PDA

View Full Version : Double-click malware.


Jemindra
2008-11-29, 06:55
Well, double-click and other spyware/malware on this computer aren't being removed when I select remove from the spybot.

Here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:55 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8133FB23-56F0-4D47-841E-50F39C57772B} - C:\WINDOWS\system32\csrsr.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O20 - Winlogon Notify: °À - °À (file missing)
O20 - Winlogon Notify: ÈØ - ÈØ (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: 8àð - 8àð (file missing)
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\system32\jkkjj.dll (file missing)
O20 - Winlogon Notify: p( - p( (file missing)
O20 - Winlogon Notify: winvdb32 - winvdb32.dll (file missing)
O20 - Winlogon Notify: °Xh - °Xh (file missing)
O20 - Winlogon Notify: àˆ˜ - àˆ˜ (file missing)
O21 - SSODL: zip - {709b6275-49d4-47f0-b34a-4adb9d97c854} - C:\WINDOWS\Installer\{709b6275-49d4-47f0-b34a-4adb9d97c854}\zip.dll
O21 - SSODL: UnknownComponent - {9ce0aca9-3b40-4764-99a4-8bb4700752b6} - C:\WINDOWS\Installer\{9ce0aca9-3b40-4764-99a4-8bb4700752b6}\UnknownComponent.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

--
End of file - 4390 bytes
Shaba
2008-12-01, 10:32
Hi Jemindra

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
Jemindra
2008-12-03, 17:25
Thank you, here is the results:

Sansa Media Converter
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.57
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 6
AIM Toolbar 5.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
BellSouth Application Management
CCScore
CIF USB CAMERA
Corel Paint Shop Pro Photo X2
Dell Photo AIO Printer 964
DivX Web Player
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
FastAccess® DSL Help Center 4.1
fflink
Furcadia
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GX Screensaver
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
J2SE Runtime Environment 5.0 Update 12
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 5
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Corporation
Microsoft LifeCam
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Mozilla Firefox (3.0.4)
MP3 Player Utilities
MP3 Rocket
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
netbrdg
Norton PC Checkup
OfotoXMI
PDF Settings
Perfect Attorney Platinum
Print to Fax
QuickTime
RealPlayer
SA30xx Device Manager
SA30xx Media Converter
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SFR
SHASTA
SigmaTel Audio
skin0001
SKINXSDK
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
staticcr
tooltips
Trend Micro PC-cillin Internet Security 14
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957829)
Update for Windows XP (KB925720)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Ventrilo Client
VeohTV BETA
VeohTV BETA
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
VPRINTOL
Windows Imaging Component
Windows Internet Explorer 8 Beta 2
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
WinZip 11.2
WIRELESS
XviD MPEG-4 Video Codec
Shaba
2008-12-03, 17:40
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Ares
BitComet

I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new HJT scan when finished and post the log back here.
Jemindra
2008-12-03, 20:26
They are no longer in my computer... I had removed them from my computer weeks ago and they are not on the Add or Remove Programs list.
Shaba
2008-12-03, 21:20
Please download DDS from Tech Support Forum (http://www.techsupportforum.com/sectools/sUBs/dds/) and save it to your desktop.

Double click on dds to run it.
When done, DDS.txt will open.
You will receive another prompt after a while. Click Yes at the prompt. It will take another few minutes to scan.
When done, Attach.txt will open.
Save them both to your desktop.
Please also copy and paste the contents of DDS.txt and Attach.txt in your next reply.
Jemindra
2008-12-05, 05:15
DDS.txt -

DDS (Version 1.0) - NTFSx86
Run by Vanessa at 23:11:52.37 on Thu 12/04/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.302 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vanessa\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://dragcave.net/
uSearch Page = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
uInternet Connection Wizard,ShellNext = hxxp://sale.playrohan.com/consignlist.asp?worldid=1&Page=1&name=Hard Leather
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
dURLSearchHooks: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
mWinlogon: SFCDisable=4 (0x4)
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {8133FB23-56F0-4D47-841E-50F39C57772B} - c:\windows\system32\csrsr.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: {CE86878F-D099-4FFC-A4DC-E51D192063B1} - c:\windows\system32\xxyxYQHx.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: {D0943516-5076-4020-A3B5-AEFAF26AB263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [dlcjmon.exe] "c:\program files\dell photo aio printer 964\dlcjmon.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\valerie\start menu\programs\imvu\Run IMVU.lnk
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\valerie\start menu\programs\imvu\Run IMVU.lnk
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
TCP: {9518CE09-1064-4B8A-BA20-2E9246339A7A} = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {CE86878F-D099-4FFC-A4DC-E51D192063B1} - c:\windows\system32\xxyxYQHx.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\retxkpjr.dll

============= SERVICES / DRIVERS ===============

R0 uzrnjkvm;uzrnjkvm;c:\windows\system32\drivers\oaaalnmb.dat []
R1 oreans32;oreans32;\??\c:\windows\system32\drivers\oreans32.sys [2008-6-16 33952]
R2 McciCMService;McciCMService;"c:\program files\common files\motive\McciCMService.exe" [2008-4-22 303104]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~2\Tmntsrv.exe [2006-9-18 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~2\TmPfw.exe [2006-8-29 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2006-9-11 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~2\tmproxy.exe [2006-8-29 566872]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2006-8-29 280392]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2008-7-31 24652]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\monmon\my documents\rohanscreenshot\rohanboten1.0.3\NtProcDrv.sys []
S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys []

=============== Created Last 30 ================

2008-12-03 18:16 12 ----h--- C:\reachd.cz
2008-11-27 14:53 201,728 a------- c:\windows\system32\GX Screensaver.scr
2008-11-27 14:53 <DIR> --d----- c:\windows\system32\GX Screensaver dir

==================== Find3M ====================

2008-12-04 18:57 <DIR> --d----- c:\program files\Furcadia
2008-12-04 08:36 <DIR> --d----- c:\program files\Dl_cats
2008-12-03 13:16 <DIR> --d----- c:\docume~1\vanessa\applic~1\uTorrent
2008-11-29 00:51 <DIR> --d----- c:\program files\Trend Micro
2008-11-19 01:48 8,666 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-10-27 02:58 <DIR> --d----- c:\program files\Dell Photo AIO Printer 964
2008-10-24 06:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-19 14:36 <DIR> --d----- c:\program files\Norton PC Checkup
2008-10-19 14:36 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 11:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-10 09:47 <DIR> --d----- c:\docume~1\vanessa\applic~1\fltk.org
2008-10-09 22:40 <DIR> --d----- c:\program files\Sandisk
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-24 17:24 191,680 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2008-09-15 06:57 1,846,016 a------- c:\windows\system32\win32k.sys
2008-09-15 06:57 1,846,016 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-09 07:07 <DIR> --d----- c:\docume~1\vanessa\applic~1\MP3Rocket
2008-08-29 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Dragon's Eye Productions
2008-08-27 21:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-07-31 16:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-07-31 16:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2008-05-17 06:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Corel
2008-05-04 17:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kodak
2008-05-01 09:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\exgvyfor
2008-04-19 11:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-04-15 14:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2008-04-12 16:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Messenger Plus!
2007-05-03 13:25 104 ---shr-- c:\windows\system32\4D8A1E125D.sys
2006-12-22 01:55 88 ---shr-- c:\windows\system32\5D121E8A4D.sys
2008-01-13 01:02 1,055,562 a--sh--- c:\windows\system32\fjwxjwvs.ini2
2008-02-17 00:17 221,042 a--sh--- c:\windows\system32\rjpkxter.ini2

