View Full Version : WiniFighter + More
I have been getting popups regarding WiniFighter for the past 1-2 days. I have attempted to clean using Spybot Search & Destroy as well as Spyware Doctor, which I later uninstalled. I have now run Spybot Search & Destroy at least 5-6 times, and still have bad things coming up, so figured it was time to ask for help. I do not have the directories that are said to be deleted if infected with WiniFighter, and I briefly looked through the registry and didn't see anything at first glance. I downloaded and installed RunAlyzer but am unaware how to use it so that's as far as I've got.
Thank you.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:03 PM, on 8/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\USBStorage\USBDetector.exe
C:\Program Files\CRW\shwicon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\Program Files\Brownie\BrstsWnd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\gb9iengh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_CRW Series Driver v1.17r023] "C:\Program Files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.17r023"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2994] command /c del "C:\Documents and Settings\Guest\Favorites\ Antivirus.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7475] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Antivirus.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2076] command /c del "C:\Documents and Settings\Guest\Favorites\ Casino Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6580] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Casino Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6055] command /c del "C:\Documents and Settings\Guest\Favorites\ Computers.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7007] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Computers.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1975] command /c del "C:\Documents and Settings\Guest\Favorites\ Games.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2742] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Games.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4187] command /c del "C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3925] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5126] command /c del "C:\Documents and Settings\Guest\Favorites\ Internet.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC834] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Internet.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9408] command /c del "C:\Documents and Settings\Guest\Favorites\ Movie.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5122] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Movie.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA732] command /c del "C:\Documents and Settings\Guest\Favorites\ Web Hosting.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6037] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Web Hosting.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2414] command /c del "C:\WINDOWS\system32\drivers\RKHit.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC667] cmd /c del "C:\WINDOWS\system32\drivers\RKHit.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7032] command /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6159] cmd /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [gb9iengh.exe] C:\WINDOWS\system32\gb9iengh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB389] command /c del "C:\Documents and Settings\Guest\Favorites\ Antivirus.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1122] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Antivirus.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4875] command /c del "C:\Documents and Settings\Guest\Favorites\ Casino Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9080] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Casino Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1437] command /c del "C:\Documents and Settings\Guest\Favorites\ Computers.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD671] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Computers.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB223] command /c del "C:\Documents and Settings\Guest\Favorites\ Games.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5261] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Games.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7167] command /c del "C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1097] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB965] command /c del "C:\Documents and Settings\Guest\Favorites\ Internet.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7308] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Internet.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8970] command /c del "C:\Documents and Settings\Guest\Favorites\ Movie.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1544] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Movie.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4123] command /c del "C:\Documents and Settings\Guest\Favorites\ Web Hosting.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6716] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Web Hosting.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1984] command /c del "C:\WINDOWS\system32\drivers\RKHit.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9376] cmd /c del "C:\WINDOWS\system32\drivers\RKHit.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4574] command /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7212] cmd /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
O4 - HKUS\S-1-5-21-1177238915-796845957-1801674531-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'User')
O4 - HKUS\S-1-5-21-1177238915-796845957-1801674531-1005\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'User')
O4 - HKUS\S-1-5-21-1177238915-796845957-1801674531-1005\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl (User 'User')
O4 - HKUS\S-1-5-21-1177238915-796845957-1801674531-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-1177238915-796845957-1801674531-501\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC53C825-75D4-48EB-BFC6-AB8946AD24BA}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\pokodezu.html
O24 - Desktop Component 1: (no name) - C:\Program Files\Common Files\mehe.html
--
End of file - 16086 bytes
Hello and welcome to Safer Networking.
My name is km2357 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.
Please do not start another thread or topic, I will assist you at this thread until we solve your problems.
Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.
I will be back as soon as possible with your first instructions!
Step # 1: Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
Step # 2 Download and Run RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next post/reply, I need to see the following:
1. Uninstall List
2. The two RSIT Logs (log and info.txt)
Thank you km2357.
