Unable to remove "Virus Alert!" [Archive]

View Full Version : Unable to remove "Virus Alert!"

LuciLexi

2008-09-11, 15:00

Hey!

This is my first time visiting this forum, and the first post as well.
Sorry if any impolite or improper words/info appear in this article.

Well the problem started when I downloaded something and it downloaded some malware with it. It went under the name of 'Smart Anti Virus 2009'. I got rid of the main virus but now I am left with 'VIRUS ALERT!' on my task bar next to the clock. Also the clock started using 24 hour time and I can't change it back. Another thing is that when I had the virus most of the icons in my start menu dissapeard. But I got all of them back exept for 'all programs', and I would love to get it back!

I have tried using 'SmitfraudFix' in normal mode and safe mode but it didn't work.

I also was reading this topic: http://forums.spybot.info/showthread.php?t=3712

and I tried to do what is said so I downloaded Pocket Killbox (from here: http://www.downloads.subratam.org/KillBox.exe) and did what LonnyRJones said to do. (Copy this bolded below into the windows clipboard

C:\WINDOWS\system32\suprox.dll

Back in Killbox go > file > paste from clipboard,
Click the red highlighted X)
But when I clicked on the red X it counted down and got to 1 a window popped up saying: 'PendingFileRenameOperations Registry Data has been Removed by External Process!' and when I click on ok it just goes back to the main screen.

Note: I use Windows 94 and I have AVG Anti-Virus Free.

Any help would be lovely!!!
Just ask for more information if I left something out.
Oh and sorry is this in the wrong Topic but I wanted to post in 'Safer Networking Forums > General Malware > Archives' but it wouldn't let me, so I thought this might be an OK place to put this.

Here is the log from 'SmitfraudFix'

SmitFraudFix v2.309

Scan done at 22:57:28.14, 2008-09-11
Run from C:\Documents and Settings\Lucinda Nibbs\Desktop\Others\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lucinda Nibbs

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lucinda Nibbs\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LUCIND~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=dword:00000001
"AppInit_DLLs"="objsci.dll,avgrsstx.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller - Packet Scheduler Miniport
DNS Server Search Order: 203.2.75.132
DNS Server Search Order: 198.142.0.51

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9FB49AEB-7093-4FB3-A4EC-09A49478B0C4}: DhcpNameServer=203.2.75.132 198.142.0.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9FB49AEB-7093-4FB3-A4EC-09A49478B0C4}: DhcpNameServer=203.2.75.132 198.142.0.51
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6FB08DC3-D1C0-4288-9FE5-452ECD110CB2}: DhcpNameServer=10.0.0.138 10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9FB49AEB-7093-4FB3-A4EC-09A49478B0C4}: DhcpNameServer=203.2.75.132 198.142.0.51
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=203.2.75.132 198.142.0.51
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=203.2.75.132 198.142.0.51
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138 10.0.0.138

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

ken545

2008-09-12, 01:56

Hello LuciLexi

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

Please do not run any other scans unless we ask you to, also please do not install any software until we have you clean.

Download Trendmicros Hijackthis (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe) to your desktop.
Double click it to install
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe

Open HJT Scan and Save a Log File, it will open in Notepad
Go to Format and make sure Wordwrap is Unchecked
Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.

DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

LuciLexi

2008-09-12, 06:45

LuciLexi

2008-09-12, 06:47

Here is the Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45: VIRUS ALERT!, on 2008-09-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://optuszoo.ninemsn.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: QXK Olive - {3FFBF7F4-CE7B-4462-A920-422AC5A31F72} - C:\WINDOWS\vmgspntbgft.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {1472f3a1-dcf7-7a0b-6f34-145308a8fdd7} - {7ddf8a80-3541-43f6-b0a7-7fcd1a3f2741} - C:\WINDOWS\system32\objsci.dll
O2 - BHO: (no name) - {84DB22A6-8939-46EA-8A0D-B7D343FE0B21} - C:\WINDOWS\system32\iifgDuRI.dll (file missing)
O2 - BHO: (no name) - {8E509EF7-6209-4A5C-A145-22F514F51C4F} - C:\WINDOWS\system32\hgGvurqn.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: GNX Bingo - {BDD13890-4053-435A-9ABF-432925B093D3} - C:\WINDOWS\kdftlboewkf.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: qvdntlmw - {8562EBCA-80D7-4E17-BD39-C32E274DF34E} - C:\WINDOWS\qvdntlmw.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5700F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALP.EXE /P27 "EPSON Stylus CX5700F Series" /O6 "USB001" /M "Stylus CX5700F"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [\YURA9.exe] C:\Windows\system32\YURA9.exe
O4 - HKLM\..\Run: [\YURAA.exe] C:\Windows\system32\YURAA.exe
O4 - HKLM\..\Run: [\YURAB.exe] C:\Windows\system32\YURAB.exe
O4 - HKLM\..\Run: [\YURAC.exe] C:\Windows\system32\YURAC.exe
O4 - HKLM\..\Run: [\YURB9.exe] C:\Windows\system32\YURB9.exe
O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKLM\..\Run: [\YUR7.exe] C:\Windows\system32\YUR7.exe
O4 - HKLM\..\Run: [6c2f2fa4] rundll32.exe "C:\WINDOWS\system32\rtwbyujk.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\YURA9.exe] C:\Windows\system32\YURA9.exe
O4 - HKCU\..\Run: [\YURAA.exe] C:\Windows\system32\YURAA.exe
O4 - HKCU\..\Run: [\YURAB.exe] C:\Windows\system32\YURAB.exe
O4 - HKCU\..\Run: [\YURAC.exe] C:\Windows\system32\YURAC.exe
O4 - HKCU\..\Run: [\YURB9.exe] C:\Windows\system32\YURB9.exe
O4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKCU\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKCU\..\Run: [\YUR7.exe] C:\Windows\system32\YUR7.exe
O4 - HKLM\..\Policies\Explorer\Run: [s0n5ozy3EU] C:\Documents and Settings\All Users\Application Data\rilitmfq\jwpsdmry.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Lucinda Nibbs\Local Settings\Temp\{AD10B058-9D22-4FDB-A899-14E5A339C552}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: Transparent Windows.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Lucinda Nibbs\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189924756187
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://suesundercoverwear.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB49AEB-7093-4FB3-A4EC-09A49478B0C4}: Domain = qld.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: objsci.dll,avgrsstx.dll
O20 - Winlogon Notify: hgGvurqn - hgGvurqn.dll (file missing)
O21 - SSODL: WinKbd - {380b7755-4aae-4928-8a13-cbb4047b3949} - C:\WINDOWS\Installer\{380b7755-4aae-4928-8a13-cbb4047b3949}\WinKbd.dll (file missing)
O21 - SSODL: zip - {8cd0e077-7a0e-47c7-af5d-b85d0aa19d02} - C:\WINDOWS\Installer\{8cd0e077-7a0e-47c7-af5d-b85d0aa19d02}\zip.dll (file missing)
O21 - SSODL: ServiceService - {aa57f20e-56f3-4db6-82fb-3d4232b18f23} - C:\WINDOWS\Installer\{aa57f20e-56f3-4db6-82fb-3d4232b18f23}\ServiceService.dll (file missing)
O21 - SSODL: vbgtorfd - {3247F5BD-8E5C-4E26-8B0C-CBCE330D351A} - C:\WINDOWS\vbgtorfd.dll (file missing)
O21 - SSODL: dwnrpofk - {BEAA64D8-7F68-47B8-9378-C8CB39CD7050} - C:\WINDOWS\dwnrpofk.dll (file missing)
O21 - SSODL: mgxfebsq - {87150D08-EDDF-4F4A-B101-FB6B280AB601} - C:\WINDOWS\mgxfebsq.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 15824 bytes