============= FINISH: 23:12:35.70 ===============

Attach.txt -


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/23/2006 2:25:57 AM
System Uptime: 12/4/2008 4:27:07 PM (7 hours ago)

Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 146 GiB total, 70.775 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP266: 9/29/2008 10:19:37 AM - Removed VOCALOID2 Voice DB (Miku)
RP267: 9/29/2008 10:20:22 AM - Removed VOCALOID2 Voice DB (Len)
RP268: 9/29/2008 10:21:45 AM - Removed VOCALOID2 Expression DB (Standard)
RP269: 9/29/2008 10:22:45 AM - Removed VOCALOID2 Editor V2.0
RP270: 9/30/2008 3:00:21 AM - Software Distribution Service 3.0
RP271: 9/30/2008 4:10:08 AM - Software Distribution Service 3.0
RP272: 10/1/2008 2:15:21 AM - Software Distribution Service 3.0
RP273: 10/1/2008 1:26:35 PM - Software Distribution Service 3.0
RP274: 10/2/2008 3:00:19 AM - Software Distribution Service 3.0
RP275: 10/2/2008 3:45:23 AM - Software Distribution Service 3.0
RP276: 10/2/2008 1:13:51 PM - Software Distribution Service 3.0
RP277: 10/3/2008 3:00:21 AM - Software Distribution Service 3.0
RP278: 10/3/2008 3:18:44 AM - Software Distribution Service 3.0
RP279: 10/3/2008 4:01:32 AM - Software Distribution Service 3.0
RP280: 10/4/2008 3:00:19 AM - Software Distribution Service 3.0
RP281: 10/4/2008 5:34:59 AM - Software Distribution Service 3.0
RP282: 10/4/2008 1:01:16 PM - Software Distribution Service 3.0
RP283: 10/4/2008 2:57:35 PM - Removed Adobe Reader 7.1.0
RP284: 10/4/2008 2:58:30 PM - Installed Adobe Reader 9.
RP285: 10/4/2008 4:32:07 PM - Installed Windows Internet Explorer 8.
RP286: 10/5/2008 3:00:20 AM - Software Distribution Service 3.0
RP287: 10/5/2008 3:15:39 AM - Software Distribution Service 3.0
RP288: 10/6/2008 2:54:04 AM - Software Distribution Service 3.0
RP289: 10/7/2008 3:00:18 AM - Software Distribution Service 3.0
RP290: 10/7/2008 3:14:16 AM - Software Distribution Service 3.0
RP291: 10/7/2008 1:29:40 PM - Software Distribution Service 3.0
RP292: 10/8/2008 2:41:58 AM - Software Distribution Service 3.0
RP293: 10/8/2008 12:47:49 PM - Software Distribution Service 3.0
RP294: 10/9/2008 3:00:20 AM - Software Distribution Service 3.0
RP295: 10/9/2008 3:25:06 AM - Software Distribution Service 3.0
RP296: 10/9/2008 7:28:07 AM - Software Distribution Service 3.0
RP297: 10/9/2008 11:40:47 PM - Installed InstallShield Update Service Runtime
RP298: 10/9/2008 11:41:13 PM - Installed InstallShield Update Service Runtime
RP299: 10/10/2008 12:46:29 AM - Software Distribution Service 3.0
RP300: 10/10/2008 3:00:19 AM - Software Distribution Service 3.0
RP301: 10/10/2008 3:30:23 AM - Software Distribution Service 3.0
RP302: 10/10/2008 7:39:55 AM - Software Distribution Service 3.0
RP303: 10/10/2008 6:43:13 PM - Software Distribution Service 3.0
RP304: 10/11/2008 3:00:19 AM - Software Distribution Service 3.0
RP305: 10/11/2008 2:03:42 PM - Software Distribution Service 3.0
RP306: 10/11/2008 5:22:58 PM - Software Distribution Service 3.0
RP307: 10/11/2008 10:42:47 PM - Software Distribution Service 3.0
RP308: 10/12/2008 7:28:14 AM - Software Distribution Service 3.0
RP309: 10/12/2008 7:32:05 AM - Software Distribution Service 3.0
RP310: 10/12/2008 1:42:33 PM - Software Distribution Service 3.0
RP311: 10/12/2008 10:49:28 PM - Software Distribution Service 3.0
RP312: 10/13/2008 2:59:21 AM - Software Distribution Service 3.0
RP313: 10/13/2008 2:37:44 PM - Software Distribution Service 3.0
RP314: 10/14/2008 3:00:16 AM - Software Distribution Service 3.0
RP315: 10/14/2008 3:29:08 AM - Software Distribution Service 3.0
RP316: 10/14/2008 5:47:56 PM - Software Distribution Service 3.0
RP317: 10/16/2008 12:04:05 AM - System Checkpoint
RP318: 10/16/2008 3:00:15 AM - Software Distribution Service 3.0
RP319: 10/16/2008 4:03:45 AM - Software Distribution Service 3.0
RP320: 10/17/2008 2:26:36 AM - Software Distribution Service 3.0
RP321: 10/18/2008 3:00:19 AM - Software Distribution Service 3.0
RP322: 10/18/2008 5:52:26 AM - Software Distribution Service 3.0
RP323: 10/18/2008 6:56:56 PM - Software Distribution Service 3.0
RP324: 10/19/2008 3:00:18 AM - Software Distribution Service 3.0
RP325: 10/19/2008 4:04:06 AM - Software Distribution Service 3.0
RP326: 10/19/2008 4:34:37 AM - Software Distribution Service 3.0
RP327: 10/19/2008 12:36:48 PM - Shockwave Player
RP328: 10/20/2008 1:02:04 PM - Software Distribution Service 3.0
RP329: 10/20/2008 1:11:38 PM - Software Distribution Service 3.0
RP330: 10/20/2008 9:35:36 PM - Software Distribution Service 3.0
RP331: 10/21/2008 2:39:09 AM - Software Distribution Service 3.0
RP332: 10/22/2008 2:21:07 AM - Software Distribution Service 3.0
RP333: 10/22/2008 11:21:36 PM - Software Distribution Service 3.0
RP334: 10/23/2008 2:49:24 AM - Software Distribution Service 3.0
RP335: 10/23/2008 1:32:20 PM - Software Distribution Service 3.0
RP336: 10/23/2008 10:22:27 PM - Software Distribution Service 3.0
RP337: 10/24/2008 3:00:16 AM - Software Distribution Service 3.0
RP338: 10/24/2008 3:40:31 AM - Software Distribution Service 3.0
RP339: 10/24/2008 9:24:11 PM - Installed Windows Internet Explorer 8.
RP340: 10/24/2008 10:09:33 PM - Software Distribution Service 3.0
RP341: 10/25/2008 2:07:41 AM - Software Distribution Service 3.0
RP342: 10/26/2008 3:00:15 AM - Software Distribution Service 3.0
RP343: 10/26/2008 3:31:51 AM - Software Distribution Service 3.0
RP344: 10/26/2008 7:30:33 PM - Software Distribution Service 3.0
RP345: 10/27/2008 3:00:18 AM - Software Distribution Service 3.0
RP346: 10/27/2008 4:41:48 AM - Software Distribution Service 3.0
RP347: 10/27/2008 2:03:53 PM - Installed Adobe Photoshop
RP348: 10/28/2008 1:59:12 AM - Software Distribution Service 3.0
RP349: 10/28/2008 1:28:51 PM - Software Distribution Service 3.0
RP350: 10/29/2008 12:40:55 AM - Software Distribution Service 3.0
RP351: 10/29/2008 8:37:06 PM - Software Distribution Service 3.0
RP352: 10/29/2008 8:41:24 PM - Installed Windows XP WgaNotify.
RP353: 10/30/2008 3:00:15 AM - Software Distribution Service 3.0
RP354: 10/30/2008 3:22:55 AM - Software Distribution Service 3.0
RP355: 10/31/2008 3:00:23 AM - Software Distribution Service 3.0
RP356: 10/31/2008 3:18:19 AM - Software Distribution Service 3.0
RP357: 11/1/2008 3:00:20 AM - Software Distribution Service 3.0
RP358: 11/1/2008 3:11:22 AM - Software Distribution Service 3.0
RP359: 11/2/2008 2:00:20 AM - Software Distribution Service 3.0
RP360: 11/2/2008 8:09:59 AM - Software Distribution Service 3.0
RP361: 11/2/2008 10:29:04 PM - Software Distribution Service 3.0
RP362: 11/3/2008 2:06:22 AM - Software Distribution Service 3.0
RP363: 11/4/2008 2:55:41 AM - Software Distribution Service 3.0
RP364: 11/4/2008 1:20:58 PM - Software Distribution Service 3.0
RP365: 11/5/2008 6:25:31 AM - Software Distribution Service 3.0
RP366: 11/5/2008 1:06:57 PM - Software Distribution Service 3.0
RP367: 11/6/2008 2:06:19 AM - Software Distribution Service 3.0
RP368: 11/6/2008 1:32:14 PM - Software Distribution Service 3.0
RP369: 11/7/2008 2:02:08 AM - Software Distribution Service 3.0
RP370: 11/7/2008 11:46:53 AM - Installed Opera 9.62
RP371: 11/8/2008 3:00:19 AM - Software Distribution Service 3.0
RP372: 11/8/2008 4:26:52 AM - Software Distribution Service 3.0
RP373: 11/8/2008 7:00:45 PM - Software Distribution Service 3.0
RP374: 11/9/2008 1:44:10 AM - Software Distribution Service 3.0
RP375: 11/10/2008 1:47:15 AM - Software Distribution Service 3.0
RP376: 11/10/2008 10:59:10 AM - Removed Opera 9.62
RP377: 11/11/2008 2:48:06 AM - Software Distribution Service 3.0
RP378: 11/12/2008 1:54:07 AM - Software Distribution Service 3.0
RP379: 11/13/2008 10:16:18 AM - System Checkpoint
RP380: 11/14/2008 10:16:32 AM - System Checkpoint
RP381: 11/15/2008 11:24:05 AM - System Checkpoint
RP382: 11/16/2008 11:45:12 AM - System Checkpoint
RP383: 11/17/2008 11:49:58 AM - System Checkpoint
RP384: 11/18/2008 7:01:31 PM - System Checkpoint
RP385: 11/19/2008 7:06:26 PM - System Checkpoint
RP386: 11/20/2008 10:15:26 PM - System Checkpoint
RP387: 11/21/2008 11:24:35 PM - System Checkpoint
RP388: 11/23/2008 2:02:24 AM - System Checkpoint
RP389: 11/24/2008 2:59:02 AM - System Checkpoint
RP390: 11/25/2008 6:43:12 PM - System Checkpoint
RP391: 11/26/2008 10:38:57 PM - System Checkpoint
RP392: 11/28/2008 12:15:20 AM - System Checkpoint
RP393: 11/29/2008 12:38:09 AM - System Checkpoint
RP394: 11/30/2008 12:15:35 PM - System Checkpoint
RP395: 12/1/2008 12:59:08 PM - System Checkpoint
RP396: 12/2/2008 10:10:05 PM - System Checkpoint
RP397: 12/4/2008 1:33:44 AM - System Checkpoint