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acubix PicoZip 4.02
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop CS
Adobe Photoshop CS3
Adobe Reader 7.1.0
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Update Manager CS3
AIM 6
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
AVG 8.5
AVOne - RM to AVI DVD VCD SVCD Converter (d)
backburner 2.1
BCM V.92 56K Modem
Belkin 54g USB Network Adapter
BitComet 0.96
BitTorrent 5.0.9
Bodog Poker Version 2.16.3.49
Bonjour
Brother HL-2140
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
C-Dilla Licence Management System
Codec Pack - All In 1 6.0.3.0
CRW Series Driver v1.17r023
Dell ResourceCD
DivX Converter
DivX Player
DivX Web Player
Driver
DV Network Software
dvdSanta 4.00
Easy Screen Capture 2
EPSON Printer Software
EVEREST Home Edition v2.20
ffdshow [rev 1723] [2007-12-24]
FlashFXP v3
Full Tilt Poker
Garmin Communicator Plugin
Garmin TOPO U.S. 2008
Garmin Trip and Waypoint Manager v4
Garmin WebUpdater
getPlus(R)_dll
Google Earth
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Intel(R) Extreme Graphics Driver
Intro and Interm Algebra Multimedia Setup
Intro and Interm Algebra Multimedia Setup
Introductory and Intermediate Algebra
Introductory and Intermediate Algebra (Fall 2008 Student Version)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 8
Kaspersky Online Scanner
Kodak EasyShare software
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX 2004
Macromedia FreeHand MXa
Merge Version 2.0
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
MobileMe Control Panel
MOV Converter 3
Mozilla Firefox (3.0.7)
oggcodecs 0.71.0946
Pando
Picasa 2
PokerStars
QuickTime
RealPlayer
Rebel Trucker
Recorder
Recorder (C:\Program Files\Recorder\)
RM Converter 3.28
RunAlyzer
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SUPER © Version 2007.bld.22 (Mar 14, 2007)
TreeSize Free V2.3.1
TVersity Codec Pack 1.2
TVersity Media Server 1.0.0.11 RC7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb970012)
Viewpoint Media Player
Vodei Multimedia Processor 2.00
WD Diagnostics
WD Media Center Driver
Win AVI HelixSDK
WinAVIVideoConverter
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 2
WinRAR archiver
xImage
XviD 1.1 final uninstall
Yahoo! Address AutoComplete
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-08-04 15:08:36
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 18 GB (23%) free of 76 GB
Total RAM: 638 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:36 PM, on 8/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\CRW\shwicon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner.70E9OW531HWRKW8\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
C:\WINDOWS\SoftwareDistribution\Download\5d36f2aa7b9a0b7eeabfa4c3afb200cb\update\update.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_CRW Series Driver v1.17r023] "C:\Program Files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.17r023"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2994] command /c del "C:\Documents and Settings\Guest\Favorites\ Antivirus.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7475] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Antivirus.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2076] command /c del "C:\Documents and Settings\Guest\Favorites\ Casino Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6580] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Casino Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6055] command /c del "C:\Documents and Settings\Guest\Favorites\ Computers.