ken545

2008-09-12, 11:44

LuciLexi

2008-09-12, 13:37

Good Morning,

I am looking at not one but a few infections on this computer so we are going to have to run some scans to remove them. As not to overwhelm you we will do them one at a time. AFTER you run a scan I always need to see a new HJT log so we can see what was removed and what was not.

This tool needs to be run from Safemode to be effective so download it to your desktop then boot to Safemode to run it

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Thankyou so much for helping me. here is the log.

SDFix: Version 1.224
Run by Lucinda Nibbs on 2008-09-12 at 21:04

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\Lucinda Nibbs\Desktop\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Windows Product ID To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\ELEO.EXE - Deleted
C:\Documents and Settings\Lucinda Nibbs\Desktop\Others\Stuff\Videos.url - Deleted
C:\Documents and Settings\Lucinda Nibbs\Favorites\Videos.url - Deleted
C:\Documents and Settings\Lucinda Nibbs\Start Menu\Programs\Videos.url - Deleted
C:\WINDOWS\mslagent\2_mslagent.dll - Deleted
C:\WINDOWS\mslagent\mslagent.exe - Deleted
C:\WINDOWS\mslagent\uninstall.exe - Deleted
C:\Program Files\FBrowsingAdvisor\main.db - Deleted
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll - Deleted
C:\Program Files\Inet Delivery\inetdl.exe - Deleted
C:\Program Files\Inet Delivery\intdel.exe - Deleted
C:\Program Files\PCHealthCenter\2.gif - Deleted
C:\Program Files\PCHealthCenter\3.gif - Deleted
C:\Program Files\PCHealthCenter\sc.html - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP2.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP3.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP4.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP5.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP6.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP7.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP8.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP9.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPA.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPB.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPC.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPD.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPE.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPF.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP10.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP11.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP12.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP13.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP14.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP15.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP16.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP17.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP18.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP19.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP1A.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP1B.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP1C.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP1D.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP1E.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP1F.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP2.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\tmp20.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP21.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\tmp22.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\tmp23.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP24.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP25.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP26.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP27.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP28.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP29.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP2A.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP2B.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP2C.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP2D.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP2E.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP2F.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP3.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP30.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP31.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP32.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP33.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP34.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP35.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP36.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP37.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP38.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP39.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP3A.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP3B.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP3C.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP3D.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP3E.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP3F.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP4.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP40.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP41.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP42.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP43.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP44.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP45.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP46.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP47.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP48.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP49.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP4A.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP4B.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP4C.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP4D.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP4E.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP4F.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP5.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP50.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP51.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP52.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP53.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP54.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP55.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP56.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP57.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP58.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP59.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP5A.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP5B.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP5C.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP5D.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP5E.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP5F.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP6.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP60.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP61.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP62.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP63.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP64.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP65.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP66.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP67.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP68.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP69.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP6A.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP6B.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP6C.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP6D.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP6E.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP6F.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP7.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP70.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP71.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP72.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP73.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP74.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP75.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP76.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP77.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP78.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP7A.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP7B.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP7C.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP7D.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP7E.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP7F.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP8.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP80.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP81.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP82.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP83.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP84.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP85.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP86.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP87.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP88.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP89.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP8A.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP8B.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP8C.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP8D.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP8E.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP8F.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP9.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP90.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP92.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP93.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP94.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP95.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP97.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP9A.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP9B.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP9D.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP9E.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMP9F.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPA.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPA0.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPA1.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPA4.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPA5.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPA6.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPA7.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPA9.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPAA.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPAB.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPAC.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPAD.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPAF.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPB.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPB0.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPB4.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPB5.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPB8.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPB9.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPBC.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPBF.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPC.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPC3.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPC4.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPC5.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPC6.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPCC.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPCD.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPD.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPD1.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPD6.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPD7.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPD8.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPDF.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPE.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPE9.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPEF.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPF.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPF5.tmp - Deleted
C:\DOCUME~1\LUCIND~1\LOCALS~1\Temp\TMPF6.tmp - Deleted
C:\WINDOWS\a.bat - Deleted
C:\WINDOWS\vmgspntbgft.dll - Deleted
C:\WINDOWS\zip1.tmp - Deleted
C:\WINDOWS\zip2.tmp - Deleted
C:\WINDOWS\zip3.tmp - Deleted
C:\WINDOWS\zipped.tmp - Deleted
C:\WINDOWS\a.bat - Deleted
C:\WINDOWS\base64.tmp - Deleted
C:\WINDOWS\bdn.com - Deleted
C:\WINDOWS\FVProtect.exe - Deleted
C:\WINDOWS\iTunesMusic.exe - Deleted
C:\WINDOWS\mgxfebsq.dll - Deleted
C:\WINDOWS\mssecu.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\system32smp - Deleted
C:\WINDOWS\userconfig9x.dll - Deleted
C:\WINDOWS\Web\def.htm - Deleted
C:\WINDOWS\winsystem.exe - Deleted

Folder C:\Program Files\FBrowsingAdvisor - Removed
Folder C:\Program Files\Inet Delivery - Removed
Folder C:\Program Files\PCHealthCenter - Removed
Folder C:\WINDOWS\mslagent - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 21:18:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\WINDOWS\\system32\\lxcrcoms.exe"="C:\\WINDOWS\\system32\\lxcrcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\DOCUME~1\LUCIND~1\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 12 Mar 2006 10,311,680 ..SH. --- "C:\Program Files\AVIConverter\mencoder.exe"
Mon 10 Sep 2007 8 A.SHR --- "C:\WINDOWS\system32\75E60AD081.sys"
Tue 11 Sep 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 11 Sep 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
Tue 16 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 28 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3c3d41098aaf3d69425636d67897b2e7\BIT2.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BITF.tmp"
Tue 5 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f49cda1898bcf48b982dace6ad0aeca3\BIT1.tmp"
Fri 5 Sep 2008 1,714 ...HR --- "C:\Documents and Settings\Lucinda Nibbs\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