==== Installed Programs ======================

Sansa Media Converter
µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.57
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Reader 9
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 6
AIM Toolbar 5.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
BellSouth Application Management
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCScore
CIF USB CAMERA
Corel Paint Shop Pro Photo X2
Dell Photo AIO Printer 964
DivX Web Player
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
FastAccess® DSL Help Center 4.1
fflink
Furcadia
Google Earth
Google Toolbar for Internet Explorer
GX Screensaver
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
J2SE Runtime Environment 5.0 Update 12
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 5
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Corporation
Microsoft LifeCam
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Windows Journal Viewer
Mozilla Firefox (3.0.4)
MP3 Player Utilities
MP3 Rocket
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
netbrdg
Norton PC Checkup
OfotoXMI
PDF Settings
Perfect Attorney Platinum
Print to Fax
QuickTime
RealPlayer
SA30xx Device Manager
SA30xx Media Converter
Sansa Media Converter
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SFR
SHASTA
SigmaTel Audio
skin0001
Skins
SKINXSDK
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
staticcr
tooltips
Trend Micro PC-cillin Internet Security 14
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957829)
Update for Windows XP (KB925720)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Ventrilo Client
VeohTV BETA
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8 Beta 2
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
WinZip 11.2
WIRELESS
XML Paper Specification Shared Components Pack 1.0
XviD MPEG-4 Video Codec

==== Event Viewer Messages ===================

11/29/2008 6:01:18 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2008 6:00:33 PM, error: Service Control Manager [7034] - The MSCamSvc service terminated unexpectedly. It has done this 1 time(s).
11/29/2008 6:00:29 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
11/29/2008 4:43:44 PM, error: ati2mtag [45062] - CRT invalid display type
11/29/2008 4:43:31 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
11/28/2008 4:02:29 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 3 time(s).
11/28/2008 3:06:26 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
11/28/2008 10:35:03 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 2 time(s).

==== End Of File ===========================
Shaba
2008-12-05, 11:45
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent

I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new DDS scan when finished and post the logs back here.
Jemindra
2008-12-05, 19:03
uTorrent removed.


DDS (Version 1.0) - NTFSx86
Run by Vanessa at 13:02:23.42 on Fri 12/05/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.182 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Vanessa\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://dragcave.net/
uSearch Page = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
uInternet Connection Wizard,ShellNext = hxxp://sale.playrohan.com/consignlist.asp?worldid=1&Page=1&name=Hard Leather
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
dURLSearchHooks: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
mWinlogon: SFCDisable=4 (0x4)
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {8133FB23-56F0-4D47-841E-50F39C57772B} - c:\windows\system32\csrsr.dll
BHO: {CE86878F-D099-4FFC-A4DC-E51D192063B1} - c:\windows\system32\xxyxYQHx.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: {D0943516-5076-4020-A3B5-AEFAF26AB263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [dlcjmon.exe] "c:\program files\dell photo aio printer 964\dlcjmon.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\valerie\start menu\programs\imvu\Run IMVU.lnk
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\valerie\start menu\programs\imvu\Run IMVU.lnk
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
TCP: {9518CE09-1064-4B8A-BA20-2E9246339A7A} = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {CE86878F-D099-4FFC-A4DC-E51D192063B1} - c:\windows\system32\xxyxYQHx.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\retxkpjr.dll

