07 113984 ----a-w- c:\documents and settings\Lillie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-23 04:02 . 2009-05-23 03:48 383645136 ----a-w- c:\documents and settings\Lillie\Application Data\ijjigame\U_GBOUND_setup.exe

2009-05-23 03:50 . 2009-05-23 03:50 -------- d-----w- c:\documents and settings\Lillie\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1

2009-05-23 03:48 . 2009-05-23 03:48 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-05-23 03:47 . 2009-05-23 03:49 38208 ----a-w- c:\documents and settings\Lillie\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-05-23 03:47 . 2009-05-23 03:47 -------- d-----w- c:\documents and settings\Lillie\Application Data\Raptr

2009-05-23 03:45 . 2009-05-23 03:45 480688 ----a-w- c:\documents and settings\Lillie\Application Data\ijjigame\ijjistarter2FxB.exe

2009-05-23 03:45 . 2009-05-23 03:45 -------- d--h--w- c:\documents and settings\Lillie\Application Data\ijjigame

2009-05-23 03:36 . 2009-05-23 03:36 -------- d-----w- c:\program files\NHN USA

2009-05-13 00:48 . 2009-05-23 03:36 710064 ----a-w- c:\windows\system32\ijjiSetup.exe

2009-05-09 05:09 . 2009-05-09 05:09 5185536 ----a-r- c:\documents and settings\Lillie\Application Data\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe

2009-05-09 05:09 . 2009-05-09 05:09 28672 ----a-r- c:\documents and settings\Lillie\Application Data\Microsoft

Edited by Bossof69

Share this post


Link to post
Share on other sites

Please can you post the Combofix log again, it got cut off.

C:\Combofix.txt

 

 

Kaspersky Online Scanner .

Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal

NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin

Go Here http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

 

Read the Requirements and limitations before you click Accept.

Once the database has downloaded, click My Computer in the left pane

Now go and put the kettle on !

When the scan has completed, click Save Report As...

Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)

Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

 

 

**Note**

 

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Share this post


Link to post
Share on other sites

This is the combo fix log, sorry about that, and i was wondering if there was a way to retrieve the scan report from the kaspersky scan from your harddrive, or if it is saved anywhere on your computer, because i ran the scan(took a day >_>), and it finished, but then my power cut off... i was hoping the scan was saved to some region of my computer, so i dont have to run that scan again (T.T)

 

ComboFix 09-06-22.0E - Lillie 2009/06/23 21:57.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.512.240 [GMT -4:00]

Running from: c:\documents and settings\Lillie\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: F-Secure Anti-Virus 2005 5.10 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\free man\Application Data\Hotbar

c:\recycler\S-1-5-21-2853563178-0140612277-418686338-5501

c:\recycler\S-1-5-21-5143764448-3458716958-983023910-8086

c:\recycler\S-1-5-21-7309143771-2486207794-050355544-4459

c:\recycler\S-1-5-21-7795208573-3014429037-938812722-6119

c:\recycler\S-1-5-21-7830346878-1551943928-119382123-6078

c:\windows\dll

c:\windows\Downloaded Program Files\PurpleBean.exe

c:\windows\system32\drivers\npf.sys

c:\windows\system32\drivers\SKYNETqbbmttim.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\SKYNETlyptwylj.dll

c:\windows\system32\SKYNETpgwruwrk.dat

c:\windows\system32\SKYNETquhyiynu.dat

c:\windows\system32\SKYNETrtpfwxyx.dll

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055531.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\1057928.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\1065003.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\1420235.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\2089495.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\237280.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\541854.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\573421.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\983651.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat\3152.dat

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\12776

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13615

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13617

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14633

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14643

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18721

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\228229

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23021

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25043

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25839

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26664

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27503

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\28383

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29115

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34123

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34186

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34237

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39897

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39972

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43638

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44878

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45833

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52335

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\538263

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\55841

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\55865

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\5898

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59844

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61779

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61837

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\65112

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67226

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67491

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67831

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\69019

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72846

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73876

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\78839

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79674

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79676

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80193

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83216

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83706

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86379

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87385

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\94789

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95325

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\3152.dat

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar10.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar11.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar12.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar13.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar14.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar2.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar3.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar5.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar6.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar8.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar9.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_x.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_fastutilities.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_idx.idx

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_sdf.sdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar12.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar13.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar14.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_idx.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_sdf.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip

c:\documents and settings\free man\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip

c:\documents and settings\Lillie\Local Settings\Temporary Internet Files\hgstarterjp_verinfo.dat

c:\recycler\S-1-5-21-2853563178-0140612277-418686338-5501\Desktop.ini

c:\recycler\S-1-5-21-5143764448-3458716958-983023910-8086\Desktop.ini

c:\recycler\S-1-5-21-7309143771-2486207794-050355544-4459\Desktop.ini

c:\recycler\S-1-5-21-7795208573-3014429037-938812722-6119\Desktop.ini

c:\recycler\S-1-5-21-7830346878-1551943928-119382123-6078\Desktop.ini

c:\windows\Install.txt

c:\windows\irc.txt

c:\windows\patch.exe

c:\windows\Readme.txt

c:\windows\system32\CID

c:\windows\system32\drivers\a7f72540.sys

c:\windows\system32\drivers\SKYNETqbbmttim.sys

c:\windows\system32\launcher.exe

c:\windows\system32\SKYNETlyptwylj.dll

c:\windows\system32\SKYNETpgwruwrk.dat

c:\windows\system32\SKYNETquhyiynu.dat

c:\windows\system32\SKYNETrtpfwxyx.dll

c:\windows\system32\sopidkc.exe

c:\windows\system32\SvcNm

c:\windows\system32\url1

c:\windows\system32\url2

c:\windows\system32\url3

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_SKYNETvkinetid

-------\Legacy_bndmss

-------\Legacy_dhcpsrv

-------\Legacy_fci

-------\Legacy_FWDRV.SYS

-------\Legacy_ias

-------\Legacy_icf

-------\Legacy_isadisk

-------\Legacy_MSNCACHE

-------\Legacy_NPF

-------\Legacy_podmena

-------\Legacy_podmenadrv

-------\Legacy_sopidkc

-------\Service_ias

-------\Service_NPF

-------\Service_a7f72540

 

 

((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))

.

 

2009-06-24 01:52 . 2009-06-24 01:52 -------- d-sh--w- C:\FOUND.001

2009-06-24 00:01 . 2009-06-24 00:01 -------- d-----w- c:\documents and settings\Lillie\Application Data\Malwarebytes

2009-06-24 00:00 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-24 00:00 . 2009-06-24 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-06-24 00:00 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-23 08:08 . 2009-06-23 08:08 -------- d-----w- C:\rsit

2009-06-23 08:07 . 2009-06-23 08:07 -------- d-----w- c:\program files\Trend Micro

2009-06-23 03:05 . 2009-06-17 13:51 781435 ----a-w- c:\documents and settings\Lillie\Application Data\Mozilla\Firefox\Profiles\bo7q3s03.default\extensions\firedownload@mozilla.org\Download.dll

2009-06-23 03:05 . 2009-05-07 16:49 22528 ----a-w- c:\documents and settings\Lillie\Application Data\Mozilla\Firefox\Profiles\bo7q3s03.default\extensions\firedownload@mozilla.org\components\firedownload.dll

2009-06-23 02:48 . 2009-06-23 02:48 -------- d-----w- c:\documents and settings\Lillie\Local Settings\Application Data\AVG Security Toolbar

2009-06-23 00:31 . 2009-06-23 00:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar

2009-06-23 00:29 . 2009-06-23 00:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2009-06-22 23:33 . 2009-06-22 23:33 -------- d-----w- c:\documents and settings\danny\Local Settings\Application Data\AVG Security Toolbar

2009-06-22 23:25 . 2009-06-22 23:25 -------- d--h--w- C:\$AVG8.VAULT$

2009-06-22 22:32 . 2009-06-22 22:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-06-22 22:32 . 2009-06-22 22:32 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-06-22 22:32 . 2009-06-22 22:32 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-06-22 22:32 . 2009-06-22 22:32 -------- d-----w- c:\windows\system32\drivers\Avg

2009-06-22 22:32 . 2009-06-22 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2009-06-22 22:32 . 2009-06-22 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-06-22 22:26 . 2009-06-22 22:26 -------- d-----w- c:\program files\AVG

2009-06-15 03:28 . 2009-06-22 22:47 598016 ----a-w- c:\windows\system32\drivers\15d5d41.sys

2009-06-12 16:04 . 2009-06-12 16:04 151 ----a-w- c:\documents and settings\Lillie\check.bat

2009-06-12 03:22 . 2009-06-12 03:22 -------- d-----w- c:\program files\Common Files\Audio

2009-06-11 02:34 . 2009-06-11 02:34 7382192 ----a-w- c:\documents and settings\Lillie\Application Data\Raptr\raptr-0_2_83_06091200.exe

2009-05-28 23:31 . 2009-03-28 23:52 94208 ----a-w- c:\documents and settings\Lillie\Application Data\Soldat\Battleye\BEServer.dll

2009-05-28 23:31 . 2009-03-28 23:52 102400 ----a-w- c:\documents and settings\Lillie\Application Data\Soldat\Battleye\BEClient.dll

2009-05-28 23:31 . 2009-05-28 23:31 0 ----a-r- C:\logwmemory.bin

2009-05-28 23:15 . 2009-05-28 23:15 -------- d-----w- c:\documents and settings\Lillie\Application Data\Soldat

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-22 22:32 . 2008-02-27 21:50 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-06-09 23:12 . 2008-08-09 02:08 34 ----a-w- c:\documents and settings\Lillie\jagex_runescape_preferences.dat

2009-06-04 17:17 . 2004-01-04 01:07 113984 ----a-w- c:\documents and settings\Lillie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-23 04:02 . 2009-05-23 03:48 383645136 ----a-w- c:\documents and settings\Lillie\Application Data\ijjigame\U_GBOUND_setup.exe

2009-05-23 03:50 . 2009-05-23 03:50 -------- d-----w- c:\documents and settings\Lillie\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1