LuciLexi

2008-09-12, 13:43

oops forgot the highjack log. Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:41:56, on 2008-09-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {1472f3a1-dcf7-7a0b-6f34-145308a8fdd7} - {7ddf8a80-3541-43f6-b0a7-7fcd1a3f2741} - C:\WINDOWS\system32\objsci.dll (file missing)
O2 - BHO: (no name) - {84DB22A6-8939-46EA-8A0D-B7D343FE0B21} - C:\WINDOWS\system32\iifgDuRI.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: GNX Bingo - {BDD13890-4053-435A-9ABF-432925B093D3} - C:\WINDOWS\kdftlboewkf.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: qvdntlmw - {8562EBCA-80D7-4E17-BD39-C32E274DF34E} - C:\WINDOWS\qvdntlmw.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5700F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALP.EXE /P27 "EPSON Stylus CX5700F Series" /O6 "USB001" /M "Stylus CX5700F"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [\YURA9.exe] C:\Windows\system32\YURA9.exe
O4 - HKLM\..\Run: [\YURAA.exe] C:\Windows\system32\YURAA.exe
O4 - HKLM\..\Run: [\YURAB.exe] C:\Windows\system32\YURAB.exe
O4 - HKLM\..\Run: [\YURAC.exe] C:\Windows\system32\YURAC.exe
O4 - HKLM\..\Run: [\YURB9.exe] C:\Windows\system32\YURB9.exe
O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKLM\..\Run: [\YUR7.exe] C:\Windows\system32\YUR7.exe
O4 - HKLM\..\Run: [6c2f2fa4] rundll32.exe "C:\WINDOWS\system32\rtwbyujk.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\YURA9.exe] C:\Windows\system32\YURA9.exe
O4 - HKCU\..\Run: [\YURAA.exe] C:\Windows\system32\YURAA.exe
O4 - HKCU\..\Run: [\YURAB.exe] C:\Windows\system32\YURAB.exe
O4 - HKCU\..\Run: [\YURAC.exe] C:\Windows\system32\YURAC.exe
O4 - HKCU\..\Run: [\YURB9.exe] C:\Windows\system32\YURB9.exe
O4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKCU\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKCU\..\Run: [\YUR7.exe] C:\Windows\system32\YUR7.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Lucinda Nibbs\Local Settings\Temp\{AD10B058-9D22-4FDB-A899-14E5A339C552}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: Transparent Windows.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Lucinda Nibbs\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189924756187
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://suesundercoverwear.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB49AEB-7093-4FB3-A4EC-09A49478B0C4}: Domain = qld.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: objsci.dll,avgrsstx.dll
O21 - SSODL: WinKbd - {380b7755-4aae-4928-8a13-cbb4047b3949} - C:\WINDOWS\Installer\{380b7755-4aae-4928-8a13-cbb4047b3949}\WinKbd.dll (file missing)
O21 - SSODL: zip - {8cd0e077-7a0e-47c7-af5d-b85d0aa19d02} - C:\WINDOWS\Installer\{8cd0e077-7a0e-47c7-af5d-b85d0aa19d02}\zip.dll (file missing)
O21 - SSODL: ServiceService - {aa57f20e-56f3-4db6-82fb-3d4232b18f23} - C:\WINDOWS\Installer\{aa57f20e-56f3-4db6-82fb-3d4232b18f23}\ServiceService.dll (file missing)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 14873 bytes

ken545

2008-09-12, 13:59

Great, now run this program.

Please download Malwarebytes' Anti-Malware from Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or Here (http://www.besttechie.net/tools/mbam-setup.exe)

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.<-- Don't forget this
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply along with a New Hijackthis log.

LuciLexi

2008-09-12, 14:44

Malwarebytes' Anti-Malware 1.28
Database version: 1141
Windows 5.1.2600 Service Pack 2

2008-09-12 22:29:39
mbam-log-2008-09-12 (22-29-39).txt

Scan type: Quick Scan
Objects scanned: 61312
Time elapsed: 20 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 94
Registry Values Infected: 22
Registry Data Items Infected: 3
Folders Infected: 47
Files Infected: 460

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\rtwbyujk.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ddf8a80-3541-43f6-b0a7-7fcd1a3f2741} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7ddf8a80-3541-43f6-b0a7-7fcd1a3f2741} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingadvisor.pornpro_bho (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingadvisor.pornpro_bho.1 (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmo.desktopflash (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmo.desktopflash.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmoax.clientdetector (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmoax.clientdetector.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmoax.userprofiles (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmoax.userprofiles.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1e96edc-e0c8-be98-1f15-c29dbed83b53} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\smart antivirus 2009 (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\seekmosa (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qvdntlmw.bqgb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qvdntlmw.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6c2f2fa4 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yuraa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurab.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurac.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurb9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yuraa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurab.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurac.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurb9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\zip (Trojan.Clicker) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\MS Antivirus (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Smart Antivirus 2009 (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Smart Antivirus 2009\Infected (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Smart Antivirus 2009\Suspicious (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\IESkins (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\HostOI (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\HostOI\dynamic (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\HostOI\static (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\HostOL (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\HostOL\dynamic (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\HostOL\static (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Start Menu\Programs\Smart Antivirus 2009 (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\objsci.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rhjfomco.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ocmofjhr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rtwbyujk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kjuybwtr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gxajqr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mrgrwz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oevirqbs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pirhcg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dvvqdhnh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Local Settings\Temporary Internet Files\Content.IE5\66FRSPVV\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Local Settings\Temporary Internet Files\Content.IE5\HQJQWAYX\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\00070C61.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\MS Antivirus\msa.ooo (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MS Antivirus\msa0.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MS Antivirus\msa1.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Smart Antivirus 2009\vscan.tsi (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Smart Antivirus 2009\zlib.dll (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic\1.sdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic\3251993.sdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic\3893245.sdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1058 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\202699 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\242437 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29115 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\39228 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43906 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\731618 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744489 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\873 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93934 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\362b.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans.idx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans1.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\buttondir.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\components.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\cursors.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\default.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_511745-514279.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_categorize.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_comparison.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-Mails.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-people.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_favorites.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Games.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hide.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hotbarcom.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hotmail.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hsskin.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Mails.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_new.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_premium.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchfor.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchgo.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_weather.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_yellowpages.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_1000.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_2000.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_3000.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bar.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bbar1.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_logos.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_other.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_weather.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-548964.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-9595.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\email-t1-bg.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\icons2.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_games_icon.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_video.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords.idx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords1.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\layout.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\linkpathlegal.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\progress.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\sales_buttons.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo_ie_menu.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\s_icons_buttons.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\t2_bg.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\theweb.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\top7.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\1\tsd_bg.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_1000.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_2000.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_3000.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bar.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bbar1.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_logos.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_other.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_weather.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\icons2.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\progress.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_menu.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_buttons.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\PC-Cleaner\log.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\PC-Cleaner\settings.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