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7007] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Computers.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1975] command /c del "C:\Documents and Settings\Guest\Favorites\ Games.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2742] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Games.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4187] command /c del "C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3925] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5126] command /c del "C:\Documents and Settings\Guest\Favorites\ Internet.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC834] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Internet.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9408] command /c del "C:\Documents and Settings\Guest\Favorites\ Movie.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5122] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Movie.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA732] command /c del "C:\Documents and Settings\Guest\Favorites\ Web Hosting.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6037] cmd /c del "C:\Documents and Settings\Guest\Favorites\ Web Hosting.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2414] command /c del "C:\WINDOWS\system32\drivers\RKHit.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC667] cmd /c del "C:\WINDOWS\system32\drivers\RKHit.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7032] command /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6159] cmd /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC53C825-75D4-48EB-BFC6-AB8946AD24BA}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\pokodezu.html
O24 - Desktop Component 1: (no name) - C:\Program Files\Common Files\mehe.html
--
End of file - 13194 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38D3FE60-3D53-4F37-BB0E-C7A97A26A156}]
CInterceptor Object - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll [2008-06-02 577536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll [2007-09-28 521528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-03 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"USBDetector"=C:\USBStorage\USBDetector.exe [2002-11-26 53248]
"ShowIcon_The Company_CRW Series Driver v1.17r023"=C:\Program Files\CRW\shwicon.exe [2003-01-27 73728]
"RoxioEngineUtility"=C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-03-25 69632]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"SetIcon"=\Program Files\WDC\SetIcon.exe [2004-04-28 42496]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"EPSON Stylus Photo RX620 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE [2004-05-20 98304]
"BrStsWnd"=C:\Program Files\Brownie\BrstsWnd.exe [2008-01-08 864256]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-02-06 177472]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-29 1948440]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA2994"=command /c del C:\Documents and Settings\Guest\Favorites\ Antivirus.url []
"SpybotDeletingC7475"=cmd /c del C:\Documents and Settings\Guest\Favorites\ Antivirus.url []
"SpybotDeletingA2076"=command /c del C:\Documents and Settings\Guest\Favorites\ Casino Online.url []
"SpybotDeletingC6580"=cmd /c del C:\Documents and Settings\Guest\Favorites\ Casino Online.url []
"SpybotDeletingA6055"=command /c del C:\Documents and Settings\Guest\Favorites\ Computers.url []
"SpybotDeletingC7007"=cmd /c del C:\Documents and Settings\Guest\Favorites\ Computers.url []