2009-05-23 03:48 . 2009-05-23 03:48 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-05-23 03:47 . 2009-05-23 03:49 38208 ----a-w- c:\documents and settings\Lillie\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-05-23 03:47 . 2009-05-23 03:47 -------- d-----w- c:\documents and settings\Lillie\Application Data\Raptr

2009-05-23 03:45 . 2009-05-23 03:45 480688 ----a-w- c:\documents and settings\Lillie\Application Data\ijjigame\ijjistarter2FxB.exe

2009-05-23 03:45 . 2009-05-23 03:45 -------- d--h--w- c:\documents and settings\Lillie\Application Data\ijjigame

2009-05-23 03:36 . 2009-05-23 03:36 -------- d-----w- c:\program files\NHN USA

2009-05-13 00:48 . 2009-05-23 03:36 710064 ----a-w- c:\windows\system32\ijjiSetup.exe

2009-05-09 05:09 . 2009-05-09 05:09 5185536 ----a-r- c:\documents and settings\Lillie\Application Data\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe

2009-05-09 05:09 . 2009-05-09 05:09 28672 ----a-r- c:\documents and settings\Lillie\Application Data\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe

2009-05-07 15:32 . 2001-09-10 20:43 345600 ------w- c:\windows\system32\localspl.dll

2009-05-01 22:32 . 2009-05-01 22:31 -------- d-----w- c:\documents and settings\Lillie\Application Data\TeamViewer

2009-04-30 02:09 . 2005-08-12 22:43 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2009-04-29 23:11 . 2009-05-23 03:36 66992 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe

2009-04-29 04:46 . 2004-01-08 18:23 666624 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:46 . 2004-08-04 08:56 81920 ------w- c:\windows\system32\ieencode.dll

2009-04-25 23:23 . 2009-04-08 22:45 76788 ---ha-w- c:\windows\system32\mlfcache.dat

2009-04-17 12:26 . 2001-09-10 20:44 1847168 ------w- c:\windows\system32\win32k.sys

2009-04-15 14:51 . 2004-04-16 22:02 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2006-03-15 17:55 . 2005-06-22 16:21 4263 --sh--w- c:\windows\windllreg1c.sys

1999-07-07 00:00 . 1999-07-07 00:00 6 --sh--r- c:\windows\@@desktop.dat

2005-09-15 17:52 . 2004-12-15 11:49 41720284 --sha-w- c:\windows\system32\swodniw.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

2009-06-14 20:07 1004800 ----a-w- d:\danny stuff\AVG8\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]

@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]

2008-02-16 16:35 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]

@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]

2008-02-16 16:35 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]

@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]

2008-02-16 16:35 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]

@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]

2008-02-16 16:35 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]

@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]

2008-02-16 16:35 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]

@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]

2008-02-16 16:35 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]

@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]

2008-02-16 16:35 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Uniblue RegistryBooster 2009"="d:\danny stuff\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]

"AlcoholAutomount"="d:\danny stuff\Alcohol 120\axcmd.exe" [2008-11-23 203720]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"QuickTime Task"="d:\danny stuff\Quicktime\QTTask.exe" [2009-01-05 413696]

"AVG8_TRAY"="d:\dannys~1\AVG8\avgtray.exe" [2009-06-22 1948440]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

 

c:\documents and settings\Lillie\Start Menu\Programs\Startup\

MagicDisc.lnk - d:\danny stuff\MagicDisc\MagicDisc.exe [2008-3-16 546816]

 

c:\documents and settings\Lillie\Start Menu\Programs\Startup\AutorunsDisabled

Raptr.lnk - d:\dannys~1\Raptr\RaptrStub.exe [2009-6-9 42424]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-06-22 22:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Auto Detect.lnk]

backup=c:\windows\pss\Auto Detect.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Real-time Monitor.lnk]

backup=c:\windows\pss\Real-time Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]

backup=c:\windows\pss\VAIO Action Setup (Server).lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Lillie^Start Menu^Programs^Startup^Morpheus.lnk]

backup=c:\windows\pss\Morpheus.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Lillie^Start Menu^Programs^Startup^Xfire.lnk]

backup=c:\windows\pss\Xfire.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskAd Service

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdtoodt

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Swoosh EDN Client

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Cleaner

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tukati:4

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Logitech\\Video\\Launcher.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\System32\\java.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Danny Stuff\\Firefox\\firefox.exe"=

"d:\\Danny Stuff\\VBA_N_Romz\\VisualBoyAdvance.exe"=

"d:\\Danny Stuff\\garena\\Garena.exe"=

"d:\\Danny Stuff\\Warcraft III\\Warcraft III\\Warcraft III.exe"=

"d:\\Danny Stuff\\Warcraft III\\Warcraft III\\War3.exe"=

"d:\\Danny Stuff\\mIRC\\mirc.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Documents and Settings\\Lillie\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\ijji\\ENGLISH\\U_GBOUND.exe"=

"d:\\Danny Stuff\\Soldat\\Soldat.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\IJJIGame\\PLauncher.exe"=

"d:\\Danny Stuff\\Raptr\\Raptr.exe"=

 

R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009/06/22 18:32 327688]

R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009/06/22 18:32 108552]

R1 SonyFanC;FAN Control Device Service;c:\windows\system32\drivers\SonyFanC.sys [2001/09/11 7:50 68116]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2007/08/15 22:45 8576]

R2 avg8wd;AVG Free8 WatchDog;d:\dannys~1\AVG8\avgwdsvc.exe [2009/06/22 18:32 298776]

R2 X4HS16;X4HS16;c:\program files\EXEtender\X4HS16.sys [2003/12/29 20:49 19691]

S1 15d5d41;15d5d41;c:\windows\system32\drivers\15d5d41.sys [2009/06/14 23:28 598016]

S1 4755fcb9;4755fcb9;c:\windows\system32\drivers\4755fcb9.sys --> c:\windows\system32\drivers\4755fcb9.sys [?]

S1 c61f4215;c61f4215;c:\windows\system32\drivers\c61f4215.sys --> c:\windows\system32\drivers\c61f4215.sys [?]

S1 osc03d2;osc03d2;c:\windows\system32\drivers\osc03d2.sys --> c:\windows\system32\drivers\osc03d2.sys [?]

S1 pscb54e;pscb54e;c:\windows\system32\drivers\pscb54e.sys --> c:\windows\system32\drivers\pscb54e.sys [?]

S1 shl322f;shl322f;c:\windows\system32\drivers\shl322f.sys --> c:\windows\system32\drivers\shl322f.sys [?]

S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\d:\danny stuff\Visual\Figures of Happiness\VMLaunch\BuddyVM.sys --> d:\danny stuff\Visual\Figures of Happiness\VMLaunch\BuddyVM.sys [?]

S2 mrtRate;mrtRate; [x]

S2 MYFI;Security Service;c:\windows\system32\svcd\svchost.exe --> c:\windows\system32\svcd\svchost.exe [?]

S3 BCM42XX;Broadcom iLine10 Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [2001/09/10 17:25 54271]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Lillie\LOCALS~1\Temp\JHM1.tmp --> c:\docume~1\Lillie\LOCALS~1\Temp\JHM1.tmp [?]

S3 iAimFP8;iAimFP8;c:\windows\system32\drivers\wADV11NT.sys [2003/12/23 17:43 11935]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

 

2000-01-01 c:\windows\Tasks\Registration reminder 1.job

- c:\windows\System32\OOBE\oobebaln.exe [2001-09-10 00:12]

 

2000-01-01 c:\windows\Tasks\Registration reminder 2.job

- c:\windows\System32\OOBE\oobebaln.exe [2001-09-10 00:12]

 

2000-01-01 c:\windows\Tasks\Registration reminder 3.job

- c:\windows\System32\OOBE\oobebaln.exe [2001-09-10 00:12]

 

2009-06-23 c:\windows\Tasks\{D37900FD-FB5C-49D1-BBC2-8B03F6A7FFC1}_VAIO_danny.job

- c:\windows\System32\mobsync.exe [2001-09-10 00:12]

 

2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-ares - d:\danny stuff\Ares\Ares.exe

HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe

Notify-windows - windows.dll

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bs/

mStart Page = hxxp://www.google.ca/

mSearch Bar =

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=localhost:7171

IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm

IE: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk121YYCA

IE: Add Hyperlink iComment - c:\program files\iComment 1.0.21\iComment.dll/267

IE: Add Picture iComment - c:\program files\iComment 1.0.21\iComment.dll/267

IE: Add Text iComment - c:\program files\iComment 1.0.21\iComment.dll/267

IE: E&xport to Microsoft Excel - d:\office10\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Search Using Copernic Agent - d:\program files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss50.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://ares.netgame.com/download/mglaunch_USAv1002.cab

DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} - hxxp://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab

FF - ProfilePath -

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-23 22:17

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

"ImagePath"=multi:"System32\Drivers\fdc.sys\00"

"KeepImagePath"=multi:"System32\DRIVERS\fdc.sys\00"

"SDImagePath"=multi:"System32\Drivers\fdc.sys\00"

--

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

"KeepImagePath"=multi:"System32\DRIVERS\flpydisk.sys\00"

"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

"ImagePath"=multi:"System32\Drivers\fdc.sys\00"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

"ImagePath"=multi:"System32\Drivers\fdc.sys\00"

"KeepImagePath"=multi:"System32\DRIVERS\fdc.sys\00"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

"ImagePath"=multi:"System32\Drivers\fdc.sys\00"

"KeepImagePath"=multi:"System32\DRIVERS\fdc.sys\00"

"SDImagePath"=multi:"System32\Drivers\fdc.sys\00"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

"KeepImagePath"=multi:"System32\DRIVERS\flpydisk.sys\00"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

"KeepImagePath"=multi:"System32\DRIVERS\flpydisk.sys\00"

"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\Lillie\LOCALS~1\Temp\JHM1.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(3440)

c:\windows\system32\nview.dll

c:\program files\TortoiseSVN\bin\tortoisesvn.dll

c:\program files\TortoiseSVN\bin\intl3_svn.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\conime.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

d:\danny stuff\Alcohol 120\StarWind\StarWindServiceAE.exe

d:\danny stuff\AVG8\avgrsx.exe

d:\dannys~1\AVG8\avgnsx.exe

c:\windows\system32\rundll32.exe

c:\program files\TortoiseSVN\bin\TSVNCache.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-06-24 22:23 - machine was rebooted

ComboFix-quarantined-files.txt 2009-06-24 02:23

 

Pre-Run: 8,057,163,776 bytes free

Post-Run: 8,783,548,416 bytes free

 

546 --- E O F --- 2009-06-12 16:08

Edited by Bossof69

Share this post


Link to post
Share on other sites

Information

and i was wondering if there was a way to retrieve the scan report from the kaspersky scan from your harddrive, or if it is saved anywhere on your computer,

Unfortunately no, you will need to run the scan again.