LuciLexi

2008-09-12, 14:45

Maleware log continuted:

C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark_1.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Start Menu\Programs\Smart Antivirus 2009\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32emesx.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32h@tkeysh@@k.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hoproxy.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32medup012.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32medup020.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msnbho.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32regc64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32regm64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssurf022.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32temp#01.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32thun.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32thun32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32vbsys2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32vcatchpi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32ps1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Application Data\TmpRecentIcons\Smart Antivirus-2009.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Desktopblackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\DesktopEditorFKWP1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\DesktopEditorFKWP2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Desktopfilemanagerclient.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Desktopfkwp1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Desktopfkwp2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\Desktopfwebd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\DesktopFWebdEditor.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucinda Nibbs\DesktopTrojan.Win32.BlackBird.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

LuciLexi

2008-09-12, 14:46

Highjack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:40:09, on 2008-09-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {84DB22A6-8939-46EA-8A0D-B7D343FE0B21} - C:\WINDOWS\system32\iifgDuRI.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: GNX Bingo - {BDD13890-4053-435A-9ABF-432925B093D3} - C:\WINDOWS\kdftlboewkf.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: qvdntlmw - {8562EBCA-80D7-4E17-BD39-C32E274DF34E} - C:\WINDOWS\qvdntlmw.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5700F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALP.EXE /P27 "EPSON Stylus CX5700F Series" /O6 "USB001" /M "Stylus CX5700F"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Lucinda Nibbs\Local Settings\Temp\{AD10B058-9D22-4FDB-A899-14E5A339C552}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: Transparent Windows.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Lucinda Nibbs\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189924756187
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://suesundercoverwear.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB49AEB-7093-4FB3-A4EC-09A49478B0C4}: Domain = qld.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: objsci.dll,avgrsstx.dll
O21 - SSODL: WinKbd - {380b7755-4aae-4928-8a13-cbb4047b3949} - C:\WINDOWS\Installer\{380b7755-4aae-4928-8a13-cbb4047b3949}\WinKbd.dll (file missing)
O21 - SSODL: ServiceService - {aa57f20e-56f3-4db6-82fb-3d4232b18f23} - C:\WINDOWS\Installer\{aa57f20e-56f3-4db6-82fb-3d4232b18f23}\ServiceService.dll (file missing)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 13105 bytes

Again, Thank you for helping me. So, whats next?

ken545

2008-09-12, 15:55

A pleasure helping you and your doing great by the way.:)

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
"AppInit_DLLs"="avgrsstx.dll"

Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O2 - BHO: (no name) - {84DB22A6-8939-46EA-8A0D-B7D343FE0B21} - C:\WINDOWS\system32\iifgDuRI.dll (file missing)
O2 - BHO: GNX Bingo - {BDD13890-4053-435A-9ABF-432925B093D3} - C:\WINDOWS\kdftlboewkf.dll (file missing)

O3 - Toolbar: qvdntlmw - {8562EBCA-80D7-4E17-BD39-C32E274DF34E} - C:\WINDOWS\qvdntlmw.dll (file missing)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe"

O21 - SSODL: WinKbd - {380b7755-4aae-4928-8a13-cbb4047b3949} - C:\WINDOWS\Installer\{380b7755-4aae-4928-8a13-cbb4047b3949}\WinKbd.dll (file missing)
O21 - SSODL: ServiceService - {aa57f20e-56f3-4db6-82fb-3d4232b18f23} - C:\WINDOWS\Installer\{aa57f20e-56f3-4db6-82fb-3d4232b18f23}\ServiceService.dll (file missing)

Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) or Here (http://subs.geekstogo.com/ComboFix.exe) to your Desktop.

In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re enable the protection again afterwards before connecting to the net

2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.

IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.

LuciLexi

2008-09-12, 17:20

Combofix Log:

ComboFix 08-09-11.02 - Lucinda Nibbs 2008-09-13 0:44:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1393 [GMT 10:00]
Running from: C:\Documents and Settings\Lucinda Nibbs\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Lucinda Nibbs\Application Data\inst.exe
C:\Documents and Settings\Lucinda Nibbs\Cookies\lucinda_nibbs@adcast.deviantart[2].txt
C:\Documents and Settings\Lucinda Nibbs\Cookies\lucinda_nibbs@neopets[2].txt
C:\Documents and Settings\Lucinda Nibbs\Cookies\lucinda_nibbs@photobucket[2].txt
C:\Documents and Settings\Lucinda Nibbs\Favorites\Download programs.url
C:\Documents and Settings\Lucinda Nibbs\Favorites\Games.url
C:\Documents and Settings\Lucinda Nibbs\Favorites\Translator.url
C:\Documents and Settings\Lucinda Nibbs\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Lucinda Nibbs\Start Menu\Programs\Download programs.url
C:\Documents and Settings\Lucinda Nibbs\Start Menu\Programs\Games.url
C:\Documents and Settings\Lucinda Nibbs\Start Menu\Programs\Translator.url
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\IRuDgfii.ini
C:\WINDOWS\system32\IRuDgfii.ini2
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\tjardvwa.ini
C:\WINDOWS\system32\wnnnujmo.ini

.
((((((((((((((((((((((((( Files Created from 2008-08-12 to 2008-09-12 )))))))))))))))))))))))))))))))
.