============= SERVICES / DRIVERS ===============

R0 uzrnjkvm;uzrnjkvm;c:\windows\system32\drivers\oaaalnmb.dat []
R1 oreans32;oreans32;\??\c:\windows\system32\drivers\oreans32.sys [2008-6-16 33952]
R2 McciCMService;McciCMService;"c:\program files\common files\motive\McciCMService.exe" [2008-4-22 303104]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~2\Tmntsrv.exe [2006-9-18 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~2\TmPfw.exe [2006-8-29 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2006-9-11 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~2\tmproxy.exe [2006-8-29 566872]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2008-7-31 24652]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2006-8-29 280392]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\monmon\my documents\rohanscreenshot\rohanboten1.0.3\NtProcDrv.sys []
S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys []

=============== Created Last 30 ================

2008-12-03 18:16 12 ----h--- C:\reachd.cz
2008-11-27 14:53 201,728 a------- c:\windows\system32\GX Screensaver.scr
2008-11-27 14:53 <DIR> --d----- c:\windows\system32\GX Screensaver dir

==================== Find3M ====================

2008-12-05 12:59 <DIR> --d----- c:\program files\MP3 Rocket
2008-12-05 12:59 <DIR> --d----- c:\docume~1\vanessa\applic~1\MP3Rocket
2008-12-04 18:57 <DIR> --d----- c:\program files\Furcadia
2008-12-04 08:36 <DIR> --d----- c:\program files\Dl_cats
2008-11-29 00:51 <DIR> --d----- c:\program files\Trend Micro
2008-11-19 01:48 8,666 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-10-27 02:58 <DIR> --d----- c:\program files\Dell Photo AIO Printer 964
2008-10-24 06:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-19 14:36 <DIR> --d----- c:\program files\Norton PC Checkup
2008-10-19 14:36 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 11:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-10 09:47 <DIR> --d----- c:\docume~1\vanessa\applic~1\fltk.org
2008-10-09 22:40 <DIR> --d----- c:\program files\Sandisk
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-24 17:24 191,680 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2008-09-15 06:57 1,846,016 a------- c:\windows\system32\win32k.sys
2008-09-15 06:57 1,846,016 -------- c:\windows\system32\dllcache\win32k.sys
2008-08-29 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Dragon's Eye Productions
2008-08-27 21:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-07-31 16:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-07-31 16:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2008-05-17 06:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Corel
2008-05-04 17:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kodak
2008-05-01 09:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\exgvyfor
2008-04-19 11:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-04-15 14:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2008-04-12 16:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Messenger Plus!
2007-05-03 13:25 104 ---shr-- c:\windows\system32\4D8A1E125D.sys
2006-12-22 01:55 88 ---shr-- c:\windows\system32\5D121E8A4D.sys
2008-01-13 01:02 1,055,562 a--sh--- c:\windows\system32\fjwxjwvs.ini2
2008-02-17 00:17 221,042 a--sh--- c:\windows\system32\rjpkxter.ini2

============= FINISH: 13:02:39.15 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/23/2006 2:25:57 AM
System Uptime: 12/5/2008 12:33:15 PM (1 hours ago)

Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 146 GiB total, 72.545 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP283: 10/4/2008 2:57:35 PM - Removed Adobe Reader 7.1.0
RP284: 10/4/2008 2:58:30 PM - Installed Adobe Reader 9.
RP285: 10/4/2008 4:32:07 PM - Installed Windows Internet Explorer 8.
RP286: 10/5/2008 3:00:20 AM - Software Distribution Service 3.0
RP287: 10/5/2008 3:15:39 AM - Software Distribution Service 3.0
RP288: 10/6/2008 2:54:04 AM - Software Distribution Service 3.0
RP289: 10/7/2008 3:00:18 AM - Software Distribution Service 3.0
RP290: 10/7/2008 3:14:16 AM - Software Distribution Service 3.0
RP291: 10/7/2008 1:29:40 PM - Software Distribution Service 3.0
RP292: 10/8/2008 2:41:58 AM - Software Distribution Service 3.0
RP293: 10/8/2008 12:47:49 PM - Software Distribution Service 3.0
RP294: 10/9/2008 3:00:20 AM - Software Distribution Service 3.0
RP295: 10/9/2008 3:25:06 AM - Software Distribution Service 3.0
RP296: 10/9/2008 7:28:07 AM - Software Distribution Service 3.0
RP297: 10/9/2008 11:40:47 PM - Installed InstallShield Update Service Runtime
RP298: 10/9/2008 11:41:13 PM - Installed InstallShield Update Service Runtime
RP299: 10/10/2008 12:46:29 AM - Software Distribution Service 3.0
RP300: 10/10/2008 3:00:19 AM - Software Distribution Service 3.0
RP301: 10/10/2008 3:30:23 AM - Software Distribution Service 3.0
RP302: 10/10/2008 7:39:55 AM - Software Distribution Service 3.0
RP303: 10/10/2008 6:43:13 PM - Software Distribution Service 3.0
RP304: 10/11/2008 3:00:19 AM - Software Distribution Service 3.0
RP305: 10/11/2008 2:03:42 PM - Software Distribution Service 3.0
RP306: 10/11/2008 5:22:58 PM - Software Distribution Service 3.0
RP307: 10/11/2008 10:42:47 PM - Software Distribution Service 3.0
RP308: 10/12/2008 7:28:14 AM - Software Distribution Service 3.0
RP309: 10/12/2008 7:32:05 AM - Software Distribution Service 3.0
RP310: 10/12/2008 1:42:33 PM - Software Distribution Service 3.0
RP311: 10/12/2008 10:49:28 PM - Software Distribution Service 3.0
RP312: 10/13/2008 2:59:21 AM - Software Distribution Service 3.0
RP313: 10/13/2008 2:37:44 PM - Software Distribution Service 3.0
RP314: 10/14/2008 3:00:16 AM - Software Distribution Service 3.0
RP315: 10/14/2008 3:29:08 AM - Software Distribution Service 3.0
RP316: 10/14/2008 5:47:56 PM - Software Distribution Service 3.0
RP317: 10/16/2008 12:04:05 AM - System Checkpoint
RP318: 10/16/2008 3:00:15 AM - Software Distribution Service 3.0
RP319: 10/16/2008 4:03:45 AM - Software Distribution Service 3.0
RP320: 10/17/2008 2:26:36 AM - Software Distribution Service 3.0
RP321: 10/18/2008 3:00:19 AM - Software Distribution Service 3.0
RP322: 10/18/2008 5:52:26 AM - Software Distribution Service 3.0
RP323: 10/18/2008 6:56:56 PM - Software Distribution Service 3.0
RP324: 10/19/2008 3:00:18 AM - Software Distribution Service 3.0
RP325: 10/19/2008 4:04:06 AM - Software Distribution Service 3.0
RP326: 10/19/2008 4:34:37 AM - Software Distribution Service 3.0
RP327: 10/19/2008 12:36:48 PM - Shockwave Player
RP328: 10/20/2008 1:02:04 PM - Software Distribution Service 3.0
RP329: 10/20/2008 1:11:38 PM - Software Distribution Service 3.0
RP330: 10/20/2008 9:35:36 PM - Software Distribution Service 3.0
RP331: 10/21/2008 2:39:09 AM - Software Distribution Service 3.0
RP332: 10/22/2008 2:21:07 AM - Software Distribution Service 3.0
RP333: 10/22/2008 11:21:36 PM - Software Distribution Service 3.0
RP334: 10/23/2008 2:49:24 AM - Software Distribution Service 3.0
RP335: 10/23/2008 1:32:20 PM - Software Distribution Service 3.0
RP336: 10/23/2008 10:22:27 PM - Software Distribution Service 3.0
RP337: 10/24/2008 3:00:16 AM - Software Distribution Service 3.0
RP338: 10/24/2008 3:40:31 AM - Software Distribution Service 3.0
RP339: 10/24/2008 9:24:11 PM - Installed Windows Internet Explorer 8.
RP340: 10/24/2008 10:09:33 PM - Software Distribution Service 3.0
RP341: 10/25/2008 2:07:41 AM - Software Distribution Service 3.0
RP342: 10/26/2008 3:00:15 AM - Software Distribution Service 3.0
RP343: 10/26/2008 3:31:51 AM - Software Distribution Service 3.0
RP344: 10/26/2008 7:30:33 PM - Software Distribution Service 3.0
RP345: 10/27/2008 3:00:18 AM - Software Distribution Service 3.0
RP346: 10/27/2008 4:41:48 AM - Software Distribution Service 3.0
RP347: 10/27/2008 2:03:53 PM - Installed Adobe Photoshop
RP348: 10/28/2008 1:59:12 AM - Software Distribution Service 3.0
RP349: 10/28/2008 1:28:51 PM - Software Distribution Service 3.0
RP350: 10/29/2008 12:40:55 AM - Software Distribution Service 3.0
RP351: 10/29/2008 8:37:06 PM - Software Distribution Service 3.0
RP352: 10/29/2008 8:41:24 PM - Installed Windows XP WgaNotify.
RP353: 10/30/2008 3:00:15 AM - Software Distribution Service 3.0
RP354: 10/30/2008 3:22:55 AM - Software Distribution Service 3.0
RP355: 10/31/2008 3:00:23 AM - Software Distribution Service 3.0
RP356: 10/31/2008 3:18:19 AM - Software Distribution Service 3.0
RP357: 11/1/2008 3:00:20 AM - Software Distribution Service 3.0
RP358: 11/1/2008 3:11:22 AM - Software Distribution Service 3.0
RP359: 11/2/2008 2:00:20 AM - Software Distribution Service 3.0
RP360: 11/2/2008 8:09:59 AM - Software Distribution Service 3.0
RP361: 11/2/2008 10:29:04 PM - Software Distribution Service 3.0
RP362: 11/3/2008 2:06:22 AM - Software Distribution Service 3.0
RP363: 11/4/2008 2:55:41 AM - Software Distribution Service 3.0
RP364: 11/4/2008 1:20:58 PM - Software Distribution Service 3.0
RP365: 11/5/2008 6:25:31 AM - Software Distribution Service 3.0
RP366: 11/5/2008 1:06:57 PM - Software Distribution Service 3.0
RP367: 11/6/2008 2:06:19 AM - Software Distribution Service 3.0
RP368: 11/6/2008 1:32:14 PM - Software Distribution Service 3.0
RP369: 11/7/2008 2:02:08 AM - Software Distribution Service 3.0
RP370: 11/7/2008 11:46:53 AM - Installed Opera 9.62
RP371: 11/8/2008 3:00:19 AM - Software Distribution Service 3.0
RP372: 11/8/2008 4:26:52 AM - Software Distribution Service 3.0
RP373: 11/8/2008 7:00:45 PM - Software Distribution Service 3.0
RP374: 11/9/2008 1:44:10 AM - Software Distribution Service 3.0
RP375: 11/10/2008 1:47:15 AM - Software Distribution Service 3.0
RP376: 11/10/2008 10:59:10 AM - Removed Opera 9.62
RP377: 11/11/2008 2:48:06 AM - Software Distribution Service 3.0
RP378: 11/12/2008 1:54:07 AM - Software Distribution Service 3.0
RP379: 11/13/2008 10:16:18 AM - System Checkpoint
RP380: 11/14/2008 10:16:32 AM - System Checkpoint
RP381: 11/15/2008 11:24:05 AM - System Checkpoint
RP382: 11/16/2008 11:45:12 AM - System Checkpoint
RP383: 11/17/2008 11:49:58 AM - System Checkpoint
RP384: 11/18/2008 7:01:31 PM - System Checkpoint
RP385: 11/19/2008 7:06:26 PM - System Checkpoint
RP386: 11/20/2008 10:15:26 PM - System Checkpoint
RP387: 11/21/2008 11:24:35 PM - System Checkpoint
RP388: 11/23/2008 2:02:24 AM - System Checkpoint
RP389: 11/24/2008 2:59:02 AM - System Checkpoint
RP390: 11/25/2008 6:43:12 PM - System Checkpoint
RP391: 11/26/2008 10:38:57 PM - System Checkpoint
RP392: 11/28/2008 12:15:20 AM - System Checkpoint
RP393: 11/29/2008 12:38:09 AM - System Checkpoint
RP394: 11/30/2008 12:15:35 PM - System Checkpoint
RP395: 12/1/2008 12:59:08 PM - System Checkpoint
RP396: 12/2/2008 10:10:05 PM - System Checkpoint
RP397: 12/4/2008 1:33:44 AM - System Checkpoint
RP398: 12/5/2008 1:00:59 PM - Removed Google Toolbar for Internet Explorer

==== Installed Programs ======================

Sansa Media Converter
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.57
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Reader 9
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 6
AIM Toolbar 5.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
BellSouth Application Management
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCScore
CIF USB CAMERA
Corel Paint Shop Pro Photo X2
Dell Photo AIO Printer 964
DivX Web Player
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
FastAccess® DSL Help Center 4.1
fflink
Furcadia
Google Earth
GX Screensaver
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
J2SE Runtime Environment 5.0 Update 12
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 5
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Corporation
Microsoft LifeCam
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Windows Journal Viewer
Mozilla Firefox (3.0.4)
MP3 Player Utilities
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
netbrdg
Norton PC Checkup
OfotoXMI
PDF Settings
Perfect Attorney Platinum
Print to Fax
QuickTime
RealPlayer
SA30xx Device Manager
SA30xx Media Converter
Sansa Media Converter
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SFR
SHASTA
SigmaTel Audio
skin0001
Skins
SKINXSDK
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
staticcr
tooltips
Trend Micro PC-cillin Internet Security 14
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957829)
Update for Windows XP (KB925720)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Ventrilo Client
VeohTV BETA
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8 Beta 2
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
WinZip 11.2
WIRELESS
XML Paper Specification Shared Components Pack 1.0
XviD MPEG-4 Video Codec

==== Event Viewer Messages ===================

11/30/2008 2:39:49 AM, error: ati2mtag [45062] - CRT invalid display type
11/30/2008 2:39:33 AM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
11/29/2008 6:01:18 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2008 6:00:33 PM, error: Service Control Manager [7034] - The MSCamSvc service terminated unexpectedly. It has done this 1 time(s).
11/29/2008 6:00:29 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
11/28/2008 4:02:29 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 3 time(s).
11/28/2008 3:06:26 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
11/28/2008 10:35:03 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 2 time(s).