 

==============================WARNING==============================

There is some evidence of what may be a very nasty infection.

If the Computer has been used for any important data, you are strongly advised to do the following, immediately:

  • Back up all important data on the machine.
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:

    Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.

  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for an attempted identity theft.
==============================WARNING==============================

 

----------------------------------------------------------------------------------------

Step 1

 

Custom CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

     

    http://forums.pcpitstop.com/index.php?s=&showtopic=169944&view=findpost&p=1605060
    Collect::
    c:\windows\system32\drivers\15d5d41.sys
    c:\windows\system32\mlfcache.dat
    c:\windows\@@desktop.dat
    c:\windows\system32\swodniw.dat
    c:\windows\system32\svcd\svchost.exe
    
    Suspect::
    c:\documents and settings\Lillie\check.bat
    Driver::
    15d5d41
    4755fcb9
    c61f4215
    osc03d2
    pscb54e
    shl322f
    mrtRate
    MYFI
    GarenaPEngine
    
    File::
    c:\windows\Tasks\Registration reminder 1.job
    c:\windows\Tasks\Registration reminder 2.job
    c:\windows\Tasks\Registration reminder 3.job
    DDS::
    uInternet Settings,ProxyServer = http=localhost:7171
    IE: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk121YYCA
    ADS::
  • Save this as CFScript.txt and place it on your desktop.

     

     

    Posted Image

     

     

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

  • **Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

    • Ensure you are connected to the internet and click OK on the message box.
  • Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

----------------------------------------------------------------------------------------

Logs/Information to Post in Reply

Please post the following logs/Information in your reply

  • Combofix Log
  • Kaspersky Log
  • C:\RSIT\Info.txt
  • How are things running now ?

Share this post


Link to post
Share on other sites

Logfile of random's system information tool 1.06 (written by random/random)

Run by Lillie at 2009-06-27 11:58:41

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 7 GB (29%) free of 25 GB

Total RAM: 512 MB (20% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:58:55 AM, on 06/27/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

D:\Danny Stuff\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\WINDOWS\system32\RUNDLL32.EXE

D:\DANNYS~1\AVG8\avgtray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

D:\Danny Stuff\MagicDisc\MagicDisc.exe

C:\WINDOWS\system32\wuauclt.exe

D:\DANNYS~1\AVG8\avgwdsvc.exe

D:\DANNYS~1\AVG8\avgrsx.exe

D:\DANNYS~1\AVG8\avgnsx.exe

D:\Danny Stuff\AVG8\avgcsrvx.exe

D:\Danny Stuff\Firefox\firefox.exe

C:\Documents and Settings\Lillie\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Lillie.exe

 

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Danny Stuff\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)

R3 - URLSearchHook: (no name) - *_{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

R3 - URLSearchHook: (no name) - *_{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

R3 - URLSearchHook: (no name) - *_{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - D:\Danny Stuff\AVG8\avgssie.dll

O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: iComment - {9005D5D6-4DD4-4D15-B550-2CCE057D6E86} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: AVG Security Toolbar BHO - {a3bc75a2-1f87-4686-aa43-5347d756017c} - D:\Danny Stuff\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - D:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Danny Stuff\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "D:\Danny Stuff\Quicktime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AVG8_TRAY] D:\DANNYS~1\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] D:\Danny Stuff\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Danny Stuff\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - Startup: MagicDisc.lnk = D:\Danny Stuff\MagicDisc\MagicDisc.exe

O4 - Startup: AutorunsDisabled

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Add Hyperlink iComment - res://C:\Program Files\iComment 1.0.21\iComment.dll/267

O8 - Extra context menu item: Add Picture iComment - res://C:\Program Files\iComment 1.0.21\iComment.dll/267

O8 - Extra context menu item: Add Text iComment - res://C:\Program Files\iComment 1.0.21\iComment.dll/267

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Search Using Copernic Agent - res://D:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)

O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)

O9 - Extra button: iComment - {9005D5D6-4DD4-4D15-B550-2CCE057D6E86} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com

O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab

O18 - Protocol: bw+0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Danny Stuff\AVG8\avgpp.dll

O18 - Protocol: offline-8876480 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\DANNYS~1\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Danny Stuff\Alcohol 120\StarWind\StarWindServiceAE.exe

O24 - Desktop Component 0: (no name) - http://www.dreamhomesource.com/images/Plan.../FE/at23432.gif

O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Lillie/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg

O24 - Desktop Component 2: (no name) - http://members.aol.com/BeautifulJudeLaw/pict52.jpg

O24 - Desktop Component 3: (no name) - http://members.aol.com/BeautifulJudeLaw/pict56.jpg

O24 - Desktop Component 4: (no name) - http://members.aol.com/BeautifulJudeLaw/pict129.jpg

 

--

End of file - 23242 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\{D37900FD-FB5C-49D1-BBC2-8B03F6A7FFC1}_VAIO_danny.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}]

AVG Safe Search - D:\Danny Stuff\AVG8\avgssie.dll [2009-06-22 1107224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}]

REALBAR

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]

PCTools Site Guard

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9005D5D6-4DD4-4D15-B550-2CCE057D6E86}]

iComment Button

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]

ST - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll [2004-08-13 155648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

AVG Security Toolbar BHO - D:\Danny Stuff\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE84A6AA-A333-4B92-B276-C11E2212E4FE}]

CPrintEnhancer Object - D:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll [2006-12-15 599472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll [2004-08-13 282624]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-24 41368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-24 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - []

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll [2004-08-13 282624]

{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - []

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]

{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - D:\Danny Stuff\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

"QuickTime Task"=D:\Danny Stuff\Quicktime\QTTask.exe [2009-01-05 413696]

"AVG8_TRAY"=D:\DANNYS~1\AVG8\avgtray.exe [2009-06-22 1948440]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-24 148888]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"Uniblue RegistryBooster 2009"=D:\Danny Stuff\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624]

"AlcoholAutomount"=D:\Danny Stuff\Alcohol 120\axcmd.exe [2008-11-22 203720]

"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-10 218032]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

D:\Danny Stuff\Ares\Ares.exe -h []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]

C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-13 409600]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewall auto setup]

C:\DOCUME~1\Lillie\LOCALS~1\Temp\winlogon.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

C:\WINDOWS\System32\hkcmd.exe [2002-07-17 90112]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

D:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

C:\WINDOWS\System32\igfxtray.exe [2002-07-17 143360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]

C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2001-08-18 44032]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]

C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

\Program\ []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

C:\Program Files\Logitech\Video\ManifestEngine.exe [2004-06-01 196608]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

C:\Program Files\Logitech\Video\ISStart.exe [2004-06-01 458752]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

C:\Program Files\Logitech\Video\LogiTray.exe [2004-06-01 217088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

C:\WINDOWS\System32\LVCOMSX.EXE [2004-05-21 221184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoodLogic Updater]

C:\Program Files\MoodLogic\Service\Updater.exe [2004-05-27 217088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]

C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-ca\msnappau.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]

point32.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

D:\Danny Stuff\Quicktime\QTTask.exe [2009-01-05 413696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-04-25 180269]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update]

C:\DOCUME~1\Lillie\LOCALS~1\Temp\update.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]

D:\Windows Registry Repair Pro\RegistryRepairPro.exe 4 []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-23 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Auto Detect.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [2005-02-04 450560]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [2000-01-21 65588]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Real-time Monitor.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]

C:\PROGRA~1\Sony\VAIOAC~1\VAServ.exe [2001-08-23 40960]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

D:\WinZip\WZQKPICK.EXE [2004-02-11 118784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lillie^Start Menu^Programs^Startup^Morpheus.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lillie^Start Menu^Programs^Startup^Xfire.lnk]

[]

 

C:\Documents and Settings\Lillie\Start Menu\Programs\Startup

MagicDisc.lnk - D:\Danny Stuff\MagicDisc\MagicDisc.exe

AutorunsDisabled

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2009-06-22 11952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"_NoDriveTypeAutoRun"=145

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Logitech\Video\Launcher.exe"="C:\Program Files\Logitech\Video\Launcher.exe:*:Enabled:Logitech QuickCam"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\WINDOWS\System32\java.exe"="C:\WINDOWS\System32\java.exe:*:Enabled:Java 2 Platform Standard Edition binary"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:?ETorrent"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"D:\Danny Stuff\Firefox\firefox.exe"="D:\Danny Stuff\Firefox\firefox.exe:*:Enabled:Firefox"

"D:\Danny Stuff\VBA_N_Romz\VisualBoyAdvance.exe"="D:\Danny Stuff\VBA_N_Romz\VisualBoyAdvance.exe:*:Enabled:VisualBoyAdvance emulator"

"D:\Danny Stuff\garena\Garena.exe"="D:\Danny Stuff\garena\Garena.exe:*:Enabled:Garena"

"D:\Danny Stuff\Warcraft III\Warcraft III\Warcraft III.exe"="D:\Danny Stuff\Warcraft III\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"

"D:\Danny Stuff\Warcraft III\Warcraft III\War3.exe"="D:\Danny Stuff\Warcraft III\Warcraft III\War3.exe:*:Enabled:Warcraft III"

"D:\Danny Stuff\mIRC\mirc.exe"="D:\Danny Stuff\mIRC\mirc.exe:*:Enabled:mIRC"

"C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE"="C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Documents and Settings\Lillie\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Documents and Settings\Lillie\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"

"C:\ijji\ENGLISH\U_GBOUND.exe"="C:\ijji\ENGLISH\U_GBOUND.exe:*:Enabled:<ijji Downloader>"

"D:\Danny Stuff\Soldat\Soldat.exe"="D:\Danny Stuff\Soldat\Soldat.exe:*:Enabled:http://soldat.pl"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"