"SpybotDeletingA1975"=command /c del C:\Documents and Settings\Guest\Favorites\ Games.url []
"SpybotDeletingC2742"=cmd /c del C:\Documents and Settings\Guest\Favorites\ Games.url []
"SpybotDeletingA4187"=command /c del C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url []
"SpybotDeletingC3925"=cmd /c del C:\Documents and Settings\Guest\Favorites\ Instant Messaging.url []
"SpybotDeletingA5126"=command /c del C:\Documents and Settings\Guest\Favorites\ Internet.url []
"SpybotDeletingC834"=cmd /c del C:\Documents and Settings\Guest\Favorites\ Internet.url []
"SpybotDeletingA9408"=command /c del C:\Documents and Settings\Guest\Favorites\ Movie.url []
"SpybotDeletingC5122"=cmd /c del C:\Documents and Settings\Guest\Favorites\ Movie.url []
"SpybotDeletingA732"=command /c del C:\Documents and Settings\Guest\Favorites\ Web Hosting.url []
"SpybotDeletingC6037"=cmd /c del C:\Documents and Settings\Guest\Favorites\ Web Hosting.url []
"SpybotDeletingA2414"=command /c del C:\WINDOWS\system32\drivers\RKHit.sys []
"SpybotDeletingC667"=cmd /c del C:\WINDOWS\system32\drivers\RKHit.sys []
"SpybotDeletingA7032"=command /c del C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job []
"SpybotDeletingC6159"=cmd /c del C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-03-25 50528]
"PicoZip"=C:\PROGRA~1\PicoZip\PicoZipTray.exe [2006-06-09 581632]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe [2007-09-07 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-03-25 50528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe [2007-09-07 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe [2008-06-02 6210888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicoZip]
C:\PROGRA~1\PicoZip\PicoZipTray.exe [2006-06-09 581632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
C:\Program Files\SurfSideKick 3\Ssk.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\KODAK\KODAKE~1\bin\EASYSH~1.EXE [2002-09-16 299008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]
C:\PROGRA~1\WORKSP~1.0\WMPHOT~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner.70E9OW531HWRKW8^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]
C:\PROGRA~1\WORKSP~2.5\WMPHOT~1.EXE []
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-29 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\EA GAMES\Need for Speed Underground 2 Demo\speed2demo.exe"="C:\Program Files\EA GAMES\Need for Speed Underground 2 Demo\speed2demo.exe:*:Disabled:speed2demo"
"C:\WINDOWS\system32\requester.6.exe"="C:\WINDOWS\system32\requester.6.exe:*:Disabled:requester.6"
"C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\javaw.exe"="C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\javaw.exe:*:Enabled:javaw"
"C:\WINDOWS\system32\requester.7.exe"="C:\WINDOWS\system32\requester.7.exe:*:Disabled:requester.7"
"C:\WINDOWS\system32\requester.8.exe"="C:\WINDOWS\system32\requester.8.exe:*:Disabled:requester.8"
"C:\WINDOWS\system32\requester.9.exe"="C:\WINDOWS\system32\requester.9.exe:*:Disabled:requester.9"
"C:\WINDOWS\system32\requester.10.exe"="C:\WINDOWS\system32\requester.10.exe:*:Disabled:requester.10"
"C:\WINDOWS\system32\requester.11.exe"="C:\WINDOWS\system32\requester.11.exe:*:Enabled:requester.11"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Games\Descent3\main.exe"="C:\Games\Descent3\main.exe:*:Disabled:main"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Disabled:Sunbelt Kerio Firewall GUI"
"C:\Program Files\Canon\DV Messenger\DV Messenger.exe"="C:\Program Files\Canon\DV Messenger\DV Messenger.exe:*:Enabled:Executable"
