View Full Version : Getting tons of bounced emails
I'm currently getting tons of bounced back emails [Delivery Status Notifications] that I have not sent with spammy-sounding subject lines. This leads me to believe that I'm infected with something and it's sending out tons of spam.
Please help!
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:26 AM, on 12/1/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Spybot - Search & Destroy 1.5.1\TeaTimer.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://drift.ijji.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy 1.5.1\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 1.5.1\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 5642 bytes
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those three things, everything should go smoothly :D
There is nothing bad evident in your log (apart from Vista :laugh: )
Unfortunately most of the tools we use don't work on Vista yet, so please have patience
Please post the Kaspersky log now :D:
You hurt my feelings...Vista's working out a lot better for me than XP. This computer had XP, then it decided to jump off a very tall bridge. Possibly while doing a backflip.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, December 05, 2007 5:40:05 PM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/12/2007
Kaspersky Anti-Virus database records: 472937
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 127322
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:47:26
Infected Object Name / Virus Name / Last Action
C:\ProgramData\avg7\Log\emc.log Object is locked skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2d986ea9d316dbbb6e68a9c74616eaf4_4b07e4d7-343a-480e-83e4-599b2b6a244d Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.112.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.112.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy40.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf8832.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf8833.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050107.log Object is locked skipped
C:\ProgramData\OrbNetworks\Logs\CabDirectory.log Object is locked skipped
C:\ProgramData\OrbNetworks\Logs\MiWebServer.log Object is locked skipped
C:\ProgramData\OrbNetworks\Logs\Orb.log Object is locked skipped
C:\ProgramData\OrbNetworks\Logs\OrbClient.log Object is locked skipped
C:\ProgramData\OrbNetworks\Logs\OrbContacts.log Object is locked skipped
C:\ProgramData\OrbNetworks\Logs\OrbDMS.log Object is locked skipped
C:\ProgramData\OrbNetworks\Logs\OrbErrors.log Object is locked skipped
C:\ProgramData\OrbNetworks\Logs\OrbImageProcessing.log Object is locked skipped
C:\ProgramData\OrbNetworks\Logs\OrbMediaV2.log Object is locked skipped
C:\ProgramData\OrbNetworks\Logs\OrbPVR.log Object is locked skipped
C:\ProgramData\OrbNetworks\Logs\OrbRequestProxy.log Object is locked skipped
C:\ProgramData\OrbNetworks\Logs\OrbStats.log Object is locked skipped
C:\ProgramData\OrbNetworks\Logs\OrbStreamer.log Object is locked skipped
C:\ProgramData\OrbNetworks\Logs\OrbTrayIcon.log Object is locked skipped
C:\ProgramData\OrbNetworks\Logs\OrbTVXml.log Object is locked skipped
C:\ProgramData\OrbNetworks\Logs\rtspServer.log Object is locked skipped
C:\ProgramData\OrbNetworks\OrbContacts\OrbContacts.db Object is locked skipped
C:\ProgramData\OrbNetworks\OrbMediaV2\OrbMedia.db Object is locked skipped
C:\ProgramData\OrbNetworks\OrbPVR\OrbPVR.db Object is locked skipped
C:\ProgramData\OrbNetworks\OrbThumbs\OrbThumbsV2.db Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Jonathan\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\UsrClass.dat{944cae0f-4220-11dc-b198-001a92973122}.TM.blf Object is locked skipped
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\UsrClass.dat{944cae0f-4220-11dc-b198-001a92973122}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\UsrClass.dat{944cae0f-4220-11dc-b198-001a92973122}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Jonathan\AppData\Local\Microsoft\Windows Defender\FileTracker\{862D9676-4BAE-4591-86FC-FB7886F7C97D} Object is locked skipped
C:\Users\Jonathan\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Jonathan\NTUSER.DAT Object is locked skipped
C:\Users\Jonathan\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Jonathan\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Jonathan\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Users\Jonathan\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Jonathan\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\CSC\v2.0.6\pq Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
Scan process completed.
This computer had XP, then it decided to jump off a very tall bridge. Possibly while doing a backflip.
:funny:
I'm glad Vista suits you :bigthumb:
It's just that it causes headaches for us ;)
There is nothing at all showing there, so we will have to try something else.
Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
TotalScan
Please go to this site Link >> TotalScan (http://www.nanoscan.com/as/v1/?) << LINK
Under Scan Now click the Full Scan button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small Save button and save the report to your desktop.
Please post the report in your reply.
You will provably have to post more than once to get all the logs back
Good thing you started responding. People started replying to these emails. I've seen goatse once, I don't need to see it again.
ANYWAYS.
MAIN.TXT
Deckard's System Scanner v20071014.68
Run by Jonathan on 2007-12-07 10:37:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
27: 2007-12-07 06:49:32 UTC - RP159 - Windows Update
26: 2007-12-06 01:45:11 UTC - RP158 - Windows Update
25: 2007-12-05 13:08:27 UTC - RP157 - Scheduled Checkpoint
24: 2007-12-04 22:46:29 UTC - RP156 - Scheduled Checkpoint
23: 2007-12-04 06:43:56 UTC - RP155 - Scheduled Checkpoint
-- First Restore Point --
1: 2007-11-15 21:28:36 UTC - RP133 - Scheduled Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Jonathan.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:20 AM, on 12/7/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Spybot - Search & Destroy 1.5.1\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Users\Jonathan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jonathan.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://drift.ijji.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy 1.5.1\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 1.5.1\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 5540 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20070803-205946-129 O4 - HKLM\..\Run: [faslkakj11] C:\Windows\system32\kjgagklj11.exe
backup-20070803-205946-176 O4 - HKLM\..\Run: [akgkagaksad9] C:\Windows\system32\fsakfask9.exe
backup-20070803-205946-265 O4 - HKLM\..\Run: [askasdkcl3] C:\Windows\system32\faskflxld3.exe
backup-20070803-205946-275 O4 - HKLM\..\Run: [aslkgadlkgsl1] C:\Windows\system32\oigdfgdfl1.exe
backup-20070803-205946-289 O4 - HKLM\..\Run: [daskgfkkcx15] C:\Windows\system32\dasdsaads15.exe
backup-20070803-205946-358 O2 - BHO: (no name) - {D3626E66-B13B-C628-ACDF-BDABCFA265E1} - C:\Program Files\Common Files\Relive.dll
backup-20070803-205946-370 O4 - HKLM\..\Run: [gadkgak12] C:\Windows\system32\fsafsakx12.exe
backup-20070803-205946-439 O4 - HKLM\..\Run: [afskfask8] C:\Windows\system32\fsfjasj8.exe
backup-20070803-205946-450 O4 - HKLM\..\Run: [asgfdjs2] C:\Windows\system32\vbsdaas2.exe
backup-20070803-205946-556 O4 - HKLM\..\Run: [asfkafsk4] C:\Windows\system32\fdaolfdos4.exe
backup-20070803-205946-624 O4 - HKLM\..\Run: [gajklgasjlkga] C:\Windows\system32\aglajgkd16.exe
backup-20070803-205946-646 O4 - HKLM\..\Run: [dsadlsa14] C:\Windows\system32\dsakfsak14.exe
backup-20070803-205946-684 O4 - HKLM\..\Run: [xcxdsaa7] C:\Windows\system32\slcskxsdl7.exe
backup-20070803-205946-691 O4 - HKLM\..\Run: [daskaskfsak6] C:\Windows\system32\dsfids6.exe
backup-20070803-205946-699 O4 - HKLM\..\Run: [xzkadsfk10] C:\Windows\system32\afslkfasl10.exe
backup-20070803-205946-823 O4 - HKLM\..\Run: [sakdasksd5] C:\Windows\system32\eksdlfs5.exe
backup-20070804-070336-130 O13 - Gopher Prefix:
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 AvgWFP (AVG7 Firewall Driver x86) - c:\windows\system32\drivers\avgwfp.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 SBSDWSCService (SBSD Security Center Service) - c:\program files\spybot - search & destroy 1.5.1\sdwinsec.exe
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2007-11-07 and 2007-12-07 -----------------------------
2007-12-05 04:38:16 0 d-------- C:\Windows\system32\Kaspersky Lab
2007-12-05 04:38:16 0 d-------- C:\Users\All Users\Kaspersky Lab
2007-12-04 12:26:59 0 d-------- C:\Users\All Users\OrbNetworks
2007-12-04 12:26:56 0 d-------- C:\Program Files\Winamp Remote
2007-11-30 17:10:34 0 dr-h----- C:\$VAULT$.AVG
2007-11-30 15:44:44 0 d-------- C:\Program Files\Spybot - Search & Destroy 1.5.1
2007-11-30 15:44:28 47104 --a------ C:\Windows\system32\drivers\avgwfp.sys
2007-11-30 15:44:25 0 d-------- C:\Users\All Users\Grisoft