"C:\Documents and Settings\All Users\Application Data\IJJIGame\PLauncher.exe"="C:\Documents and Settings\All Users\Application Data\IJJIGame\PLauncher.exe:*:Disabled:PLauncher Application"

"D:\Danny Stuff\Raptr\Raptr.exe"="D:\Danny Stuff\Raptr\Raptr.exe:*:Disabled:Raptr Client"

"C:\WINDOWS\Downloaded Program Files\PurpleBean.exe"="C:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:Enabled:PurpleBean.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE"="C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

======List of files/folders created in the last 1 months======

 

2009-06-26 14:33:59 ----A---- C:\ComboFix.txt

2009-06-26 13:37:46 ----A---- C:\WINDOWS\zip.exe

2009-06-26 13:37:46 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-06-26 13:37:46 ----A---- C:\WINDOWS\SWSC.exe

2009-06-26 13:37:46 ----A---- C:\WINDOWS\SWREG.exe

2009-06-26 13:37:46 ----A---- C:\WINDOWS\sed.exe

2009-06-26 13:37:46 ----A---- C:\WINDOWS\PEV.exe

2009-06-26 13:37:46 ----A---- C:\WINDOWS\NIRCMD.exe

2009-06-26 13:37:46 ----A---- C:\WINDOWS\grep.exe

2009-06-24 16:47:39 ----A---- C:\WINDOWS\system32\javaws.exe

2009-06-24 16:47:39 ----A---- C:\WINDOWS\system32\javaw.exe

2009-06-24 16:47:39 ----A---- C:\WINDOWS\system32\java.exe

2009-06-24 16:47:39 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-06-24 04:02:23 ----A---- C:\Documents and Settings\All Users\Application Data\DynuEncrypt.dll

2009-06-23 22:23:18 ----D---- C:\WINDOWS\temp

2009-06-23 21:52:06 ----SHD---- C:\FOUND.001

2009-06-23 21:41:18 ----D---- C:\WINDOWS\ERDNT

2009-06-23 21:39:33 ----D---- C:\Qoobox

2009-06-23 20:01:03 ----D---- C:\Documents and Settings\Lillie\Application Data\Malwarebytes

2009-06-23 20:00:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-06-23 04:08:55 ----D---- C:\rsit

2009-06-23 04:07:39 ----D---- C:\Program Files\Trend Micro

2009-06-23 03:51:16 ----D---- C:\Program Files\Hijackthis

2009-06-22 19:25:23 ----HD---- C:\$AVG8.VAULT$

2009-06-22 18:32:49 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2009-06-22 18:32:37 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

2009-06-22 18:32:23 ----D---- C:\Documents and Settings\All Users\Application Data\avg8

2009-06-22 18:26:18 ----D---- C:\Program Files\AVG

2009-06-12 12:08:37 ----HD---- C:\WINDOWS\$NtUninstallKB961501$

2009-06-12 12:08:04 ----HD---- C:\WINDOWS\$NtUninstallKB969897$

2009-06-12 12:07:32 ----HD---- C:\WINDOWS\$NtUninstallKB969898$

2009-06-12 12:02:55 ----HD---- C:\WINDOWS\$NtUninstallKB970238$

2009-06-12 12:02:43 ----HD---- C:\WINDOWS\$NtUninstallKB968537$

2009-06-11 23:22:51 ----D---- C:\Program Files\Common Files\Audio

2009-05-28 19:15:38 ----D---- C:\Documents and Settings\Lillie\Application Data\Soldat

 

======List of files/folders modified in the last 1 months======

 

2009-06-27 11:35:44 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt

2009-06-27 00:28:36 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-06-26 14:30:12 ----A---- C:\WINDOWS\system.ini

2009-06-23 18:51:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-06-22 22:41:36 ----A---- C:\WINDOWS\NeroDigital.ini

2009-06-22 22:21:34 ----A---- C:\WINDOWS\ntbtlog.txt

2009-06-12 12:08:42 ----A---- C:\WINDOWS\imsins.BAK

2009-06-01 12:51:12 ----A---- C:\WINDOWS\system32\MRT.exe

2009-05-29 22:23:56 ----A---- C:\cmdline.txt

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgldx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-22 327688]

R1 avgmfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-22 27784]

R1 avgtdix;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-22 108552]

R1 DMICall;Sony DMI Call service; C:\WINDOWS\System32\DRIVERS\DMICall.sys [2000-12-05 3952]

R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2001-08-18 12160]

R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]

R1 SonyFanC;FAN Control Device Service; C:\WINDOWS\System32\Drivers\SonyFanC.sys [2001-09-06 68116]

R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]

R1 vcdrom;Virtual CD-ROM Device Driver; \??\C:\WINDOWS\system32\drivers\VCdRom.sys []

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2006-04-23 165376]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-04-23 18048]

R2 X4HS16;X4HS16; \??\C:\Program Files\EXEtender\X4HS16.Sys []

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2002-06-03 40832]

R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINDOWS\System32\DRIVERS\IPFilter.sys [2002-04-11 11136]

R3 ltmodem5;Lucent Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2001-11-28 441441]

R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-02-18 96256]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]

R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]

R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM; \??\D:\Danny Stuff\Visual\Figures of Happiness\VMLaunch\BuddyVM.sys []

S2 npkcrypt;npkcrypt; \??\D:\Danny Stuff\plz work\New Folder\npkcrypt.sys []

S3 abras3xk;abras3xk; C:\WINDOWS\system32\drivers\abras3xk.sys []

S3 BCM42XX;Broadcom iLine10 Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]

S3 BCMModem;BCM V.90 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]

S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]

S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []

S3 catchme;catchme; \??\C:\DOCUME~1\Lillie\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []

S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2002-07-23 161020]

S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2002-07-23 12415]

S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2002-07-23 12127]

S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2002-07-23 11775]

S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2002-07-23 12063]

S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2002-07-23 19455]

S3 iAimFP5;iAimFP5; C:\WINDOWS\System32\DRIVERS\wADV07nt.sys [2002-07-23 11807]

S3 iAimFP6;iAimFP6; C:\WINDOWS\System32\DRIVERS\wADV08nt.sys [2002-07-23 11295]

S3 iAimFP7;iAimFP7; C:\WINDOWS\System32\DRIVERS\wADV09nt.sys [2002-07-23 11871]

S3 iAimFP8;iAimFP8; C:\WINDOWS\System32\DRIVERS\wADV11nt.sys [2002-07-23 11935]

S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2002-07-23 29311]

S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2002-07-23 19551]

S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2002-07-23 33599]

S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2002-07-23 23615]

S3 iAimTV5;iAimTV5; C:\WINDOWS\System32\DRIVERS\wATV10nt.sys [2002-07-23 25471]

S3 iAimTV6;iAimTV6; C:\WINDOWS\System32\DRIVERS\wATV06nt.sys [2002-07-23 22271]

S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-05-27 19968]

S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\System32\DRIVERS\LVCM.sys [2004-05-21 471232]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2001-07-25 438200]

S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 USB_RNDIS;Arris Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 wandrv;WAN Network Driver; C:\WINDOWS\System32\DRIVERS\wandrv.sys [2001-08-

Share this post


Link to post
Share on other sites

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgldx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-22 327688]

R1 avgmfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-22 27784]

R1 avgtdix;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-22 108552]

R1 DMICall;Sony DMI Call service; C:\WINDOWS\System32\DRIVERS\DMICall.sys [2000-12-05 3952]

R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2001-08-18 12160]

R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]

R1 SonyFanC;FAN Control Device Service; C:\WINDOWS\System32\Drivers\SonyFanC.sys [2001-09-06 68116]

R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]

R1 vcdrom;Virtual CD-ROM Device Driver; \??\C:\WINDOWS\system32\drivers\VCdRom.sys []

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2006-04-23 165376]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-04-23 18048]

R2 X4HS16;X4HS16; \??\C:\Program Files\EXEtender\X4HS16.Sys []

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2002-06-03 40832]

R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINDOWS\System32\DRIVERS\IPFilter.sys [2002-04-11 11136]

R3 ltmodem5;Lucent Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2001-11-28 441441]

R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-02-18 96256]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]

R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]

R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM; \??\D:\Danny Stuff\Visual\Figures of Happiness\VMLaunch\BuddyVM.sys []

S2 npkcrypt;npkcrypt; \??\D:\Danny Stuff\plz work\New Folder\npkcrypt.sys []

S3 abras3xk;abras3xk; C:\WINDOWS\system32\drivers\abras3xk.sys []

S3 BCM42XX;Broadcom iLine10 Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]

S3 BCMModem;BCM V.90 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]

S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]

S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []

S3 catchme;catchme; \??\C:\DOCUME~1\Lillie\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []

S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2002-07-23 161020]

S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2002-07-23 12415]

S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2002-07-23 12127]

S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2002-07-23 11775]

S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2002-07-23 12063]

S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2002-07-23 19455]

S3 iAimFP5;iAimFP5; C:\WINDOWS\System32\DRIVERS\wADV07nt.sys [2002-07-23 11807]

S3 iAimFP6;iAimFP6; C:\WINDOWS\System32\DRIVERS\wADV08nt.sys [2002-07-23 11295]

S3 iAimFP7;iAimFP7; C:\WINDOWS\System32\DRIVERS\wADV09nt.sys [2002-07-23 11871]

S3 iAimFP8;iAimFP8; C:\WINDOWS\System32\DRIVERS\wADV11nt.sys [2002-07-23 11935]

S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2002-07-23 29311]

S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2002-07-23 19551]

S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2002-07-23 33599]

S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2002-07-23 23615]

S3 iAimTV5;iAimTV5; C:\WINDOWS\System32\DRIVERS\wATV10nt.sys [2002-07-23 25471]

S3 iAimTV6;iAimTV6; C:\WINDOWS\System32\DRIVERS\wATV06nt.sys [2002-07-23 22271]

S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-05-27 19968]

S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\System32\DRIVERS\LVCM.sys [2004-05-21 471232]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2001-07-25 438200]

S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 USB_RNDIS;Arris Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 wandrv;WAN Network Driver; C:\WINDOWS\System32\DRIVERS\wandrv.sys [2001-08-09 22608]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R2 avg8wd;AVG Free8 WatchDog; D:\DANNYS~1\AVG8\avgwdsvc.exe [2009-06-22 298776]