2008-12-25 18:02 . 2008-12-25 18:02 <DIR> d-------- C:\Documents and Settings\Lucinda Nibbs\Application Data\Samsung
2008-12-25 17:55 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-12-25 17:52 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-12-25 17:41 . 2008-12-25 17:54 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-12-25 17:41 . 2008-12-25 17:41 <DIR> d-------- C:\Program Files\Samsung
2008-12-25 17:41 . 2005-12-22 12:24 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-12-25 17:41 . 2005-12-22 12:24 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-12-25 17:41 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-12-25 17:41 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-12-25 17:41 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-12-25 17:41 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-12-25 17:41 . 2005-12-22 12:24 10,864 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-12-25 17:41 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-12-25 10:53 . 2008-12-25 10:53 <DIR> d-------- C:\Program Files\AVIConverter
2008-12-24 21:31 . 2008-12-24 21:31 <DIR> dr-h----- C:\Documents and Settings\Lucinda Nibbs\Application Data\SecuROM
2008-12-24 21:31 . 2008-09-05 13:51 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-12-24 18:43 . 2008-05-10 15:00 <DIR> d-------- C:\Program Files\Electronic Arts
2008-12-24 10:31 . 2008-12-24 10:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-12-24 10:29 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-12-24 10:28 . 2008-12-24 10:29 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-12-24 10:28 . 2008-12-24 10:28 <DIR> d-------- C:\Documents and Settings\Lucinda Nibbs\Application Data\InstallShield
2008-09-13 00:16 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-09-13 00:16 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-09-13 00:01 . 2008-09-13 00:01 <DIR> d-------- C:\WINDOWS\system32\DIRGE of CERBERUS -Final Fantasy VII- dir
2008-09-13 00:01 . 2008-09-13 00:01 201,728 --a------ C:\WINDOWS\system32\DIRGE of CERBERUS -Final Fantasy VII-.scr
2008-09-13 00:00 . 2008-09-13 00:00 <DIR> d-------- C:\WINDOWS\system32\ccff7_screensaver dir
2008-09-13 00:00 . 2008-09-13 00:00 203,264 --a------ C:\WINDOWS\system32\ccff7_screensaver.scr
2008-09-12 22:07 . 2008-09-12 22:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 22:07 . 2008-09-12 22:07 <DIR> d-------- C:\Documents and Settings\Lucinda Nibbs\Application Data\Malwarebytes
2008-09-12 22:07 . 2008-09-12 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-12 22:07 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-12 22:07 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-12 20:57 . 2008-09-12 20:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-12 20:50 . 2008-09-12 02:36 <DIR> d-------- C:\SDFix
2008-09-12 14:44 . 2008-09-12 14:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-12 14:30 . 2008-09-12 14:30 <DIR> d-------- C:\Program Files\Bonjour
2008-09-11 22:22 . 2008-09-11 22:22 <DIR> d-------- C:\!KillBox
2008-09-11 19:08 . 2008-09-12 14:03 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-11 19:01 . 2008-09-12 09:03 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-11 19:01 . 2008-09-11 19:01 <DIR> d-------- C:\Program Files\AVG
2008-09-11 19:01 . 2008-09-11 19:58 <DIR> d-------- C:\Documents and Settings\Lucinda Nibbs\Application Data\AVGTOOLBAR
2008-09-11 19:01 . 2008-09-11 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-11 19:01 . 2008-09-11 19:01 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-11 19:01 . 2008-09-11 19:01 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-10 14:08 . 2008-09-10 14:09 <DIR> d-------- C:\Program Files\DNA
2008-09-10 14:08 . 2008-09-10 22:47 <DIR> d-------- C:\Documents and Settings\Lucinda Nibbs\Application Data\DNA
2008-09-08 13:45 . 2008-09-08 13:53 <DIR> d-------- C:\Documents and Settings\Lucinda Nibbs\Application Data\uTorrent
2008-09-07 13:08 . 2008-09-07 13:08 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-09-07 13:07 . 2003-07-20 01:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-09-07 13:07 . 2005-01-03 16:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-09-07 12:27 . 2008-09-10 14:32 <DIR> d-------- C:\AeriaGames
2008-09-07 09:27 . 2008-09-08 14:11 <DIR> d-------- C:\Program Files\UltimateEnhancer
2008-09-07 05:39 . 2008-09-07 05:39 0 --a------ C:\WINDOWS\iplayer.INI
2008-09-07 05:33 . 2008-09-07 05:33 <DIR> d-------- C:\Program Files\InterActual
2008-09-06 20:57 . 2008-09-06 22:14 <DIR> d-------- C:\Program Files\Discord Times
2008-09-05 12:11 . 2008-09-08 14:13 <DIR> d-------- C:\Program Files\XBCD 360
2008-09-05 12:01 . 2008-09-05 12:01 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-08-30 14:15 . 2008-08-30 14:15 <DIR> d-------- C:\Program Files\Sierra
2008-08-30 12:02 . 2008-08-30 12:20 <DIR> d-------- C:\Documents and Settings\Lucinda Nibbs\Application Data\IMVUClient
2008-08-28 17:18 . 2008-08-28 17:18 <DIR> d-------- C:\Documents and Settings\Lucinda Nibbs\Citrix
2008-08-28 17:18 . 2008-08-28 17:18 81 --a------ C:\CTX.DAT
2008-08-15 10:20 . 2008-08-20 21:29 24 --a------ C:\Documents and Settings\Lucinda Nibbs\jagex_runescape_preferences.dat
2008-08-14 08:52 . 2008-05-02 00:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 00:29 --------- d-----w C:\Program Files\Common Files\Logitech
2008-09-12 14:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-12 14:33 --------- d-----w C:\Program Files\lx_cats
2008-09-12 13:55 545,280 ----a-w C:\WINDOWS\flashax.exe
2008-09-12 13:55 191,488 ----a-w C:\WINDOWS\Final Fantasy VII Advent Children.scr
2008-09-12 13:55 12,288 ----a-w C:\WINDOWS\impborl.dll
2008-09-12 13:53 191,488 ----a-w C:\WINDOWS\Final Fantasy X-2.scr
2008-09-12 12:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-12 04:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-11 23:54 --------- d-----w C:\Documents and Settings\Lucinda Nibbs\Application Data\LimeWire
2008-09-10 07:18 --------- d-----w C:\Documents and Settings\Lucinda Nibbs\Application Data\IMVU
2008-09-07 02:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-06 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-04 12:31 --------- d-----w C:\Program Files\LimeWire
2008-08-30 02:02 --------- d-----w C:\Program Files\IMVU
2008-08-22 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-04 21:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-02 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-02 09:07 --------- d-----w C:\Documents and Settings\Lucinda Nibbs\Application Data\Screenshot Sender
2008-08-02 08:45 --------- d-----w C:\Program Files\MSN Messenger
2008-08-02 08:45 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-02 07:44 --------- d-----w C:\Program Files\Google
2008-08-02 00:00 --------- d-----w C:\Program Files\epson
2008-07-30 08:49 --------- d-----w C:\Program Files\EA GAMES
2008-07-30 07:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 07:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 07:28 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-29 09:47 --------- d-----w C:\Program Files\Norton Internet Security
2008-07-25 02:41 --------- d-----w C:\Documents and Settings\Lucinda Nibbs\Application Data\IMVU Previewer
2008-07-25 00:22 --------- d-----w C:\Program Files\Windows Live
2008-06-22 02:27 20 ----a-w C:\Program Files\Sims2Pack Clean Installer.ini
2008-03-23 21:01 47,360 ----a-w C:\Documents and Settings\Lucinda Nibbs\Application Data\pcouffin.sys
2007-09-10 08:05 1,386,064 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-09-10 08:05 8 --sha-r C:\WINDOWS\system32\75E60AD081.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-27 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-04-09 1423360]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-20 8429568]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-20 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-12 291760]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-12-12 82864]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-12-12 295856]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-22 106496]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-11 1235736]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-04-20 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-12 113664]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-09-10 303104]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-27 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-12-24 784912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.dvsd"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\lxcrcoms.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"52304:TCP"= 52304:TCP:*:Disabled:SolidNetworkManager
"52304:UDP"= 52304:UDP:*:Disabled:SolidNetworkManager
"59671:TCP"= 59671:TCP:*:Disabled:SolidNetworkManager
"59671:UDP"= 59671:UDP:*:Disabled:SolidNetworkManager
"53659:TCP"= 53659:TCP:*:Disabled:SolidNetworkManager
"53659:UDP"= 53659:UDP:*:Disabled:SolidNetworkManager