2007-11-30 15:44:25 0 d-------- C:\Users\All Users\avg7
2007-11-30 15:40:04 0 d-------- C:\Users\All Users\Lavasoft
2007-11-30 15:40:04 0 d-------- C:\Program Files\Lavasoft
2007-11-27 11:19:02 967 --a------ C:\Windows\ScUnin.pif
2007-11-27 11:19:02 70656 --a------ C:\Windows\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2007-11-27 11:19:02 32744 --a------ C:\Windows\scunin.dat
2007-11-27 11:18:52 0 d-------- C:\Program Files\Starcraft
2007-11-18 21:53:45 0 d-------- C:\Program Files\Ventrilo
2007-11-18 21:53:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 18:44:50 0 d-------- C:\Program Files\GCFScape
-- Find3M Report ---------------------------------------------------------------
2007-12-07 10:36:47 0 d-------- C:\Users\Jonathan\AppData\Roaming\Xfire
2007-12-07 08:26:26 195780 --a------ C:\Windows\system32\prfh0804.dat
2007-12-07 08:26:26 205374 --a------ C:\Windows\system32\prfh0404.dat
2007-12-07 08:26:26 70470 --a------ C:\Windows\system32\prfc0804.dat
2007-12-07 08:26:26 70476 --a------ C:\Windows\system32\prfc0404.dat
2007-12-07 08:26:26 265756 --a------ C:\Windows\system32\perfh012.dat
2007-12-07 08:26:26 400924 --a------ C:\Windows\system32\perfh011.dat
2007-12-07 08:26:26 70410 --a------ C:\Windows\system32\perfc012.dat
2007-12-07 08:26:26 103818 --a------ C:\Windows\system32\perfc011.dat
2007-12-07 08:20:47 0 d-------- C:\Program Files\Steam
2007-12-07 08:20:44 0 d-------- C:\Users\Jonathan\AppData\Roaming\AVG7
2007-12-04 13:28:38 0 d-------- C:\Program Files\SpeedFan
2007-12-04 12:46:52 0 d-------- C:\Users\Jonathan\AppData\Roaming\Winamp
2007-12-04 12:27:41 0 d-------- C:\Program Files\Winamp
2007-12-02 05:18:22 0 d-------- C:\Program Files\Common Files\Steam
2007-11-30 17:10:34 0 d-------- C:\Program Files\Common Files
2007-11-30 15:53:54 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-11-29 23:26:34 0 d-------- C:\Program Files\Warcraft III
2007-11-21 04:05:49 0 d-------- C:\Program Files\DriftCity
2007-11-20 17:33:33 0 d---s---- C:\Program Files\Xfire
2007-11-14 06:19:34 0 d-------- C:\Program Files\World of Warcraft
2007-11-13 17:19:49 0 d-------- C:\Program Files\Windows Mail
2007-11-02 23:04:08 0 d-------- C:\Users\Jonathan\AppData\Roaming\Adobe
2007-11-02 23:01:38 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-30 18:46:59 0 d-------- C:\Program Files\Windows Sidebar
2007-10-30 18:46:59 0 d-------- C:\Program Files\Windows Calendar
2007-10-30 18:46:59 0 d-------- C:\Program Files\Movie Maker
2007-10-30 18:46:58 0 d-------- C:\Program Files\Windows Photo Gallery
2007-10-30 18:46:58 0 d-------- C:\Program Files\Windows Journal
2007-10-30 18:46:58 0 d-------- C:\Program Files\Windows Defender
2007-10-30 18:46:58 0 d-------- C:\Program Files\Windows Collaboration
2007-10-30 00:24:50 0 d-------- C:\Program Files\Half-Life Model Viewer
2007-10-23 01:25:15 0 d-------- C:\Users\Jonathan\AppData\Roaming\.purple
2007-10-15 03:47:29 0 d-------- C:\Program Files\AeriaGames
2007-10-09 18:11:25 0 d-------- C:\Program Files\Pidgin
2007-10-08 19:07:27 0 dr-h----- C:\Users\Jonathan\AppData\Roaming\SecuROM
2007-10-08 17:31:02 669184 --a------ C:\Windows\system32\pbsvc.exe
2007-10-08 17:29:19 0 d-------- C:\Program Files\Electronic Arts
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/03/2007 08:09 PM]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [11/25/2005 09:53 AM]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [04/26/2007 03:54 PM]
"@"="" []
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [04/26/2007 04:22 PM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [10/04/2007 04:14 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [10/04/2007 04:14 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [10/04/2007 04:14 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [11/30/2007 03:44 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [01/19/2005 04:34 PM]
"Steam"="c:\program files\steam\steam.exe" [11/29/2007 05:12 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy 1.5.1\TeaTimer.exe" [08/31/2007 04:46 PM]