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-24 152984]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-11 66872]

R2 StarWindServiceAE;StarWind AE Service; D:\Danny Stuff\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]

R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-28 654848]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-03-16 2849757]

S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2008-04-13 26112]

S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2001-07-31 65536]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

 

-----------------EOF-----------------

 

 

 

ComboFix 09-06-25.07 - Lillie 06/26/2009 13:39.2 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.512.263 [GMT -4:00]

Running from: c:\documents and settings\Lillie\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Lillie\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: F-Secure Anti-Virus 2005 5.10 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

"c:\windows\Tasks\Registration reminder 1.job"

"c:\windows\Tasks\Registration reminder 2.job"

"c:\windows\Tasks\Registration reminder 3.job"

 

file zipped: c:\windows\Collect_@@desktop.dat.vir

file zipped: c:\windows\system32\drivers\Collect_15d5d41.sys.vir

file zipped: c:\windows\system32\Collect_mlfcache.dat.vir

file zipped: c:\documents and settings\Lillie\Suspect_check.bat.vir

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\@@desktop.dat

c:\windows\Downloaded Program Files\PurpleBean.exe

c:\windows\system32\drivers\15d5d41.sys

c:\windows\system32\mlfcache.dat

c:\windows\system32\swodniw.dat

c:\windows\Tasks\Registration reminder 1.job

c:\windows\Tasks\Registration reminder 2.job

c:\windows\Tasks\Registration reminder 3.job

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_MRTRATE

-------\Legacy_MYFI

-------\Service_15d5d41

-------\Service_4755fcb9

-------\Service_c61f4215

-------\Service_mrtRate

-------\Service_MYFI

-------\Service_osc03d2

-------\Service_pscb54e

-------\Service_shl322f

 

 

((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))

.

 

2009-06-24 20:47 . 2009-06-24 20:47 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-06-24 20:44 . 2009-06-24 20:46 152576 ----a-w- c:\documents and settings\Lillie\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-06-24 08:02 . 2008-05-01 02:28 1654869 ----a-w- c:\documents and settings\All Users\Application Data\DynuEncrypt.dll

2009-06-24 06:19 . 2009-06-25 00:12 1123994715 ----a-w- c:\documents and settings\Lillie\Application Data\ijjigame\U_LUNIA_setup.exe

2009-06-24 06:10 . 2009-06-03 21:48 779720 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\PurpleBean.exe

2009-06-24 06:10 . 2009-05-27 22:08 591320 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\ExLauncher.exe

2009-06-24 02:20 . 2009-06-24 02:20 -------- d-----w- c:\windows\system32\dllcache\cache

2009-06-24 01:52 . 2009-06-24 01:52 -------- d-sh--w- C:\FOUND.001

2009-06-24 00:01 . 2009-06-24 00:01 -------- d-----w- c:\documents and settings\Lillie\Application Data\Malwarebytes

2009-06-24 00:00 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-24 00:00 . 2009-06-24 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-06-24 00:00 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-23 08:08 . 2009-06-23 08:08 -------- d-----w- C:\rsit

2009-06-23 08:07 . 2009-06-23 08:07 -------- d-----w- c:\program files\Trend Micro

2009-06-23 03:05 . 2009-06-17 13:51 781435 ----a-w- c:\documents and settings\Lillie\Application Data\Mozilla\Firefox\Profiles\bo7q3s03.default\extensions\firedownload@mozilla.org\Download.dll

2009-06-23 03:05 . 2009-05-07 16:49 22528 ----a-w- c:\documents and settings\Lillie\Application Data\Mozilla\Firefox\Profiles\bo7q3s03.default\extensions\firedownload@mozilla.org\components\firedownload.dll

2009-06-23 02:48 . 2009-06-23 02:48 -------- d-----w- c:\documents and settings\Lillie\Local Settings\Application Data\AVG Security Toolbar

2009-06-23 00:31 . 2009-06-23 00:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar

2009-06-23 00:29 . 2009-06-23 00:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2009-06-22 23:33 . 2009-06-22 23:33 -------- d-----w- c:\documents and settings\danny\Local Settings\Application Data\AVG Security Toolbar

2009-06-22 23:25 . 2009-06-22 23:25 -------- d--h--w- C:\$AVG8.VAULT$

2009-06-22 22:32 . 2009-06-22 22:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-06-22 22:32 . 2009-06-22 22:32 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-06-22 22:32 . 2009-06-22 22:32 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-06-22 22:32 . 2009-06-22 22:32 -------- d-----w- c:\windows\system32\drivers\Avg

2009-06-22 22:32 . 2009-06-22 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2009-06-22 22:32 . 2009-06-22 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-06-22 22:26 . 2009-06-22 22:26 -------- d-----w- c:\program files\AVG

2009-06-12 16:04 . 2009-06-12 16:04 151 ----a-w- c:\documents and settings\Lillie\check.bat

2009-06-12 03:22 . 2009-06-12 03:22 -------- d-----w- c:\program files\Common Files\Audio

2009-06-11 02:34 . 2009-06-11 02:34 7382192 ----a-w- c:\documents and settings\Lillie\Application Data\Raptr\raptr-0_2_83_06091200.exe

2009-05-28 23:31 . 2009-03-28 23:52 94208 ----a-w- c:\documents and settings\Lillie\Application Data\Soldat\Battleye\BEServer.dll

2009-05-28 23:31 . 2009-03-28 23:52 102400 ----a-w- c:\documents and settings\Lillie\Application Data\Soldat\Battleye\BEClient.dll

2009-05-28 23:31 . 2009-05-28 23:31 0 ----a-r- C:\logwmemory.bin

2009-05-28 23:15 . 2009-05-28 23:15 -------- d-----w- c:\documents and settings\Lillie\Application Data\Soldat

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-24 06:21 . 2008-08-09 02:08 34 ----a-w- c:\documents and settings\Lillie\jagex_runescape_preferences.dat

2009-06-24 06:19 . 2008-09-05 01:32 558552 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\PLauncher.exe

2009-06-22 22:32 . 2008-02-27 21:50 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-06-04 17:17 . 2004-01-04 01:07 113984 ----a-w- c:\documents and settings\Lillie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-23 04:02 . 2009-05-23 03:48 383645136 ----a-w- c:\documents and settings\Lillie\Application Data\ijjigame\U_GBOUND_setup.exe

2009-05-23 03:50 . 2009-05-23 03:50 -------- d-----w- c:\documents and settings\Lillie\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1

2009-05-23 03:48 . 2009-05-23 03:48 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-05-23 03:47 . 2009-05-23 03:49 38208 ----a-w- c:\documents and settings\Lillie\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-05-23 03:47 . 2009-05-23 03:47 -------- d-----w- c:\documents and settings\Lillie\Application Data\Raptr

2009-05-23 03:45 . 2009-05-23 03:45 480688 ----a-w- c:\documents and settings\Lillie\Application Data\ijjigame\ijjistarter2FxB.exe

2009-05-23 03:45 . 2009-05-23 03:45 -------- d--h--w- c:\documents and settings\Lillie\Application Data\ijjigame

2009-05-23 03:36 . 2009-05-23 03:36 -------- d-----w- c:\program files\NHN USA

2009-05-13 00:48 . 2009-05-23 03:36 710064 ----a-w- c:\windows\system32\ijjiSetup.exe

2009-05-09 05:09 . 2009-05-09 05:09 5185536 ----a-r- c:\documents and settings\Lillie\Application Data\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe

2009-05-09 05:09 . 2009-05-09 05:09 28672 ----a-r- c:\documents and settings\Lillie\Application Data\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe

2009-05-07 15:32 . 2001-09-10 20:43 345600 ------w- c:\windows\system32\localspl.dll

2009-05-01 22:32 . 2009-05-01 22:31 -------- d-----w- c:\documents and settings\Lillie\Application Data\TeamViewer

2009-04-30 02:09 . 2005-08-12 22:43 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2009-04-29 23:11 . 2009-05-23 03:36 66992 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe

2009-04-29 04:46 . 2004-01-08 18:23 666624 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:46 . 2004-08-04 08:56 81920 ------w- c:\windows\system32\ieencode.dll

2009-04-17 12:26 . 2001-09-10 20:44 1847168 ------w- c:\windows\system32\win32k.sys

2009-04-15 14:51 . 2004-04-16 22:02 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2006-03-15 17:55 . 2005-06-22 16:21 4263 --sh--w- c:\windows\windllreg1c.sys

.

 

((((((((((((((((((((((((((((( SnapShot@2009-06-24_02.18.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-26 18:30 . 2009-06-26 18:30 16384 c:\windows\temp\Perflib_Perfdata_d1c.dat

+ 2009-06-26 17:56 . 2009-06-26 17:56 16384 c:\windows\temp\Perflib_Perfdata_7c0.dat

+ 2009-06-24 02:20 . 2008-10-16 18:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe

+ 2009-06-24 02:20 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll

+ 2009-06-24 02:20 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe

+ 2009-06-24 02:20 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe

+ 2009-06-24 02:20 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe

+ 2009-06-24 02:20 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll

+ 2009-06-24 02:20 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe

+ 2009-06-24 02:20 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys

+ 2009-06-24 02:20 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys

+ 2009-06-24 02:20 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe

- 2009-05-19 22:09 . 2009-06-09 23:11 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll

+ 2009-05-19 22:09 . 2009-06-24 06:20 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll

- 2009-05-19 22:09 . 2009-06-09 23:11 77824 c:\windows\.jagex_cache_32\runescape\jaggl.dll

+ 2009-05-19 22:09 . 2009-06-24 06:20 77824 c:\windows\.jagex_cache_32\runescape\jaggl.dll

+ 2009-06-24 20:47 . 2009-06-24 20:47 148888 c:\windows\system32\javaws.exe

+ 2009-06-24 20:47 . 2009-06-24 20:47 144792 c:\windows\system32\javaw.exe

+ 2009-06-24 20:47 . 2009-06-24 20:47 144792 c:\windows\system32\java.exe

+ 2009-06-24 02:20 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe

+ 2009-06-24 02:20 . 2009-04-29 04:46 666624 c:\windows\system32\dllcache\cache\wininet.dll