==== End Of File ===========================
Shaba
2008-12-05, 19:06
Disable resident protections (Antivirus...); you'll re-enable them after the scan

DownloadLop S&D here (http://eric.71.mespages.googlepages.com/LopSD.exe)

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (C:\lopR.txt)
Jemindra
2008-12-07, 07:01
--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
USER : Ingrid Shepherd ( Administrator )
BOOT : Normal boot
Antivirus : PC-cillin Internet Security - Virus Protection 14.60.1206 (Activated)
Firewall : PC-cillin Internet Security - Firewall 14 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:145 Go (Free:72 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
G:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Sun 12/07/2008| 0:52 )

--------------------\\ Listing folders in APPLIC~1

[03/20/2006|05:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Corel
[03/20/2006|05:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Google
[07/22/2006|04:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Gtek
[08/11/2004|06:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[03/20/2006|04:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[03/20/2006|04:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun

[07/31/2008|04:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore
[10/04/2008|01:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[05/27/2008|03:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[07/31/2008|04:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[04/12/2008|03:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[09/28/2008|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[04/12/2008|04:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI
[05/01/2008|03:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BVRP Software
[05/17/2008|06:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Corel
[08/29/2008|04:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dragon's Eye Productions
[05/01/2008|09:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> exgvyfor
[05/25/2008|04:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[12/05/2008|01:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[04/22/2008|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[05/04/2008|05:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[04/12/2008|04:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Messenger Plus!
[09/24/2008|05:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[11/12/2008|01:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[04/22/2008|05:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Motive
[08/27/2008|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[04/19/2008|11:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[08/10/2008|06:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[04/15/2008|02:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trend Micro
[07/31/2008|04:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[04/12/2008|04:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[04/15/2008|08:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip
[07/21/2008|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller

[01/10/2007|09:34] C:\DOCUME~1\APPLIC~1\APPLIC~1\<DIR> Microsoft

[10/24/2008|11:49] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Adobe
[05/24/2008|02:07] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> AdobeUM
[08/12/2006|04:32] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Apple Computer
[06/24/2007|01:59] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> ATI
[05/31/2008|02:21] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Corel
[03/27/2006|12:26] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Corel Photo Album
[07/06/2007|02:34] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Download Manager
[10/28/2008|11:39] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> dvdcss
[04/06/2008|01:53] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Funk creative amen
[04/11/2007|11:53] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Google
[05/02/2007|10:10] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Gtek
[04/22/2006|12:35] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Help
[04/11/2008|10:38] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Identities
[07/07/2008|10:40] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> IMVU
[07/08/2006|12:26] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Jasc Software Inc
[11/14/2008|11:38] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Lavasoft
[03/29/2006|12:59] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Leadertech
[03/23/2006|09:48] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Macromedia
[09/23/2008|10:46] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Microsoft
[04/16/2006|11:02] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Microsoft Web Folders
[05/19/2008|09:04] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Mozilla
[09/22/2008|04:57] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> MP3Rocket
[01/08/2007|12:08] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> MSN6
[11/21/2006|08:05] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> MSNInstaller
[02/25/2007|12:36] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> MySpace
[11/03/2006|09:07] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Real
[11/27/2007|02:13] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Skype
[03/20/2006|04:50] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Sun
[06/20/2008|12:46] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[07/12/2006|07:49] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Talkback
[10/14/2006|12:18] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Ventrilo
[03/25/2008|11:23] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> vlc
[02/15/2008|03:45] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> Winamp
[07/06/2007|02:51] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> WinRAR
[10/18/2007|02:21] C:\DOCUME~1\CARLSH~1\APPLIC~1\<DIR> yahoo!

[03/20/2006|05:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Corel
[03/20/2006|05:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Google
[07/22/2006|04:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Gtek
[08/11/2004|06:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[03/20/2006|04:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[03/20/2006|04:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[03/20/2006|05:02] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Corel
[03/20/2006|05:03] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Google
[07/22/2006|04:45] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Gtek
[08/11/2004|06:20] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Identities
[12/21/2006|06:59] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Microsoft
[12/21/2006|06:59] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Real
[03/20/2006|04:50] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Sun

[03/13/2007|12:32] C:\DOCUME~1\INGRID~1\APPLIC~1\<DIR> Adobe
[03/20/2006|05:02] C:\DOCUME~1\INGRID~1\APPLIC~1\<DIR> Corel
[03/18/2007|03:29] C:\DOCUME~1\INGRID~1\APPLIC~1\<DIR> Corel Photo Album
[07/22/2006|04:45] C:\DOCUME~1\INGRID~1\APPLIC~1\<DIR> Gtek
[03/11/2007|04:18] C:\DOCUME~1\INGRID~1\APPLIC~1\<DIR> Macromedia
[03/18/2007|03:30] C:\DOCUME~1\INGRID~1\APPLIC~1\<DIR> Microsoft
[03/11/2007|04:14] C:\DOCUME~1\INGRID~1\APPLIC~1\<DIR> Mozilla
[03/20/2006|04:50] C:\DOCUME~1\INGRID~1\APPLIC~1\<DIR> Sun

[09/17/2008|11:30] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> Adobe
[04/04/2007|01:19] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> AdobeUM
[06/24/2007|08:12] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> ATI
[03/20/2006|05:02] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> Corel
[04/06/2008|06:59] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> Funk creative amen
[04/15/2007|08:58] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> Google
[07/22/2006|04:45] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> Gtek
[08/11/2004|06:20] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> Identities
[07/27/2008|01:55] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> IMVU
[08/19/2007|09:02] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> Jasc Software Inc
[06/19/2007|06:55] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> Lavasoft
[03/19/2007|02:45] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> Macromedia
[06/22/2008|10:12] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> Microsoft
[05/19/2008|06:09] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> Mozilla
[02/11/2008|07:55] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> Real
[01/15/2008|11:37] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> Skype
[03/20/2006|04:50] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> Sun
[10/23/2007|08:23] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> Ventrilo
[01/16/2008|08:54] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> Winamp
[08/25/2007|01:53] C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\<DIR> WinRAR

[06/06/2006|09:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Help
[04/07/2007|12:43] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[07/05/2007|01:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Mozilla

[10/19/2008|02:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Adobe
[10/19/2008|02:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Macromedia
[07/21/2008|12:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[05/04/2008|07:08] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> acccore
[11/07/2008|09:46] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> Adobe
[05/07/2008|06:09] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> AdobeUM
[06/18/2008|09:11] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> Corel
[03/20/2006|05:03] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> Google
[07/22/2006|04:45] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> Gtek
[11/06/2008|06:27] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> gtk-2.0
[08/11/2004|06:20] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> Identities
[12/06/2008|10:06] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> IMVU
[07/25/2008|05:54] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> IMVU Previewer
[10/19/2008|05:07] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> IMVUClient
[05/17/2008|06:25] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> InstallShield
[11/14/2008|03:53] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> Lavasoft
[05/03/2008|07:22] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> Macromedia
[09/25/2008|08:30] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> Microsoft
[05/19/2008|03:48] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> Mozilla
[05/16/2008|06:35] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> MP3Rocket
[07/02/2008|09:51] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> Real
[06/19/2008|02:06] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> Softplicity
[03/20/2006|04:50] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> Sun
[08/27/2008|09:17] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> Ventrilo
[07/31/2008|04:47] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> Viewpoint
[08/20/2008|04:06] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> vlc
[06/18/2008|08:52] C:\DOCUME~1\Valerie\APPLIC~1\<DIR> WinRAR