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [11/14/2007 5:00:40 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0FAD2E16-C8EF-5AC1-1E6A-AE3FD8EF56B3}"= C:\Program Files\Internet Explorer\msvcrt.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 11/30/2007 03:44 PM 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{833f8118-4573-11dc-92f6-806e6f6e6963}]
AutoRun\command- E:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4f28965-421f-11dc-8114-806e6f6e6963}]
AutoRun\command- D:\autoplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- Hosts -----------------------------------------------------------------------
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
7535 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2007-12-07 10:40:37 ------------
Extra.txt in next post.
EXTRA.TXT
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 3581.69 MiB / 2540.93 MiB
Pagefile Memory (total/avail): 7335.07 MiB / 6283.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.23 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 465.76 GiB total, 324.98 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
\\.\PHYSICALDRIVE0 - SAMSUNG HD501LJ SCSI Disk Device - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.76 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before download.
Windows Internal Firewall is enabled.
AV: AVG 7.5.503 v7.5.503 (Grisoft)
AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Jonathan\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JONATHAN-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Jonathan
LOCALAPPDATA=C:\Users\Jonathan\AppData\Local
LOGONSERVER=\\JONATHAN-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Jonathan\AppData\Local\Temp
TMP=C:\Users\Jonathan\AppData\Local\Temp
USERDOMAIN=Jonathan-PC
USERNAME=Jonathan
USERPROFILE=C:\Users\Jonathan
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
Jonathan (admin)
-- Add/Remove Programs ---------------------------------------------------------
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Aspell English Dictionary-0.50-2 --> "C:\Program Files\Aspell\unins001.exe"
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
Crysis(TM) MP Beta --> MsiExec.exe /I{928802D0-31C8-4246-97EC-1839C597A0C6}
CursorXP --> C:\Program Files\CursorXP\CurXPUtil.exe -u
Day of Defeat --> "C:\Program Files\Steam\steam.exe" steam://uninstall/30
Deathmatch Classic --> "C:\Program Files\Steam\steam.exe" steam://uninstall/40
Drift City --> "C:\Program Files\DriftCity\uninstall.exe"
GNU Aspell 0.50-3 --> "C:\Program Files\Aspell\unins000.exe"
GTK+ Runtime 2.10.13 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
Gunbound Revolution --> "c:\ijji\ENGLISH\Gunbound Revolution\unins000.exe"
Half-Life 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/220
Half-Life 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Deathmatch --> "C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Episode One --> "C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two --> "C:\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life 2: Lost Coast --> "C:\Program Files\Steam\steam.exe" steam://uninstall/340
Half-Life Model Viewer 1.25 --> C:\Program Files\Half-Life Model Viewer\Uninstal.exe
Half-Life: Blue Shift --> "C:\Program Files\Steam\steam.exe" steam://uninstall/130
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji FireFox Launcher 1.0 --> C:\Users\Jonathan\AppData\Roaming\IJJIGame\uninst.exe
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KeyboardTest V3.0 --> "C:\Program Files\KeyboardTest\unins000.exe"
Logitech G15 Keyboard Software 1.04 --> MsiExec.exe /X{3E354FBA-C7CE-402A-BB0D-225230BB1918}
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Opposing Force --> "C:\Program Files\Steam\steam.exe" steam://uninstall/50
Peggle Extreme --> "C:\Program Files\Steam\steam.exe" steam://uninstall/3483
Pidgin --> C:\Program Files\Pidgin\pidgin-uninst.exe
Portal --> "C:\Program Files\Steam\steam.exe" steam://uninstall/400
Project Torque --> C:\Program Files\AeriaGames\ProjectTorque\uninstall.exe
PunkBuster Services --> C:\Windows\system32\pbsvc.exe -u