R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-05-25 137728]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-11 97928]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-11 231704]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-EPSON Stylus CX5700F Series - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALP.EXE

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Lucinda Nibbs\Application Data\Mozilla\Firefox\Profiles\atmsxgud.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 00:55:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-09-13 1:14:53 - machine was rebooted [Lucinda Nibbs]
ComboFix-quarantined-files.txt 2008-09-12 15:14:05

Pre-Run: 235,939,246,080 bytes free
Post-Run: 237,245,304,832 bytes free

249 --- E O F --- 2008-08-22 17:09:21

LuciLexi

2008-09-12, 17:21

Highjack Scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:15 AM, on 9/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Lucinda Nibbs\Local Settings\Temp\{AD10B058-9D22-4FDB-A899-14E5A339C552}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: Transparent Windows.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Lucinda Nibbs\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189924756187
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://suesundercoverwear.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB49AEB-7093-4FB3-A4EC-09A49478B0C4}: Domain = qld.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11751 bytes

ken545

2008-09-12, 17:50

Luci,

Your HJT log looks fine, BUT, I want you to read this and completely understand it, its the latest avenue of attacks by malware writers and if you use programs like this you will be back posting here real soon :sad:

I don't see them running, you may have uninstalled them but I still see entries for them on your Combofix log

uTorrent
LimeWire

P2P (File Sharing ) programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

This article from InfoWorld illustrates the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/...ID-theft_1.html (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Let me know if you uninstalled them and we can get rid of the leftover entries, and when we're done I will link you to some free tools to install to help keep you more secure

LuciLexi

2008-09-12, 18:06

ken545

2008-09-12, 18:38

Lets see what you have going on

Open Hijackthis
Go to Misc Tools> Open Uninstall Manager.
Click on Save List.
The list will open in Notepad.
Copy and Paste the List into this thread

LuciLexi

2008-09-12, 18:46

Here you go.

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat 5.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe After Effects CS3
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop 6.0
Adobe Photoshop Elements 6.0
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.2
AI Suite
AppCore
ASUSUpdate
Attansic Ethernet Utility
Attansic L1 Gigabit Ethernet Driver
AV
AVG Free 8.0
AVIConverter Smart
CamStudio
ccCommon
ccff7_screensaver
CDDRV_Installer
DIRGE of CERBERUS -Final Fantasy VII- ?????????
DivX
DivX Content Uploader
DivX Player
DivX Web Player
D-Link VGA Webcam
Dream Of Mirror Online
Dynalink ADSL Router USB Driver
Eragon
ESCX5700F User's Guide
Final Fantasy VII Advent Children?????????
Final Fantasy X-2?????????
Harry Potter and the Order of the Phoenix™
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Install(US)2
InterActual Player
InterVideo DVDCopy5
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
KhalInstallWrapper
Lexmark 2400 Series
Lexmark Fax Solutions
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Desktop Messenger
Logitech SetPoint
Macromedia Fireworks MX 2004
Malwarebytes' Anti-Malware
marvell 61xx
MediaCoder 0.6.0
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Movavi Video Converter 6
Mozilla Firefox (2.0.0.11)
MSN Internet Software
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NCH Toolbox Uninstall
Nero OEM
neroxml
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Norton Security Scan
NVIDIA Drivers
PDF Settings
PowerDVD
PowerISO
PowerProducer
QuickTime
Realtek High Definition Audio Driver
RollerCoaster Tycoon 3 Platinum
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Sims2Pack Clean Installer
Sony Vegas Pro 8.0
SPBBC 32bit
Spelling Dictionaries Support For Adobe Reader 8
The Sims 2
The Sims 2 Nightlife
The Sims 2 University
The Sims Makin' Magic
The Sims Superstar
The Sims Unleashed
Transparent Windows
UltimateEnhancer
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb956080)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Win AVI HelixSDK
WinAVI Video Converter
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver

ken545

2008-09-12, 19:12

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Folder::

Folder::
C:\Program Files\DNA
C:\Documents and Settings\Lucinda Nibbs\Application Data\DNA
C:\Documents and Settings\Lucinda Nibbs\Application Data\uTorrent

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=-
"C:\\Program Files\\DNA\\btdna.exe"=-

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

LuciLexi

2008-09-13, 02:40

ComboFix log:

ComboFix 08-09-11.02 - Lucinda Nibbs 2008-09-13 3:18:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1521 [GMT 10:00]
Running from: C:\Documents and Settings\Lucinda Nibbs\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lucinda Nibbs\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-12 to 2008-09-12 )))))))))))))))))))))))))))))))
.