"C:\Program Files\GoPets Ltd\GPStarter.exe"="C:\Program Files\GoPets Ltd\GPStarter.exe:*:Enabled:GoPets"
"C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:pando"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\TVersity\Media Server\MediaServer.exe"="C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{721a3a11-bf2b-11d8-bd7a-806d6172696f}]
shell\Rip\command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /RipAudioCD "%L"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e48821ba-11cd-11db-85d5-84c167dd43df}]
shell\AutoRun\command - setupSNK.exe
======List of files/folders created in the last 3 months======
2009-12-28 05:58:14 ----A---- C:\WINDOWS\9b02spa5sez01.dll
2009-12-27 04:35:01 ----A---- C:\WINDOWS\system32\1685895rusz40.exe
2009-12-25 00:17:37 ----A---- C:\WINDOWS\54fzpa9se2955.exe
2009-12-19 07:37:30 ----A---- C:\WINDOWS\9219n59-a-virzsa2.dll
2009-12-15 18:10:35 ----A---- C:\WINDOWS\system32\14667s5yzf9.exe
2009-12-14 05:19:28 ----A---- C:\WINDOWS\system32\10316not-9-viruz6845.dll
2009-12-05 20:13:27 ----A---- C:\WINDOWS\system32\5500troj6fz9.dll
2009-12-04 12:55:35 ----A---- C:\WINDOWS\97276hacktoo51d4z.exe
2009-12-01 00:30:50 ----A---- C:\WINDOWS\9222sp579z.exe
2009-11-28 18:22:51 ----A---- C:\WINDOWS\system32\2595spzware2859.exe
2009-11-25 13:14:39 ----A---- C:\WINDOWS\system32\1zacbackdoo52389.dll
2009-11-23 09:43:06 ----A---- C:\WINDOWS\99959vzrus15.exe
2009-11-22 18:45:04 ----A---- C:\WINDOWS\system32\54319zpy73d.dll
2009-11-21 17:10:56 ----A---- C:\WINDOWS\system32\7c5dspyzare1695.dll
2009-11-16 23:46:51 ----A---- C:\WINDOWS\2f7fzddw5re2209.exe
2009-11-15 16:36:55 ----A---- C:\WINDOWS\35098spy6z0.dll
2009-11-09 14:44:02 ----A---- C:\WINDOWS\11649n5t-a-vzr9s62.dll
2009-11-04 10:12:54 ----A---- C:\WINDOWS\system32\15094s5zmbo9317.exe
2009-11-01 16:57:33 ----A---- C:\WINDOWS\15222v9ru53ebz.dll
2009-10-27 12:28:19 ----A---- C:\WINDOWS\system32\5119thr9z514866.dll
2009-10-26 15:22:34 ----A---- C:\WINDOWS\system32\12751no5-a-9izus4f5.exe
2009-10-21 01:49:17 ----A---- C:\WINDOWS\z9e4backdoor529.dll
2009-10-17 22:13:31 ----A---- C:\WINDOWS\system32\295389ackzool654.dll
2009-10-17 11:08:37 ----A---- C:\WINDOWS\system32\7z94ha9kt5ol786.exe
2009-10-11 17:12:56 ----A---- C:\WINDOWS\system32\f1fadd5arz9314.exe
2009-10-11 09:10:07 ----A---- C:\WINDOWS\system32\6918hzck9oolc55.exe
2009-10-09 02:09:34 ----A---- C:\WINDOWS\system32\69c45oznloader2851.dll
2009-10-07 02:15:10 ----A---- C:\WINDOWS\system32\225evir194z.exe
2009-10-07 01:27:19 ----A---- C:\WINDOWS\29017worz593.exe
2009-10-06 21:16:24 ----A---- C:\WINDOWS\system32\2faastea91z59.exe
2009-10-06 07:26:13 ----A---- C:\WINDOWS\system32\z13389i5us1aa.dll
2009-10-02 05:42:15 ----A---- C:\WINDOWS\d51stezl969.dll
2009-10-01 15:10:57 ----A---- C:\WINDOWS\d3a9hie5z53.exe
2009-10-01 11:51:50 ----A---- C:\WINDOWS\system32\4523worm5zd9.dll
2009-09-30 20:29:18 ----A---- C:\WINDOWS\3f5btzie91502.dll
2009-09-28 16:47:50 ----A---- C:\WINDOWS\system32\49c7thiez1577.dll
2009-09-22 13:26:36 ----A---- C:\WINDOWS\z9188spy985.dll
2009-09-21 16:04:27 ----A---- C:\WINDOWS\55225pzmbot391.dll
2009-09-21 12:27:17 ----A---- C:\WINDOWS\system32\8ectzr9at18358.dll
2009-09-16 21:25:00 ----A---- C:\WINDOWS\system32\92645p94adz.exe
2009-09-16 04:26:30 ----A---- C:\WINDOWS\system32\594caddzare21915.dll
2009-09-11 21:20:59 ----A---- C:\WINDOWS\system32\99149irus18z5.dll
2009-09-08 01:03:06 ----A---- C:\WINDOWS\system32\12895tzoj645.exe
2009-09-05 03:08:47 ----A---- C:\WINDOWS\z6552vi9us49d.exe