Razer Copperhead --> C:\Program Files\InstallShield Installation Information\{28A946E1-E83B-4662-BC7C-23451851489E}\setup.exe -runfromtemp -l0x0009 -removeonly
Ricochet --> "C:\Program Files\Steam\steam.exe" steam://uninstall/60
Soldier Front --> C:\Program Files\InstallShield Installation Information\{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}\setup.exe -runfromtemp -l0x0009 -removeonly
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy 1.5.1\unins000.exe"
Starcraft --> C:\Windows\SCunin.exe C:\Windows\SCunin.dat
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Team Fortress 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
Team Fortress Classic --> "C:\Program Files\Steam\steam.exe" steam://uninstall/20
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Warcraft III --> C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Warcraft III: All Products --> C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wolfenstein - Enemy Territory --> C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type22400 / Success
Event Submitted/Written: 12/07/2007 08:20:18 AM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type22399 / Success
Event Submitted/Written: 12/07/2007 08:20:17 AM
Event ID/Source: 5615 / WinMgmt
Event Description:
Event Record #/Type22393 / Success
Event Submitted/Written: 12/07/2007 08:20:05 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.
Event Record #/Type19181 / Success
Event Submitted/Written: 12/05/2007 00:11:51 AM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type19180 / Success
Event Submitted/Written: 12/05/2007 00:11:51 AM
Event ID/Source: 5615 / WinMgmt
Event Description:
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type39521 / Warning
Event Submitted/Written: 12/07/2007 10:39:31 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Jonathan-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Jonathan-PC27 can't undo changes that you allow.
For more information please see the following:
%Jonathan-PC275
Scan ID: {D8FEE96B-C6D1-484E-AA16-D70E2B1E6AAC}
User: Jonathan-PC\Jonathan
Name: %Jonathan-PC271
ID: %Jonathan-PC272
Severity ID: %Jonathan-PC273
Category ID: %Jonathan-PC274
Path Found: %Jonathan-PC276
Alert Type: %Jonathan-PC278
Detection Type: 1.1.1505.02
Event Record #/Type39520 / Warning
Event Submitted/Written: 12/07/2007 10:39:31 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Jonathan-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Jonathan-PC27 can't undo changes that you allow.
For more information please see the following:
%Jonathan-PC275
Scan ID: {42264484-657F-423C-B8CA-E94BA41483EC}
User: Jonathan-PC\Jonathan
Name: %Jonathan-PC271
ID: %Jonathan-PC272
Severity ID: %Jonathan-PC273
Category ID: %Jonathan-PC274
Path Found: %Jonathan-PC276
Alert Type: %Jonathan-PC278
Detection Type: 1.1.1505.02
Event Record #/Type39519 / Warning
Event Submitted/Written: 12/07/2007 10:39:31 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Jonathan-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Jonathan-PC27 can't undo changes that you allow.
For more information please see the following:
%Jonathan-PC275
Scan ID: {D18739DF-2A14-4A2E-A02A-5D482660D9CE}
User: Jonathan-PC\Jonathan
Name: %Jonathan-PC271
ID: %Jonathan-PC272
Severity ID: %Jonathan-PC273
Category ID: %Jonathan-PC274
Path Found: %Jonathan-PC276
Alert Type: %Jonathan-PC278
Detection Type: 1.1.1505.02
Event Record #/Type39518 / Warning
Event Submitted/Written: 12/07/2007 10:39:28 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Jonathan-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Jonathan-PC27 can't undo changes that you allow.
For more information please see the following:
%Jonathan-PC275
Scan ID: {F441E310-58D2-41F6-9757-B4D8597D8990}
User: Jonathan-PC\Jonathan
Name: %Jonathan-PC271
ID: %Jonathan-PC272
Severity ID: %Jonathan-PC273
Category ID: %Jonathan-PC274
Path Found: %Jonathan-PC276
Alert Type: %Jonathan-PC278
Detection Type: 1.1.1505.02
Event Record #/Type39517 / Warning
Event Submitted/Written: 12/07/2007 10:39:28 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Jonathan-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Jonathan-PC27 can't undo changes that you allow.