+ 2009-06-24 02:20 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll

+ 2009-06-24 02:20 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll

+ 2009-06-24 02:20 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys

+ 2009-06-24 02:20 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe

+ 2009-06-24 02:20 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys

+ 2009-06-24 02:20 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll

+ 2009-06-24 02:20 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll

+ 2009-06-24 02:20 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll

+ 2009-06-24 02:20 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\cache\ntoskrnl.exe

+ 2009-06-24 02:20 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\cache\ntkrnlpa.exe

+ 2009-06-24 02:20 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

2009-06-14 20:07 1004800 ----a-w- d:\danny stuff\AVG8\Toolbar\IEToolbar.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Uniblue RegistryBooster 2009"="d:\danny stuff\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]

"AlcoholAutomount"="d:\danny stuff\Alcohol 120\axcmd.exe" [2008-11-23 203720]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"QuickTime Task"="d:\danny stuff\Quicktime\QTTask.exe" [2009-01-05 413696]

"AVG8_TRAY"="d:\dannys~1\AVG8\avgtray.exe" [2009-06-22 1948440]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-24 148888]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

 

c:\documents and settings\Lillie\Start Menu\Programs\Startup\

MagicDisc.lnk - d:\danny stuff\MagicDisc\MagicDisc.exe [2008-3-16 546816]

 

c:\documents and settings\Lillie\Start Menu\Programs\Startup\AutorunsDisabled

Raptr.lnk - d:\dannys~1\Raptr\RaptrStub.exe [2009-6-9 42424]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-06-22 22:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Auto Detect.lnk]

backup=c:\windows\pss\Auto Detect.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Real-time Monitor.lnk]

backup=c:\windows\pss\Real-time Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]

backup=c:\windows\pss\VAIO Action Setup (Server).lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Lillie^Start Menu^Programs^Startup^Morpheus.lnk]

backup=c:\windows\pss\Morpheus.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Lillie^Start Menu^Programs^Startup^Xfire.lnk]

backup=c:\windows\pss\Xfire.lnkStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Logitech\\Video\\Launcher.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\System32\\java.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Danny Stuff\\Firefox\\firefox.exe"=

"d:\\Danny Stuff\\VBA_N_Romz\\VisualBoyAdvance.exe"=

"d:\\Danny Stuff\\garena\\Garena.exe"=

"d:\\Danny Stuff\\Warcraft III\\Warcraft III\\Warcraft III.exe"=

"d:\\Danny Stuff\\Warcraft III\\Warcraft III\\War3.exe"=

"d:\\Danny Stuff\\mIRC\\mirc.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Documents and Settings\\Lillie\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\ijji\\ENGLISH\\U_GBOUND.exe"=

"d:\\Danny Stuff\\Soldat\\Soldat.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\IJJIGame\\PLauncher.exe"=

"d:\\Danny Stuff\\Raptr\\Raptr.exe"=

 

R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [06/22/2009 6:32 PM 327688]

R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [06/22/2009 6:32 PM 108552]

R1 SonyFanC;FAN Control Device Service;c:\windows\system32\drivers\SonyFanC.sys [09/11/2001 7:50 AM 68116]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [08/15/2007 10:45 PM 8576]

R2 avg8wd;AVG Free8 WatchDog;d:\dannys~1\AVG8\avgwdsvc.exe [06/22/2009 6:32 PM 298776]

R2 X4HS16;X4HS16;c:\program files\EXEtender\X4HS16.sys [12/29/2003 8:49 PM 19691]

S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\d:\danny stuff\Visual\Figures of Happiness\VMLaunch\BuddyVM.sys --> d:\danny stuff\Visual\Figures of Happiness\VMLaunch\BuddyVM.sys [?]

S3 BCM42XX;Broadcom iLine10 Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [09/10/2001 5:25 PM 54271]

S3 iAimFP8;iAimFP8;c:\windows\system32\drivers\wADV11NT.sys [12/23/2003 5:43 PM 11935]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

 

2009-06-26 c:\windows\Tasks\{D37900FD-FB5C-49D1-BBC2-8B03F6A7FFC1}_VAIO_danny.job

- c:\windows\System32\mobsync.exe [2001-09-10 00:12]

 

2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bs/

mStart Page = hxxp://www.google.ca/

mSearch Bar =

uInternet Settings,ProxyOverride = *.local

IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm

IE: Add Hyperlink iComment - c:\program files\iComment 1.0.21\iComment.dll/267

IE: Add Picture iComment - c:\program files\iComment 1.0.21\iComment.dll/267

IE: Add Text iComment - c:\program files\iComment 1.0.21\iComment.dll/267

IE: E&xport to Microsoft Excel - d:\office10\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Search Using Copernic Agent - d:\program files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss50.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://ares.netgame.com/download/mglaunch_USAv1002.cab

DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} - hxxp://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab

FF - ProfilePath - c:\documents and settings\Lillie\Application Data\Mozilla\Firefox\Profiles\bo7q3s03.default\

FF - component: c:\documents and settings\Lillie\Application Data\Mozilla\Firefox\Profiles\bo7q3s03.default\extensions\firedownload@mozilla.org\components\firedownload.dll

FF - component: d:\danny stuff\AVG8\Firefox\components\avgssff.dll

FF - component: d:\danny stuff\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: d:\danny stuff\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: d:\danny stuff\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: d:\danny stuff\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: d:\danny stuff\Divx\DivX Content Uploader\npUpload.dll

FF - plugin: d:\danny stuff\Firefox\plugins\npijjiautoinstallpluginff.dll

FF - plugin: d:\danny stuff\Firefox\plugins\npijjiFFPlugin1.dll

FF - plugin: d:\danny stuff\Firefox\plugins\NPMFireLauncher.dll

FF - plugin: d:\danny stuff\Quicktime\Plugins\npqtplugin.dll

FF - plugin: d:\danny stuff\Quicktime\Plugins\npqtplugin2.dll

FF - plugin: d:\danny stuff\Quicktime\Plugins\npqtplugin3.dll

FF - plugin: d:\danny stuff\Quicktime\Plugins\npqtplugin4.dll

FF - plugin: d:\danny stuff\Quicktime\Plugins\npqtplugin5.dll

FF - plugin: d:\danny stuff\Quicktime\Plugins\npqtplugin6.dll

FF - plugin: d:\danny stuff\Quicktime\Plugins\npqtplugin7.dll

FF - HiddenExtension: Java Console: No Registry Reference - d:\danny stuff\Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - d:\danny stuff\Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - d:\danny stuff\Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-26 14:29

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

"ImagePath"=multi:"System32\Drivers\fdc.sys\00"

"KeepImagePath"=multi:"System32\DRIVERS\fdc.sys\00"

"SDImagePath"=multi:"System32\Drivers\fdc.sys\00"

--

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

"KeepImagePath"=multi:"System32\DRIVERS\flpydisk.sys\00"

"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

"ImagePath"=multi:"System32\Drivers\fdc.sys\00"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

"ImagePath"=multi:"System32\Drivers\fdc.sys\00"

"KeepImagePath"=multi:"System32\DRIVERS\fdc.sys\00"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

"ImagePath"=multi:"System32\Drivers\fdc.sys\00"

"KeepImagePath"=multi:"System32\DRIVERS\fdc.sys\00"

"SDImagePath"=multi:"System32\Drivers\fdc.sys\00"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

"KeepImagePath"=multi:"System32\DRIVERS\flpydisk.sys\00"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

"KeepImagePath"=multi:"System32\DRIVERS\flpydisk.sys\00"

"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(476)

c:\windows\system32\nview.dll

c:\program files\TortoiseSVN\bin\tortoisesvn.dll

c:\program files\TortoiseSVN\bin\intl3_svn.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

d:\danny stuff\Alcohol 120\StarWind\StarWindServiceAE.exe

d:\danny stuff\AVG8\avgrsx.exe

d:\dannys~1\AVG8\avgnsx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\conime.exe

c:\windows\system32\rundll32.exe

c:\program files\TortoiseSVN\bin\TSVNCache.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2009-06-26 14:33 - machine was rebooted

ComboFix-quarantined-files.txt 2009-06-26 18:33

ComboFix2.txt 2009-06-24 02:23

 

Pre-Run: 7,311,355,904 bytes free

Post-Run: 7,414,136,832 bytes free

 

343 --- E O F --- 2009-06-12 16:08

Upload was successful

 

 

I tried to run the kaspersky scan again , but it keeps stopping at 57%. The bad image problem is gone, and my computer working fine right now though. I am goin on a trip till wednesday, however, so i wont be able to reply on anything till then, and if i could, it wont be from this computer, just letting you know in case u thoink im just being unresponsive. i hope i can fix the kaspersky problem when i get back, thanks for sticking with me this far.

Share this post


Link to post
Share on other sites

Information

Please do the following when you can.

 

 

Registry Cleaners

 

Re. Uniblue RegistryBooster 2009]

 

I don't personally recommend the use of ANY registry cleaners.

Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.

The point we are trying to make is that the risk of using one far outweighs any benefit.

If it does work perfectly you will not see any difference

If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

 

----------------------------------------------------------------------------------------

Step 1

 

Fix With HJT

 

Close all other windows and then start HiJack This

Click Do A System Scan Only

When it has finished scanning put a check next to the following lines IF still present

R3 - URLSearchHook: (no name) - *{BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)

R3 - URLSearchHook: (no name) - *_{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

R3 - URLSearchHook: (no name) - *_{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

R3 - URLSearchHook: (no name) - *_{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: iComment - {9005D5D6-4DD4-4D15-B550-2CCE057D6E86} - (no file)

O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)

Please remove all Logitech\Desktop Messenger lines eg.