[08/26/2008|03:30] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> acccore
[09/29/2008|09:01] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> Adobe
[09/29/2008|09:02] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> AdobeUM
[09/22/2008|02:26] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> Apple Computer
[10/09/2008|11:12] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> Corel
[10/28/2008|05:25] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> dvdcss
[10/10/2008|09:47] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> fltk.org
[03/20/2006|05:03] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> Google
[07/22/2006|04:45] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> Gtek
[08/11/2004|06:20] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> Identities
[09/29/2008|08:15] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> InstallShield
[11/14/2008|02:24] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> Lavasoft
[07/28/2008|12:42] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> Macromedia
[10/06/2008|11:50] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> Microsoft
[07/28/2008|12:40] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> Mozilla
[12/05/2008|12:59] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> MP3Rocket
[11/07/2008|11:47] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> Opera
[09/22/2008|09:04] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> Real
[03/20/2006|04:50] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> Sun
[07/29/2008|05:18] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> Ventrilo
[09/28/2008|01:24] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> Viewpoint
[08/06/2008|10:45] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> vlc
[09/17/2008|08:38] C:\DOCUME~1\Vanessa\APPLIC~1\<DIR> WinRAR

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[12/06/2008 10:17 PM][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{17D1112B-D625-4A9D-86EE-91CD8CD97DA5}.job
[12/07/2008 12:00 AM][--ah-----] C:\WINDOWS\tasks\B3E20E999389BDA1.job
[11/07/2008 11:50 AM][--a------] C:\WINDOWS\tasks\EasyShare Registration Task.job
[12/06/2008 08:39 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 06:00 AM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

( B3E20E999389BDA1.job )=( c:\docume~1\valeri~1\applic~1\funkcr~1\sectplusloud.exe )

--------------------\\ Listing Folders in C:\Program Files

[08/20/2006|01:09] C:\Program Files\<DIR> 3ivx
[10/07/2008|11:28] C:\Program Files\<DIR> 7-Zip
[06/01/2008|02:53] C:\Program Files\<DIR> Abbyy FineReader 6.0 Sprint
[08/25/2007|01:40] C:\Program Files\<DIR> ActivationManager
[10/04/2008|02:00] C:\Program Files\<DIR> Adobe
[08/25/2007|01:39] C:\Program Files\<DIR> ADSTechnology
[07/31/2008|04:46] C:\Program Files\<DIR> AIM6
[07/31/2008|04:46] C:\Program Files\<DIR> AOL
[03/06/2008|02:54] C:\Program Files\<DIR> ATI Technologies
[04/22/2008|05:48] C:\Program Files\<DIR> att-nap
[09/18/2007|10:22] C:\Program Files\<DIR> Audible
[04/22/2008|06:36] C:\Program Files\<DIR> BellSouth
[05/19/2008|09:03] C:\Program Files\<DIR> BellSouth Application Management
[02/23/2008|08:43] C:\Program Files\<DIR> BitComet
[09/28/2008|12:45] C:\Program Files\<DIR> Bonjour
[12/10/2006|03:30] C:\Program Files\<DIR> CIF USB CAMERA
[04/19/2008|12:17] C:\Program Files\<DIR> Circle Developement
[06/25/2007|01:08] C:\Program Files\<DIR> Combined Community Codec Pack
[10/19/2008|02:36] C:\Program Files\<DIR> Common Files
[07/23/2006|12:11] C:\Program Files\<DIR> CONEXANT
[06/18/2008|09:08] C:\Program Files\<DIR> Corel
[09/09/2007|12:48] C:\Program Files\<DIR> Cosmi
[06/15/2007|09:36] C:\Program Files\<DIR> Datel
[05/02/2007|11:00] C:\Program Files\<DIR> Debugging Tools for Windows
[05/04/2007|11:05] C:\Program Files\<DIR> Dell
[10/27/2008|02:58] C:\Program Files\<DIR> Dell Photo AIO Printer 964
[05/02/2007|10:09] C:\Program Files\<DIR> DellConnect
[05/26/2007|03:44] C:\Program Files\<DIR> Design Science
[08/17/2007|04:19] C:\Program Files\<DIR> DGCA
[07/22/2008|06:06] C:\Program Files\<DIR> DivX
[12/07/2008|12:50] C:\Program Files\<DIR> Dl_cats
[05/25/2008|09:33] C:\Program Files\<DIR> FeelRO Game Client
[08/29/2008|06:23] C:\Program Files\<DIR> FlashGet
[12/06/2008|07:47] C:\Program Files\<DIR> Furcadia
[12/05/2008|04:32] C:\Program Files\<DIR> Google
[05/17/2008|11:27] C:\Program Files\<DIR> Gravity
[04/30/2008|01:56] C:\Program Files\<DIR> HijackThis
[07/25/2008|05:49] C:\Program Files\<DIR> ImvuTools2
[10/27/2008|01:03] C:\Program Files\<DIR> InstallShield Installation Information
[07/08/2006|03:06] C:\Program Files\<DIR> Intel
[07/06/2006|01:03] C:\Program Files\<DIR> Intel Corporation
[10/24/2008|08:25] C:\Program Files\<DIR> Internet Explorer
[06/07/2006|12:54] C:\Program Files\<DIR> Jasc Software Inc
[04/11/2008|06:50] C:\Program Files\<DIR> Java
[01/04/2008|11:59] C:\Program Files\<DIR> Kodak
[05/02/2007|11:49] C:\Program Files\<DIR> Lavasoft
[08/29/2008|06:23] C:\Program Files\<DIR> Messenger
[09/02/2008|06:40] C:\Program Files\<DIR> Messenger Plus! Live
[04/16/2006|11:09] C:\Program Files\<DIR> microsoft frontpage
[09/24/2008|05:05] C:\Program Files\<DIR> Microsoft LifeCam
[05/15/2008|10:32] C:\Program Files\<DIR> Microsoft Office
[03/20/2006|04:55] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[03/20/2006|04:55] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[10/20/2008|03:13] C:\Program Files\<DIR> Microsoft Silverlight
[04/05/2008|07:34] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[06/06/2007|10:38] C:\Program Files\<DIR> Microsoft Visual Studio
[05/15/2008|10:27] C:\Program Files\<DIR> Microsoft Visual Studio 8
[05/15/2008|10:32] C:\Program Files\<DIR> Microsoft Works
[05/15/2008|10:30] C:\Program Files\<DIR> Microsoft.NET
[08/27/2008|09:29] C:\Program Files\<DIR> mIRC
[08/29/2008|06:23] C:\Program Files\<DIR> Modem Helper
[08/11/2004|06:12] C:\Program Files\<DIR> Movie Maker
[12/06/2008|11:13] C:\Program Files\<DIR> Mozilla Firefox
[12/05/2008|12:59] C:\Program Files\<DIR> MP3 Rocket
[09/24/2008|04:55] C:\Program Files\<DIR> MSBuild
[05/13/2007|04:28] C:\Program Files\<DIR> MSN
[07/23/2006|02:39] C:\Program Files\<DIR> MSN Apps
[10/17/2007|03:45] C:\Program Files\<DIR> msn gaming zone
[06/15/2007|09:37] C:\Program Files\<DIR> MSXML 4.0
[09/26/2008|02:02] C:\Program Files\<DIR> MSXML 6.0
[07/06/2006|11:03] C:\Program Files\<DIR> MUSICMATCH
[08/11/2004|06:12] C:\Program Files\<DIR> NetMeeting
[10/19/2008|02:36] C:\Program Files\<DIR> Norton PC Checkup
[08/11/2004|06:11] C:\Program Files\<DIR> Online Services
[11/10/2008|10:59] C:\Program Files\<DIR> Opera
[06/13/2007|11:19] C:\Program Files\<DIR> Outlook Express
[05/20/2008|09:20] C:\Program Files\<DIR> Philips
[09/22/2008|02:25] C:\Program Files\<DIR> QuickTime
[08/27/2006|01:46] C:\Program Files\<DIR> Real
[09/24/2008|04:52] C:\Program Files\<DIR> Reference Assemblies
[04/30/2008|03:18] C:\Program Files\<DIR> RegistrySmart
[06/20/2008|12:47] C:\Program Files\<DIR> Ringz Studio
[03/20/2006|05:02] C:\Program Files\<DIR> Roxio
[10/09/2008|10:40] C:\Program Files\<DIR> Sandisk
[03/20/2006|04:52] C:\Program Files\<DIR> Sigmatel
[05/10/2008|09:52] C:\Program Files\<DIR> Skype
[06/25/2007|02:03] C:\Program Files\<DIR> SmartFTP Client
[11/03/2007|02:11] C:\Program Files\<DIR> Sonic
[09/30/2008|08:17] C:\Program Files\<DIR> Spybot - Search & Destroy
[06/20/2008|12:46] C:\Program Files\<DIR> SUPERAntiSpyware
[06/20/2008|12:43] C:\Program Files\<DIR> TotalImageConverter
[11/29/2008|12:51] C:\Program Files\<DIR> Trend Micro
[08/11/2004|06:20] C:\Program Files\<DIR> Uninstall Information
[04/16/2008|07:35] C:\Program Files\<DIR> Ventrilo
[10/26/2007|04:11] C:\Program Files\<DIR> Veoh Networks
[07/15/2007|07:56] C:\Program Files\<DIR> VideoLAN
[07/31/2008|04:46] C:\Program Files\<DIR> Viewpoint
[09/29/2008|09:22] C:\Program Files\<DIR> VOCALOID2
[04/07/2007|04:41] C:\Program Files\<DIR> Windows Journal Viewer
[07/21/2008|11:06] C:\Program Files\<DIR> Windows Live
[05/11/2007|10:46] C:\Program Files\<DIR> Windows Media Connect 2
[05/03/2008|07:56] C:\Program Files\<DIR> Windows Media Player
[06/06/2007|10:37] C:\Program Files\<DIR> Windows Messaging
[10/12/2007|08:17] C:\Program Files\<DIR> Windows NT
[08/11/2004|06:13] C:\Program Files\<DIR> WindowsUpdate
[11/13/2007|08:16] C:\Program Files\<DIR> WinRAR
[04/15/2008|08:12] C:\Program Files\<DIR> WinZip
[03/20/2006|04:57] C:\Program Files\<DIR> WordPerfect Office 12
[08/11/2004|06:15] C:\Program Files\<DIR> xerox
[07/02/2007|05:07] C:\Program Files\<DIR> Yahoo!
[06/20/2008|12:45] C:\Program Files\<DIR> ZD Soft