2009-09-01 06:55:10 ----A---- C:\WINDOWS\9z95not-a-virus2fd.exe
2009-08-28 06:15:20 ----A---- C:\WINDOWS\6995backdoor6z5.dll
2009-08-24 14:58:58 ----A---- C:\WINDOWS\z9504virus2cd.exe
2009-08-24 08:47:35 ----A---- C:\WINDOWS\z515th9ef1697.exe
2009-08-20 08:08:57 ----A---- C:\WINDOWS\59z16spy497.dll
2009-08-18 02:37:30 ----A---- C:\WINDOWS\7e38downloazer9597.dll
2009-08-17 06:32:50 ----A---- C:\WINDOWS\system32\4975zorm367.dll
2009-08-16 21:10:06 ----A---- C:\WINDOWS\958zsp5mbot30e.exe
2009-08-14 02:47:21 ----A---- C:\WINDOWS\system32\3589back9oor5z5.dll
2009-08-10 13:42:43 ----A---- C:\WINDOWS\9465hackto5l92z.exe
2009-08-04 15:08:36 ----D---- C:\rsit
2009-08-04 15:06:47 ----D---- C:\WINDOWS\LastGood
2009-08-04 00:03:08 ----A---- C:\WINDOWS\system32\unzip3252.dll
2009-08-04 00:03:08 ----A---- C:\WINDOWS\system32\ijl15.dll
2009-08-04 00:03:07 ----A---- C:\WINDOWS\system32\UNACE.DLL
2009-08-04 00:03:07 ----A---- C:\WINDOWS\system32\gdiplus.dll
2009-08-04 00:03:07 ----A---- C:\WINDOWS\system32\FreeImage.dll
2009-08-03 23:44:14 ----D---- C:\Program Files\Trend Micro
2009-08-03 17:50:24 ----D---- C:\Program Files\Safer Networking
2009-08-03 16:31:51 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-08-03 11:59:27 ----A---- C:\WINDOWS\a059pars5804z.dll
2009-08-03 11:59:26 ----A---- C:\WINDOWS\system32\34b9t5reatz2829.dll
2009-08-03 11:59:26 ----A---- C:\WINDOWS\system32\2z536n9t-a-vir5s34f.dll
2009-08-03 11:59:26 ----A---- C:\WINDOWS\2z40t9re5t20565.dll
2009-08-03 11:59:25 ----A---- C:\WINDOWS\system32\51717z9rusba.dll
2009-08-03 11:59:25 ----A---- C:\WINDOWS\system32\19e0thizf158.dll
2009-08-03 11:59:24 ----A---- C:\WINDOWS\ze55backdoor1619.dll
2009-08-03 11:59:24 ----A---- C:\WINDOWS\system32\z0680not-a9vir5sd2.dll
2009-08-03 11:59:24 ----A---- C:\WINDOWS\system32\920badd5arz340.dll
2009-08-03 11:59:23 ----A---- C:\WINDOWS\66279ddwaze855.exe
2009-08-03 11:59:23 ----A---- C:\WINDOWS\5d72vir909z.dll
2009-08-03 11:59:23 ----A---- C:\WINDOWS\18863za95tool86.exe
2009-08-03 11:59:22 ----A---- C:\WINDOWS\system32\138899orm5a5z.dll
2009-08-03 11:59:22 ----A---- C:\WINDOWS\25zbbackdoor199.exe
2009-08-03 11:59:21 ----A---- C:\WINDOWS\41e4spars915z4.dll
2009-08-03 11:59:18 ----A---- C:\WINDOWS\system32\59c8threa594478z.exe
2009-08-03 11:59:18 ----A---- C:\WINDOWS\system32\32451not-a-virus695z.exe
2009-08-03 11:59:18 ----A---- C:\WINDOWS\system32\2z6335orm3259.exe
2009-08-03 11:59:18 ----A---- C:\WINDOWS\52227hacktool169z.dll
2009-08-03 11:59:18 ----A---- C:\WINDOWS\2982s5ar9e234z.exe
2009-08-03 11:59:17 ----A---- C:\WINDOWS\7597downloader20z89.dll
2009-08-03 11:59:17 ----A---- C:\WINDOWS\1a99do5nloaderz853.dll
2009-08-03 11:59:16 ----A---- C:\WINDOWS\zce3th59f1201.exe
2009-08-03 11:59:16 ----A---- C:\WINDOWS\system32\31255not-9-v5rzs440.dll
2009-08-03 11:59:16 ----A---- C:\WINDOWS\system32\25e4threaz295999.exe
2009-08-03 11:59:16 ----A---- C:\WINDOWS\fdavz9553.exe
2009-08-03 11:59:16 ----A---- C:\WINDOWS\58e4thre9t273z3.exe
2009-08-03 11:59:15 ----A---- C:\WINDOWS\system32\30905worm1b6z.exe
2009-08-03 11:59:14 ----A---- C:\WINDOWS\system32\435b5hief2z49.exe
2009-08-03 11:59:14 ----A---- C:\WINDOWS\e815zarse11559.exe
2009-08-03 11:59:14 ----A---- C:\WINDOWS\727zv591683.dll
2009-08-03 11:59:13 ----A---- C:\WINDOWS\system32\1abdthre59z0606.exe
2009-08-03 11:59:12 ----A---- C:\WINDOWS\system32\5610w9zm60a.dll
2009-08-03 11:59:12 ----A---- C:\WINDOWS\system32\5488spyw9re5221z.dll
2009-08-03 11:59:12 ----A---- C:\WINDOWS\system32\225fazdware22479.exe