2008-12-25 18:02 . 2008-12-25 18:02 <DIR> d-------- C:\Documents and Settings\Lucinda Nibbs\Application Data\Samsung
2008-12-25 17:55 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-12-25 17:52 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-12-25 17:41 . 2008-12-25 17:54 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-12-25 17:41 . 2008-12-25 17:41 <DIR> d-------- C:\Program Files\Samsung
2008-12-25 17:41 . 2005-12-22 12:24 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-12-25 17:41 . 2005-12-22 12:24 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-12-25 17:41 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-12-25 17:41 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-12-25 17:41 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-12-25 17:41 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-12-25 17:41 . 2005-12-22 12:24 10,864 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-12-25 17:41 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-12-25 10:53 . 2008-12-25 10:53 <DIR> d-------- C:\Program Files\AVIConverter
2008-12-24 21:31 . 2008-12-24 21:31 <DIR> dr-h----- C:\Documents and Settings\Lucinda Nibbs\Application Data\SecuROM
2008-12-24 21:31 . 2008-09-05 13:51 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-12-24 18:43 . 2008-05-10 15:00 <DIR> d-------- C:\Program Files\Electronic Arts
2008-12-24 10:31 . 2008-12-24 10:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-12-24 10:29 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-12-24 10:28 . 2008-12-24 10:29 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-12-24 10:28 . 2008-12-24 10:28 <DIR> d-------- C:\Documents and Settings\Lucinda Nibbs\Application Data\InstallShield
2008-09-13 00:16 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-09-13 00:16 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-09-13 00:01 . 2008-09-13 00:01 <DIR> d-------- C:\WINDOWS\system32\DIRGE of CERBERUS -Final Fantasy VII- dir
2008-09-13 00:01 . 2008-09-13 00:01 201,728 --a------ C:\WINDOWS\system32\DIRGE of CERBERUS -Final Fantasy VII-.scr
2008-09-13 00:00 . 2008-09-13 00:00 <DIR> d-------- C:\WINDOWS\system32\ccff7_screensaver dir
2008-09-13 00:00 . 2008-09-13 00:00 203,264 --a------ C:\WINDOWS\system32\ccff7_screensaver.scr
2008-09-12 22:07 . 2008-09-12 22:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 22:07 . 2008-09-12 22:07 <DIR> d-------- C:\Documents and Settings\Lucinda Nibbs\Application Data\Malwarebytes
2008-09-12 22:07 . 2008-09-12 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-12 22:07 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-12 22:07 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-12 20:57 . 2008-09-12 20:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-12 20:50 . 2008-09-12 02:36 <DIR> d-------- C:\SDFix
2008-09-12 14:44 . 2008-09-12 14:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-12 14:30 . 2008-09-12 14:30 <DIR> d-------- C:\Program Files\Bonjour
2008-09-11 22:22 . 2008-09-11 22:22 <DIR> d-------- C:\!KillBox
2008-09-11 19:08 . 2008-09-13 02:16 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-11 19:01 . 2008-09-12 09:03 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-11 19:01 . 2008-09-11 19:01 <DIR> d-------- C:\Program Files\AVG
2008-09-11 19:01 . 2008-09-11 19:58 <DIR> d-------- C:\Documents and Settings\Lucinda Nibbs\Application Data\AVGTOOLBAR
2008-09-11 19:01 . 2008-09-11 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-11 19:01 . 2008-09-11 19:01 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-11 19:01 . 2008-09-11 19:01 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-10 14:08 . 2008-09-10 14:09 <DIR> d-------- C:\Program Files\DNA
2008-09-10 14:08 . 2008-09-10 22:47 <DIR> d-------- C:\Documents and Settings\Lucinda Nibbs\Application Data\DNA
2008-09-08 13:45 . 2008-09-08 13:53 <DIR> d-------- C:\Documents and Settings\Lucinda Nibbs\Application Data\uTorrent
2008-09-07 13:08 . 2008-09-07 13:08 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-09-07 13:07 . 2003-07-20 01:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-09-07 13:07 . 2005-01-03 16:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-09-07 12:27 . 2008-09-10 14:32 <DIR> d-------- C:\AeriaGames
2008-09-07 09:27 . 2008-09-08 14:11 <DIR> d-------- C:\Program Files\UltimateEnhancer
2008-09-07 05:39 . 2008-09-07 05:39 0 --a------ C:\WINDOWS\iplayer.INI
2008-09-07 05:33 . 2008-09-07 05:33 <DIR> d-------- C:\Program Files\InterActual
2008-09-06 20:57 . 2008-09-06 22:14 <DIR> d-------- C:\Program Files\Discord Times
2008-09-05 12:11 . 2008-09-08 14:13 <DIR> d-------- C:\Program Files\XBCD 360
2008-09-05 12:01 . 2008-09-05 12:01 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-08-30 14:15 . 2008-08-30 14:15 <DIR> d-------- C:\Program Files\Sierra
2008-08-30 12:02 . 2008-08-30 12:20 <DIR> d-------- C:\Documents and Settings\Lucinda Nibbs\Application Data\IMVUClient
2008-08-28 17:18 . 2008-08-28 17:18 <DIR> d-------- C:\Documents and Settings\Lucinda Nibbs\Citrix
2008-08-28 17:18 . 2008-08-28 17:18 81 --a------ C:\CTX.DAT
2008-08-15 10:20 . 2008-08-20 21:29 24 --a------ C:\Documents and Settings\Lucinda Nibbs\jagex_runescape_preferences.dat
2008-08-14 08:52 . 2008-05-02 00:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 00:29 --------- d-----w C:\Program Files\Common Files\Logitech
2008-09-12 17:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-12 16:24 --------- d-----w C:\Program Files\lx_cats
2008-09-12 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-12 15:59 --------- d-----w C:\Program Files\LimeWire
2008-09-12 15:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-12 13:55 545,280 ----a-w C:\WINDOWS\flashax.exe
2008-09-12 13:55 191,488 ----a-w C:\WINDOWS\Final Fantasy VII Advent Children.scr
2008-09-12 13:55 12,288 ----a-w C:\WINDOWS\impborl.dll
2008-09-12 13:53 191,488 ----a-w C:\WINDOWS\Final Fantasy X-2.scr
2008-09-12 12:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-11 23:54 --------- d-----w C:\Documents and Settings\Lucinda Nibbs\Application Data\LimeWire
2008-09-11 12:57 6,976 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-10 07:18 --------- d-----w C:\Documents and Settings\Lucinda Nibbs\Application Data\IMVU
2008-09-07 02:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-06 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-08-30 02:02 --------- d-----w C:\Program Files\IMVU
2008-08-04 21:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-02 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-02 09:07 --------- d-----w C:\Documents and Settings\Lucinda Nibbs\Application Data\Screenshot Sender
2008-08-02 08:45 --------- d-----w C:\Program Files\MSN Messenger
2008-08-02 08:45 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-02 07:44 --------- d-----w C:\Program Files\Google
2008-08-02 00:00 --------- d-----w C:\Program Files\epson
2008-07-30 08:49 --------- d-----w C:\Program Files\EA GAMES
2008-07-30 07:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 07:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 07:28 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-29 09:47 --------- d-----w C:\Program Files\Norton Internet Security
2008-07-25 02:41 --------- d-----w C:\Documents and Settings\Lucinda Nibbs\Application Data\IMVU Previewer
2008-07-25 00:22 --------- d-----w C:\Program Files\Windows Live
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 08:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-22 02:27 20 ----a-w C:\Program Files\Sims2Pack Clean Installer.ini
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-03-23 21:01 47,360 ----a-w C:\Documents and Settings\Lucinda Nibbs\Application Data\pcouffin.sys
2007-09-10 08:05 1,386,064 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2007-09-10 08:05 8 --sha-r C:\WINDOWS\system32\75E60AD081.sys
.