--------------------\\ Listing Folders in C:\Program Files\Common Files

[10/04/2008|01:59] C:\Program Files\Common Files\<DIR> Adobe
[10/04/2008|01:59] C:\Program Files\Common Files\<DIR> Adobe AIR
[05/27/2008|03:09] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[07/31/2008|04:45] C:\Program Files\Common Files\<DIR> AOL
[09/24/2008|08:57] C:\Program Files\Common Files\<DIR> Apple
[03/20/2006|04:57] C:\Program Files\Common Files\<DIR> Borland Shared
[06/18/2008|09:10] C:\Program Files\Common Files\<DIR> Corel
[09/09/2007|12:48] C:\Program Files\Common Files\<DIR> Cosmi
[05/15/2008|10:32] C:\Program Files\Common Files\<DIR> DESIGNER
[04/11/2008|10:33] C:\Program Files\Common Files\<DIR> INCA Shared
[03/20/2006|04:57] C:\Program Files\Common Files\<DIR> InstallShield
[03/27/2006|11:16] C:\Program Files\Common Files\<DIR> Jasc Software Inc
[03/20/2006|04:50] C:\Program Files\Common Files\<DIR> Java
[01/04/2008|11:55] C:\Program Files\Common Files\<DIR> Kodak
[05/25/2008|04:31] C:\Program Files\Common Files\<DIR> Macrovision Shared
[08/01/2008|01:47] C:\Program Files\Common Files\<DIR> Microsoft Shared
[04/22/2008|06:23] C:\Program Files\Common Files\<DIR> Motive
[08/11/2004|06:12] C:\Program Files\Common Files\<DIR> MSSoap
[02/17/2008|12:14] C:\Program Files\Common Files\<DIR> Nullsoft
[08/11/2004|06:07] C:\Program Files\Common Files\<DIR> ODBC
[02/28/2008|10:33] C:\Program Files\Common Files\<DIR> Real
[05/04/2007|11:05] C:\Program Files\Common Files\<DIR> Roxio Shared
[08/11/2004|06:12] C:\Program Files\Common Files\<DIR> Services
[06/20/2008|12:43] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/11/2004|06:07] C:\Program Files\Common Files\<DIR> SpeechEngines
[04/22/2008|06:36] C:\Program Files\Common Files\<DIR> SupportSoft
[10/19/2008|02:36] C:\Program Files\Common Files\<DIR> Symantec Shared
[05/15/2008|10:38] C:\Program Files\Common Files\<DIR> System
[03/20/2006|05:02] C:\Program Files\Common Files\<DIR> TiVo Shared
[11/17/2007|07:19] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[06/20/2008|12:46] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[02/28/2008|10:33] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 36 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\CARLSH~1\APPLIC~1\funkcr~1
C:\DOCUME~1\INGRID~1.CAR\APPLIC~1\funkcr~1
C:\DOCUME~1\INGRID~1.CAR\LOCALS~1\Temp\nsa3.tmp
C:\DOCUME~1\INGRID~1.CAR\LOCALS~1\Temp\nsr2166.tmp
C:\DOCUME~1\INGRID~1.CAR\LOCALS~1\Temp\nst4.tmp
C:\Program Files\Circle Developement
C:\DOCUME~1\INGRID~1.CAR\Cookies\ingrid_shepherd@advertising[1].txt
C:\DOCUME~1\INGRID~1.CAR\Cookies\ingrid_shepherd@adopt.euroclick[1].txt
C:\WINDOWS\Tasks\B3E20E999389BDA1.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file MODIFIED

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 8681 [ 70 ## added by CiD ]

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 00:54:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\system32\fjwxjwvs.ini
C:\WINDOWS\system32\fjwxjwvs.ini2
C:\WINDOWS\system32\fjwxjwvs.tmp
C:\WINDOWS\system32\rjpkxter.ini
C:\WINDOWS\system32\rjpkxter.ini2
==> VUNDO <==



[F:1593][D:188]-> C:\DOCUME~1\INGRID~1.CAR\LOCALS~1\Temp
[F:288][D:0]-> C:\DOCUME~1\INGRID~1.CAR\Cookies
[F:7313][D:9]-> C:\DOCUME~1\INGRID~1.CAR\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sun 12/07/2008| 0:57 - Option : [1]

--------------------\\ Scan completed at 0:57:11
Shaba
2008-12-07, 11:18
Restart Lop S&D

This time choose Option 2 (Fix + Hosts)
Don't close the window during suppression!
Post the log which is created: (C:\lopR.txt)
Shaba
2008-12-12, 10:53
Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.