For more information please see the following:
%Jonathan-PC275
Scan ID: {A1AF603C-2DB5-4176-B7D5-B039A7EA0255}
User: Jonathan-PC\Jonathan
Name: %Jonathan-PC271
ID: %Jonathan-PC272
Severity ID: %Jonathan-PC273
Category ID: %Jonathan-PC274
Path Found: %Jonathan-PC276
Alert Type: %Jonathan-PC278
Detection Type: 1.1.1505.02
-- End of Deckard's System Scanner: finished at 2007-12-07 10:40:37 ------------
Whoo that took a while.
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-12-07 11:41:05
PROTECTIONS: 1
MALWARE: 10
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 7.5.503 7.5.503 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\h8fkieu6.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\jonathan@atdmt[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\jonathan@tribalfusion[3].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\h8fkieu6.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\jonathan@tribalfusion[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\h8fkieu6.default\cookies.txt[.com.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\h8fkieu6.default\cookies.txt[.xiti.com/]
00167785 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\h8fkieu6.default\cookies.txt[.gamearena.com.au/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\h8fkieu6.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\h8fkieu6.default\cookies.txt[.burstnet.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\h8fkieu6.default\cookies.txt[www.burstbeacon.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\h8fkieu6.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\h8fkieu6.default\cookies.txt[server.iad.liveperson.net/hc/19452074]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\h8fkieu6.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\h8fkieu6.default\cookies.txt[.realmedia.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\jonathan@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\h8fkieu6.default\cookies.txt[.atwola.com/]
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
There is no evidence of any active malware, BUT,
backup-20070803-205946-129 O4 - HKLM\..\Run: [faslkakj11] C:\Windows\system32\kjgagklj11.exe
backup-20070803-205946-176 O4 - HKLM\..\Run: [akgkagaksad9] C:\Windows\system32\fsakfask9.exe
backup-20070803-205946-265 O4 - HKLM\..\Run: [askasdkcl3] C:\Windows\system32\faskflxld3.exe
backup-20070803-205946-275 O4 - HKLM\..\Run: [aslkgadlkgsl1] C:\Windows\system32\oigdfgdfl1.exe
backup-20070803-205946-289 O4 - HKLM\..\Run: [daskgfkkcx15] C:\Windows\system32\dasdsaads15.exe
backup-20070803-205946-358 O2 - BHO: (no name) - {D3626E66-B13B-C628-ACDF-BDABCFA265E1} - C:\Program Files\Common Files\Relive.dll
backup-20070803-205946-370 O4 - HKLM\..\Run: [gadkgak12] C:\Windows\system32\fsafsakx12.exe
backup-20070803-205946-439 O4 - HKLM\..\Run: [afskfask8] C:\Windows\system32\fsfjasj8.exe
backup-20070803-205946-450 O4 - HKLM\..\Run: [asgfdjs2] C:\Windows\system32\vbsdaas2.exe
backup-20070803-205946-556 O4 - HKLM\..\Run: [asfkafsk4] C:\Windows\system32\fdaolfdos4.exe
backup-20070803-205946-624 O4 - HKLM\..\Run: [gajklgasjlkga] C:\Windows\system32\aglajgkd16.exe
backup-20070803-205946-646 O4 - HKLM\..\Run: [dsadlsa14] C:\Windows\system32\dsakfsak14.exe
backup-20070803-205946-684 O4 - HKLM\..\Run: [xcxdsaa7] C:\Windows\system32\slcskxsdl7.exe
backup-20070803-205946-691 O4 - HKLM\..\Run: [daskaskfsak6] C:\Windows\system32\dsfids6.exe
backup-20070803-205946-699 O4 - HKLM\..\Run: [xzkadsfk10] C:\Windows\system32\afslkfasl10.exe
backup-20070803-205946-823 O4 - HKLM\..\Run: [sakdasksd5] C:\Windows\system32\eksdlfs5.exe
Tells me that you were infected recently, and these are nasty things.
I only checked a couple of them, and they came back as keyloggers.
http://www.sophos.com/security/analyses/trojonlinegf.html
It would seem that your passwords are being used