((((((((((((((((((((((((((((( snapshot@2008-09-13_ 1.13.47.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-14 11:45:58 16,901,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-28 14:19:24 1,654,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6215\OGL.DLL
- 2008-08-22 17:05:52 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-09-12 16:21:12 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-08-22 17:05:53 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-09-12 16:21:13 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-08-22 17:05:52 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-09-12 16:21:13 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-08-22 17:05:53 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-09-12 16:21:13 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-08-22 17:05:53 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-09-12 16:21:13 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-08-22 17:05:52 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-09-12 16:21:13 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-08-22 17:05:52 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-09-12 16:21:13 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-08-22 17:05:53 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-09-12 16:21:13 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-08-22 17:05:53 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-09-12 16:21:13 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-08-22 17:05:52 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-09-12 16:21:12 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-09-12 11:22:29 5,920 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{A0854137-2276-477A-932C-75AEB913F68D}.bin
+ 2008-09-12 16:20:55 3,348 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{A0854137-2276-477A-932C-75AEB913F68D}.bin
+ 2007-03-12 04:02:26 947,472 ----a-w C:\WINDOWS\system32\msjava.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-27 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-04-09 1423360]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-20 8429568]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-20 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-12 291760]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-12-12 82864]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-12-12 295856]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-22 106496]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-11 1235736]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-04-20 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-12 113664]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-09-10 303104]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-27 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-12-24 784912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.dvsd"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\lxcrcoms.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"52304:TCP"= 52304:TCP:*:Disabled:SolidNetworkManager
"52304:UDP"= 52304:UDP:*:Disabled:SolidNetworkManager
"59671:TCP"= 59671:TCP:*:Disabled:SolidNetworkManager
"59671:UDP"= 59671:UDP:*:Disabled:SolidNetworkManager
"53659:TCP"= 53659:TCP:*:Disabled:SolidNetworkManager
"53659:UDP"= 53659:UDP:*:Disabled:SolidNetworkManager

R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-05-25 137728]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-11 97928]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-11 231704]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 03:23:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-09-13 3:34:07
ComboFix-quarantined-files.txt 2008-09-12 17:33:05
ComboFix2.txt 2008-09-12 15:14:55

Pre-Run: 238,011,678,720 bytes free
Post-Run: 237,993,959,424 bytes free

240 --- E O F --- 2008-09-12 16:21:17

LuciLexi

2008-09-13, 02:42

Highjack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:18 AM, on 9/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Lucinda Nibbs\Local Settings\Temp\{AD10B058-9D22-4FDB-A899-14E5A339C552}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: Transparent Windows.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Lucinda Nibbs\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189924756187
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://suesundercoverwear.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB49AEB-7093-4FB3-A4EC-09A49478B0C4}: Domain = qld.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11787 bytes

ken545

2008-09-13, 02:47

This one did not take, you can delete it manually.

C:\Program Files\DNA

Lets update your Java to block holes that this garbage may try to sneak in.

Your Java is out of date and leaving your system vulnerable.
Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
It should have an icon next to it:
http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg
Select it and click Remove.

Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5

Reboot your system.
Then go to the Sun Microsystems (http://java.sun.com/javase/downloads/index.jsp) and install the update
Java Runtime Environment (JRE) 6 Update 7 <--This is what you need to download and install.
If you chose the online installation, it will prompt you to run the program.
If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
Then after install you can verify your installation here Sun Java Verify (http://www.java.com/en/download/manual.jsp)
I like to to do the offline installation and save the setup file in case I may need it in the future

Post a new HJT log and if all is ok I will link you to some free programs to install to help keep you more secure and at that point you can say Ken..Adios Amigos :lip:

LuciLexi

2008-09-13, 03:10

Wow you've helped me so much! Thankyou!

Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:28 AM, on 9/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Lucinda Nibbs\Local Settings\Temp\{AD10B058-9D22-4FDB-A899-14E5A339C552}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: Transparent Windows.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Lucinda Nibbs\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189924756187
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://suesundercoverwear.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB49AEB-7093-4FB3-A4EC-09A49478B0C4}: Domain = qld.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11769 bytes

Any kind of protection would be great. Thankyou! :)

ken545

2008-09-13, 03:37

Glad all is well, you have done just great and its been a pleasure to help you. :bigthumb:

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.

Right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore on all Drives.
Click Apply, and then click OK.

Reboot your computer

Turn ON System Restore.

Right-click My Computer.
ClickProperties.
Click the System Restore tab.
UN-Check Turn off System Restore on all Drives.
Click Apply, and then click OK.

Create a new Restore Point <-- Very Important

Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore Point
You need to go into the Control Panel and switch to Catagory View to be able to Create a New Restore Point

System Restore Tutorial (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- If you need it

Smitfraudfix<---Drag it to the trash

SDfix <--- Drag it to the trash

ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.

Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Hijackthis <---Your call, hopefully you won't need it again, if you do you can redownload it

Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png

When shown the disclaimer, Select "2"

The above procedure will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
TonyKlein CastleCops (http://www.castlecops.com/postlite7736-.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)

Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster, you can still install Spybot Search and Destroy but do not enable the TeaTimer in Spybot.

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

Safe Surfn
Ken

LuciLexi

2008-09-13, 03:59

Thankyou for all your help but I have one last question.

Will all of those programs work ok with AVG?

Ok maybe I have two last questions... :)

I also have Norton Protection Center, but I don't use it. So do you think it would be ok to get rid of it? Because it also wants me to update my subscribtion but you have to pay; and its just getting annoying. So what do you think?

ken545

2008-09-13, 04:30

My bad on that one, forgot to mention that you have two anti virus programs running and its not recommended, if you don't want Symantec you can uninstall it via the Add Remove programs in the Control Panel. Do that, reboot and post a new HJT log and let me see if any of it is still running.

Yes the programs I linked you to will work with AVG installed.

LuciLexi

2008-09-13, 05:49

Wow. my computer is so much faster now! Thankyou!

Here is the HighJack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:14 PM, on 9/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Lucinda Nibbs\Local Settings\Temp\{AD10B058-9D22-4FDB-A899-14E5A339C552}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Transparent Windows.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Lucinda Nibbs\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189924756187
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://suesundercoverwear.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB49AEB-7093-4FB3-A4EC-09A49478B0C4}: Domain = qld.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9954 bytes

ken545

2008-09-13, 12:13

Its gone :bigthumb: Two AVs will tend to clog you up a bit.

Take Care,
Ken:)

LuciLexi

2008-09-13, 12:26

Thankyou sooooooooooooooooooo much!!

LuciLexi

2008-09-13, 12:27

Thankyou sooooooooooooooooooo much!!

you take care as well.