O18 - Protocol: bw+0 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {7E89B60A-7098-450D-B01D-0714394C0EC9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Lillie/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg

- Close ALL open windows (especially Internet Explorer!)-

Now click Fix checked

Click yes to any prompts

Close HijackThis

 

 

----------------------------------------------------------------------------------------

Step 2

 

 

OTMoveIt

Please download OTM by OldTimer and save it to your desktop

  • Double-click OTM.exe to run it.
  • Copy the lines in the codebox below. ( Make sure you include :Processes )
:Processes
explorer.exe
:Reg
[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2009"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewall auto setup]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Auto Detect.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Real-time Monitor.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lillie^Start Menu^Programs^Startup^Morpheus.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lillie^Start Menu^Programs^Startup^Xfire.lnk]
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]

  • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • - Close ALL open windows (especially Internet Explorer!)-
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

 

----------------------------------------------------------------------------------------

Step 3

 

Active Scan

Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin

Please go to this site Link >> ActiveScan << LINK

  • Click the Scan Now button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small export to notepad button and save the report to your desktop.
  • Please post the report in your reply.
----------------------------------------------------------------------------------------

Step 4

 

 

Installed Programs

 

Please could you give me a list of the programs that are installed.

  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.

Click on save list button and specify where you would like to save this file.

When you press Save button a notepad will open with the contents of that file.

Simply copy and paste the contents of that notepad into your next post.

 

----------------------------------------------------------------------------------------

Logs/Information to Post in Reply

Please post the following logs/Information in your reply

  • OTMoveIt Log
  • Active Scan Log
  • Installed Programs list
  • Do you know what these are ?

    BeautifulJudeLaw/pict52.jpg

    BeautifulJudeLaw/pict56.jpg

    BeautifulJudeLaw/pict129.jpg

  • How are things running now ?

Share this post


Link to post
Share on other sites

OTM LOG

 

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\ not found.

Registry key HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Uniblue RegistryBooster 2009 not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewall auto setup\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Auto Detect.lnk\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Real-time Monitor.lnk\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lillie^Start Menu^Programs^Startup^Morpheus.lnk\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lillie^Start Menu^Programs^Startup^Xfire.lnk\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: NetworkService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Owner

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Lillie

->Temp folder emptied: 8608624 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 34441925 bytes

->Apple Safari cache emptied: 0 bytes

 

User: free man

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

 

User: danny

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

 

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 23457 bytes

 

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 41.17 mb

 

 

OTM by OldTimer - Version 3.0.0.2 log created on 07022009_170524

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...

 

 

ACTIVE SCAN LOG

ACTIVE SCAN LOG

ACTIVE SCAN LOG

 

 

;***********************************************************************************************************************************************************************************

ANALYSIS: 2009-07-02 16:54:03

PROTECTIONS: 1

MALWARE: 12

SUSPECTS: 5

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description Version Active Updated

;===================================================================================================================================================================================

AVG Anti-Virus Free 8.5 Yes Yes

;===================================================================================================================================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===================================================================================================================================================================================

00020302 adware/ncase Adware No 0 Yes No hkey_current_user\software\microsoft\internet explorer\main\search bar_bak

00020302 adware/ncase Adware No 0 Yes No hkey_current_user\software\microsoft\internet explorer\main\search page_bak

00040415 adware/wintools Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{339BB23F-A864-48C0-A59F-29EA915965EC}

00041904 adware/sidesearch Adware No 0 Yes No c:\documents and settings\lillie\application data\lycos

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Lillie\Cookies\lillie@xiti[1].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Lillie\Cookies\lillie@adrevolver[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Lillie\Cookies\lillie@ads.pointroll[1].txt

00651785 W32/SDBot.MBV.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\WanPacket.dll.vir

00736643 Trj/Spamta.AIE Virus/Trojan No 1 No No D:\Danny Stuff\RapeLay\Mini RLHream MGR.exe[D:\Danny Stuff\RapeLay\Mini RLHream MGR.exe][iluPak.exe]

00736643 Trj/Spamta.AIE Virus/Trojan No 1 Yes No C:\WINDOWS\MRLH\IluPak.exe

02897073 Cookie/Revenue TrackingCookie No 0 Yes No C:\Documents and Settings\Lillie\Cookies\lillie@adsrevenue[2].txt

02897073 Cookie/Revenue TrackingCookie No 0 Yes No C:\Documents and Settings\Lillie\Cookies\lillie@adsrevenue[1].txt

02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\Lillie\Cookies\lillie@h.starware[5].txt

02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\Lillie\Cookies\lillie@h.starware[4].txt

02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\Lillie\Cookies\lillie@h.starware[1].txt

02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\Lillie\Cookies\lillie@h.starware[3].txt

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\PHAGE2.EXE

03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\My Music\Lillie's Favorite Music\KaZaA Speedup v2.63.exe

03863225 Generic Trojan Virus/Trojan No 0 Yes No D:\Downloads\KMD.EXE

;===================================================================================================================================================================================

SUSPECTS

Sent Location P

;===================================================================================================================================================================================

No C:\WINDOWS\SYSTEM32\XMLPARSE.DLL P

No C:\WINDOWS\SYSTEM32\ijjiProcessRestarter.exe P

No C:\Documents and Settings\Lillie\Desktop\BLACK.EXE P

No D:\Danny Stuff\BLACK.EXE[D:\Danny Stuff\BLACK.EXE][black.exe] P

No D:\Danny Stuff\BLACK\BLACK.EXE P

;===================================================================================================================================================================================

VULNERABILITIES

Id Severity Description P

;===================================================================================================================================================================================

;===================================================================================================================================================================================

 

 

LIST OF PROGRAMS

LIST OF PROGRAMS

LIST OF PROGRAMS

 

 

?1?e?I‰S

3D Groove Playback Engine

7-Zip 4.64

Adobe AIR

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Device Central CS3

Adobe Director 11

Adobe Director 11

Adobe ExtendScript Toolkit 2

Adobe ExtendScript Toolkit 2

Adobe Flash CS3

Adobe Flash CS3 Professional

Adobe Flash Player 10 Plugin

Adobe Flash Player 9 ActiveX

Adobe Flash Player 9 ActiveX

Adobe Flash Video Encoder

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Reader 7.0.5 Language Support

Adobe Reader 7.0.8

Adobe Setup

Adobe Setup

Adobe Setup

Adobe Shockwave Player

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

AdobeR PhotoshopR Album Starter Edition 3.0

Allok Video Splitter 2.2.0

AllToAVI v4 r5394

Apple Software Update

ArtMoney SE v7.30.2

AVG Free 8.5

AVI/MPEG/RM/WMV Splitter 4.28

AVS DVDMenu Editor 1.2.1.19

AVS Video Tools 5.6

Ballad of an Evening Butterfly 1.5e

Canon PIXMA iP1500

Canon Utilities Easy-PrintToolBox

CDex extraction audio

CHAOS;HEAD

Copernic Agent Basic

Critical Update for Windows Media Player 11 (KB959772)

DigitalPrint 1.0

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Web Player

Drug Lord 2

DVgate

Easy-WebPrint

EXEtender Player

Fallout2

Fate/stay night English v3.2

Finale NotePad 2009

Garena

Google Earth

Heart Health Screensaver

Hero Editor V0.80

Hijackthis 1.99.1

HijackThis 2.0.2

HolicUSA

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

HP Customer Participation Program 8.0

HP Deskjet 8.0 Software

HP Imaging Device Functions 8.0

HP Photosmart Essential

HP Smart Web Printing 1.0

HP Solution Center 8.0

HP Update

HPSSupply

HyperLoad

iComment 1.0.21

ID3man 3.0

ijji Auto Installer

ILLUSION ?l?H?-??3

ILLUSION RapeLay

Intel® 810/810E/815/815E/815EM Chipset Graphics Driver Software

Intel® Processor ID Utility

InterActual Player

J2SE Runtime Environment 5.0

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

Jasc Paint Shop Pro 8

Java 6 Update 14

Java 6 Update 5

Java 6 Update 7

Logitech Desktop Messenger

Logitech Print Service

Logitech QuickCam

LogitechR Camera Driver

Lunia

Lyra System File Update Utility

Magic ISO Maker v5.4 (build 0251)

MagicDisc 2.6.93

Malwarebytes' Anti-Malware

Metal Fatigue Uninstall

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Data Access Components KB870669

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 SR-1 Disc 2

Microsoft Office 2000 SR-1 Professional

Microsoft Office XP Web Components

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Windows Journal Viewer

Microsoft XML Parser and SDK

mIRC

ML-1430 Series

MoodLogic

MoodLogic DeviceLink

Motion JPEG Software Decoder

MovieShaker 3.2

Mozilla Firefox (3.0.11)

Mpeg Layer3 Codec FHG-Radium v1.263

MPlugin

MSN Music Assistant

MSN Toolbar

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML4 Parser

Multimedia Vocabulary v1.10

Music Visualizer Library 1.1

Naruto Battle Arena M.U.G.E.N

Neffy 1,2,0,12

neroxml

netquartz ez-pad 2.0.1 (017)

Network Play System (Patching)

NVIDIA Drivers

OLYMPUS CAMEDIA Master 4.0

Online Testing Web Client

OpenMG Secure Module

Panda ActiveScan 2.0

PDF Settings

Peachtree Complete Accounting 2003

PictureGear 5.1

Postal 2 Share The Pain Demo

Pretty Soldier Wars A.D. 2048

QuickTime

Raptr

RealPlayer

RebirthRO Full Client

Red Swoosh EDN Client (remove only)

RPG World Online Client

Sacrifice

Safari

Security Update for CAPICOM (KB931906)

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Segoe UI

Shockwave

Sibelius Scorch (Firefox, Opera, Netscape only)

Smart Capture

Snow Sakura

Soldat 1.5.0

SonicStage CD-R Writing Module

Sony Certificate PCH

Sony DV Shared Library

Sony on Yahoo!

Starcraft Brood War (RAZOR 1911)

Starscape V2.3

Support Actions Win2K,WinXP

System Requirements Lab

Tears to Tiara

Thief Gold

TortoiseSVN 1.4.8.12137 (32 bit)

Tropico 2 Pirate Cove

True Remembrance 1.04E

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

USDA-HealtheTech Search SR-18

VAIO Action Setup

VAIO Grid Wallpaper

VAIO Help & Support

VAIO Registration

VAIOWorld

VC80CRTRedist - 8.0.50727.762

VisualFlow 2.1

Warkeys 1.14.0.0b

WarRock

WebCam for MSN Messenger

Windows Genuine Advantage v1.3.0254.0

Windows Live Communications Platform

Windows Live installer

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Sign-in Assistant

Windows Media Encoder 9 Series

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

WinZip

XviD MPEG-4 Codec

YUME MIRU KUSURI

 

I dont know what those are, and everythings running smoothly. the bad image errors was fixed by malware, and everythings working fine. Is it safe to change my passwords and such now?

Edited by Bossof69

Share this post


Link to post
Share on other sites

Information

Is it safe to change my passwords and such now?

Not from this computer yet.

There are still signs of infection

 

 

----------------------------------------------------------------------------------------

Step 1

 

Submit a File For Analysis

We need to have the files below Scanned by Uploading them/it to Virus Total

 

Please visit Virustotal

Copy/paste the the following file path into the window

C:\Documents and Settings\Lillie\Desktop\BLACK.EXE

Click Submit/Send File

Please post back, to let me know the results.

 

Please do the same for the following file

C:\WINDOWS\PHAGE2.EXE

C:\WINDOWS\SYSTEM32\XMLPARSE.DLL

 

If Virustotal is too busy please try Jotti

 

 

----------------------------------------------------------------------------------------

Step 2

 

Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

 

Also remove the checkmark from the the Lock Desktop Items box if it is checked.

Apply.

Apply and Exit Display properties.

 

----------------------------------------------------------------------------------------

Step 3

 

 

OTMoveIt

Please download OTM by OldTimer and save it to your desktop

  • Double-click OTM.exe to run it.
  • Copy the lines in the codebox below. ( Make sure you include :Processes )
:Processes
:Reg
[-hkey_current_user\software\microsoft\internet explorer\main\search bar_bak]
[-hkey_current_user\software\microsoft\internet explorer\main\search page_bak]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{339BB23F-A864-48C0-A59F-29EA915965EC}]
:Files
c:\documents and settings\lillie\application data\lycos
D:\Danny Stuff\RapeLay\Mini RLHream MGR.exe
C:\WINDOWS\MRLH\IluPak.exe
D:\My Music\Lillie's Favorite Music\KaZaA Speedup v2.63.exe
D:\Downloads\KMD.EXE
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]

  • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • - Close ALL open windows (especially Internet Explorer!)-
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

 

----------------------------------------------------------------------------------------

Step 4

 

Fix With HJT

 

Close all other windows and then start HiJack This

Click Do A System Scan Only

When it has finished scanning put a check next to the following lines IF still present

O24 - Desktop Component 0: (no name) - http://www.dreamhomesource.com/images/Plan.../FE/at23432.gif

O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Lillie/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg

O24 - Desktop Component 2: (no name) - http://members.aol.com/BeautifulJudeLaw/pict52.jpg

O24 - Desktop Component 3: (no name) - http://members.aol.com/BeautifulJudeLaw/pict56.jpg

O24 - Desktop Component 4: (no name) - http://members.aol.com/BeautifulJudeLaw/pict129.jpg

 

- Close ALL open windows (especially Internet Explorer!)-

Now click Fix checked

Click yes to any prompts

Close HijackThis

 

Reboot your machine

 

----------------------------------------------------------------------------------------

Logs/Information to Post in Reply

Please post the following logs/Information in your reply

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

  • Virus Total Results
  • OTMoveIt Log
  • A fresh HJT Log
  • How are things running now ?
---------------------------------------------------------------------------------------------------

---------------------------------------------------------------------------------------------------

Additional Notes

 

 

 

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

 

Adobe Reader is a large program and uses unnecessary space.

If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.

  • Please go to this link Adobe Acrobat Reader Download Link
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

 

Please download Java SE Runtime Environment (JRE) . ( don't install it yet )

  • Scroll down to where it says "Java SE Runtime Environment (JRE)".
  • Click the "Download" button to the right.
    • Platform = Windows
    • Language = Multi Language
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Now download JavaRa and unzip it to your desktop.

 

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
Now install the Java SE Runtime Environment (JRE) package you downloaded

(it comes with a toolbar pre-selected, so make sure you uncheck the box)

 

You can delete JavaRa (zip and exe)

 

Remove Programs

 

Older versions of some programs have vulnerabilities that malware can use to infect your system.

 

Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are still listed there,

click on the program to highlight it, and click on remove.

  • Adobe Reader 7.0.5 Language Support

    Adobe Reader 7.0.8

     

     

    J2SE Runtime Environment 5.0

    J2SE Runtime Environment 5.0 Update 10

    J2SE Runtime Environment 5.0 Update 11

    Java™ 6 Update 14

    Java™ 6 Update 5

    Java™ 6 Update 7

Now close the Control Panel. Edited by Katana

Share this post


Link to post
Share on other sites

Hijackthis log

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:55:59 PM, on 07/07/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

D:\Danny Stuff\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\wuauclt.exe

D:\DANNYS~1\AVG8\avgwdsvc.exe

D:\DANNYS~1\AVG8\avgrsx.exe

D:\DANNYS~1\AVG8\avgnsx.exe

D:\Danny Stuff\AVG8\avgcsrvx.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

D:\Danny Stuff\Java\bin\jqs.exe

D:\Danny Stuff\Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Danny Stuff\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - D:\Danny Stuff\AVG8\avgssie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: AVG Security Toolbar BHO - {a3bc75a2-1f87-4686-aa43-5347d756017c} - D:\Danny Stuff\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - D:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Danny Stuff\Java\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Danny Stuff\Java\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Danny Stuff\AVG8\Toolbar\IEToolbar.dll

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Danny Stuff\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKUS\S-1-5-21-1960408961-1292428093-682003330-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\S-1-5-21-1960408961-1292428093-682003330-1003\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User '?')

O4 - Startup: MagicDisc.lnk = D:\Danny Stuff\MagicDisc\MagicDisc.exe

O4 - Startup: AutorunsDisabled

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Add Hyperlink iComment - res://C:\Program Files\iComment 1.0.21\iComment.dll/267

O8 - Extra context menu item: Add Picture iComment - res://C:\Program Files\iComment 1.0.21\iComment.dll/267

O8 - Extra context menu item: Add Text iComment - res://C:\Program Files\iComment 1.0.21\iComment.dll/267

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Search Using Copernic Agent - res://D:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)

O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)

O9 - Extra button: iComment - {9005D5D6-4DD4-4D15-B550-2CCE057D6E86} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com

O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Danny Stuff\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\DANNYS~1\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Danny Stuff\Java\bin\jqs.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Danny Stuff\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 9211 bytes

 

 

 

Virus total results

 

Phage2.exe

 

http://www.virustotal.com/analisis/ed406d4...710f-1239758233

 

 

Black.exe

 

http://www.virustotal.com/analisis/42e4285...c0c6-1245826657

 

 

OTM Move It Log

 

All processes killed

========== PROCESSES ==========

========== REGISTRY ==========

Registry key hkey_current_user\software\microsoft\internet explorer\main\search bar_bak\ not found.

Registry key hkey_current_user\software\microsoft\internet explorer\main\search page_bak\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{339BB23F-A864-48C0-A59F-29EA915965EC}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC}\ not found.

========== FILES ==========

c:\documents and settings\lillie\application data\Lycos\Sidesearch moved successfully.

c:\documents and settings\lillie\application data\Lycos moved successfully.

D:\Danny Stuff\RapeLay\Mini RLHream MGR.exe moved successfully.

C:\WINDOWS\MRLH\IluPak.exe moved successfully.

D:\My Music\Lillie's Favorite Music\KaZaA Speedup v2.63.exe moved successfully.

D:\Downloads\kmd.exe moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Owner

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Lillie

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 32239962 bytes

->Apple Safari cache emptied: 0 bytes

 

User: free man

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

 

User: danny

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

 

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 10209 bytes

 

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 30.85 mb

 

 

OTM by OldTimer - Version 3.0.0.2 log created on 07032009_133546

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...

 

Everythings working fine for my computer, the original error has been dealt with a while ago. I dont really see anything wrong with this computer. So, am i almost done? XD

Share this post


Link to post
Share on other sites

OTMoveIt

  • Double-click OTM.exe to run it.
  • Copy the lines in the codebox below. ( Make sure you include :Processes )
:Processes
:Files
C:\Documents and Settings\Lillie\Desktop\BLACK.EXE
C:\WINDOWS\PHAGE2.EXE
:Commands
  • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • - Close ALL open windows (especially Internet Explorer!)-
  • Click the red Moveit! button.
  • Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

 

----------------------------------------------------------------------------------------

Congratulations your logs look clean :)

 

Let's see if I can help you keep it that way

 

First lets tidy up

 

Please delete RSIT.exe and C:\RSIT (entire folder)

You can also delete any logs we have produced, and empty your Recycle bin.

 

 

Uninstall Combofix

  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
  • Posted Image
Uninstall OTMoveIt (OTM.exe)
  • Open OTMoveIt Click Cleanup,
  • When a box pops up click YES.
----------------------------------------------------------- -----------------------------------------------------------

 

The following is some info to help you stay safe and clean.

 

 

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

( Vista users must ensure that any programs are Vista compatible BEFORE installing )

 

Online Scanners

I would recommend a scan at one or more of the following sites at least once a month.

 

http://www.pandasecurity.com/activescan

http://www.kaspersky.com/kos/eng/partner/7...kavwebscan.html

 

!!! Make sure that all your programs are updated !!!

Secunia Software Inspector does all the work for you, .... see HERE for details

 

AntiSpyware

  • AntiSpyware is not the same thing as Antivirus.

    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.

    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.

    Most of the programs in this list have a free (for Home Users ) and paid versions,

    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.

  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner
Prevention
  • These programs don't detect malware, they help stop it getting on your machine in the first place.

    Each does a different job, so you can have more than one

  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections
Internet Browsers
  • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.

    Using a different web browser can help stop malware getting on your machine.

    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
  • FireFox
    • With many addons available that make customization easy this is a very popular choice
    • NoScript and AdBlockPlus addons are essential
  • Opera
    • Another popular alternative
  • Netscape
    • Another popular alternative
    • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

  • Temporary Internet Files are mainly the files that are downloaded when you open a web page.

    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.

    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

     

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.

    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.

    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

     

    Both of these can be cleaned manually, but a quicker option is to use a program

  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place

 

The last and most important thing I can tell you is UPDATE.

If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.

Malware changes on a day to day basis. You should update every week at the very least.

 

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D

 

 

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

 

Happy surfing K'

Edited by Katana

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×