2009-08-03 11:59:08 ----A---- C:\WINDOWS\system32\9575vzr35.dll
2009-08-03 11:59:07 ----A---- C:\WINDOWS\system32\29z8sparse1595.dll
2009-08-03 11:59:06 ----A---- C:\WINDOWS\system32\zc62a5d9are2068.exe
2009-08-03 11:59:06 ----A---- C:\WINDOWS\system32\50a2s9eaz5949.dll
2009-08-03 11:59:04 ----A---- C:\WINDOWS\84s9ars52z16.dll
2009-08-03 11:59:04 ----A---- C:\WINDOWS\5458downloa9er555z.exe
2009-08-03 11:59:04 ----A---- C:\WINDOWS\32420zot-a-vi9us456.dll
2009-08-03 11:59:01 ----A---- C:\WINDOWS\1723t5rezt19958.dll
2009-08-03 11:59:00 ----A---- C:\WINDOWS\system32\79d9vz510999.dll
2009-08-03 11:59:00 ----A---- C:\WINDOWS\system32\3991threaz11589.dll
2009-08-03 11:58:59 ----A---- C:\WINDOWS\655czt9al1487.dll
2009-08-03 11:58:58 ----A---- C:\WINDOWS\system32\3623zac5door19.exe
2009-08-03 11:58:58 ----A---- C:\WINDOWS\1z9799o5-a-virus200.exe
2009-08-03 11:58:57 ----A---- C:\WINDOWS\system32\5a59vzr9215.dll
2009-08-03 11:58:55 ----A---- C:\WINDOWS\system32\339ca5dwarez808.dll
2009-08-03 11:58:55 ----A---- C:\WINDOWS\system32\2390zha5ktool5be.dll
2009-08-03 11:58:53 ----A---- C:\WINDOWS\8855z9cktool20c.exe
2009-08-03 11:58:53 ----A---- C:\WINDOWS\4994thie95738z.exe
2009-08-03 11:58:51 ----A---- C:\WINDOWS\system32\2bf5ackd9oz2173.exe
2009-08-03 11:58:48 ----A---- C:\WINDOWS\20z9thie524359.exe
2009-08-03 05:08:58 ----A---- C:\WINDOWS\system32\4z72t59ef2502.dll
2009-08-01 06:16:18 ----A---- C:\WINDOWS\system32\4979spyware295z.dll
2009-07-29 13:33:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
2009-07-26 03:46:49 ----A---- C:\WINDOWS\14484wo5m1z9.exe
2009-07-21 06:34:30 ----A---- C:\WINDOWS\system32\4899downlza5er113.exe
2009-07-20 10:59:09 ----A---- C:\WINDOWS\system32\17995zirus5bd.exe
2009-07-19 11:48:43 ----A---- C:\WINDOWS\5z7ca9dware19955.dll
2009-07-17 22:35:05 ----D---- C:\0ftp
2009-07-14 12:46:11 ----A---- C:\WINDOWS\7c12z5eal796.exe
2009-07-14 04:26:33 ----A---- C:\WINDOWS\50f3vir1z709.dll
2009-07-13 12:45:03 ----A---- C:\WINDOWS\system32\2158sp9rze837.exe
2009-07-11 20:14:12 ----A---- C:\WINDOWS\19725spamb5tz5.exe
2009-07-11 19:14:09 ----A---- C:\WINDOWS\system32\62c59parsz884.dll
2009-07-03 15:29:20 ----A---- C:\WINDOWS\system32\21259spy2d5z.dll
2009-07-03 08:57:26 ----A---- C:\WINDOWS\1267z9iru590.dll
2009-07-02 20:44:34 ----A---- C:\WINDOWS\system32\zd15backdoo92486.exe
2009-06-23 15:29:25 ----A---- C:\WINDOWS\system32\31649s9am5ot6cz.exe
2009-06-20 16:11:34 ----A---- C:\WINDOWS\17251w9rm4bbz.dll
2009-06-20 07:53:18 ----A---- C:\WINDOWS\353sp965z.dll
2009-06-16 07:34:17 ----A---- C:\WINDOWS\99463h5zktool53f.exe
2009-06-15 19:52:06 ----A---- C:\WINDOWS\system32\1004noz-a-virus45b9.dll
2009-06-12 10:07:36 ----HD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{A244981E-8404-4D9D-AF17-121138BB71D6}
2009-06-11 21:06:13 ----D---- C:\Program Files\Hawkes Learning Systems
2009-06-11 20:30:15 ----HD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{94032222-2818-4C8C-8989-0DD3E335DD5D}
2009-06-05 13:16:11 ----A---- C:\WINDOWS\system32\z018threat58089.dll
2009-06-04 19:39:50 ----A---- C:\WINDOWS\54349ackdoor1z50.dll
2009-06-03 10:52:28 ----A---- C:\WINDOWS\system32\188b95zware3244.exe
2009-06-02 16:56:40 ----D---- C:\Documents and Settings\Owner.70E9OW531HWRKW8\Application Data\JAM Software
2009-06-02 16:56:27 ----D---- C:\Program Files\JAM Software
2009-06-02 14:29:22 ----A---- C:\WINDOWS\system32\477cbazkd95r1650.dll
2009-05-28 07:11:56 ----A---- C:\WINDOWS\system32\z7824virus295.dll
2009-05-27 20:50:06 ----A---- C:\WINDOWS\2a11steal91z5.dll
2009-05-27 05:11:55 ----A---- C:\WINDOWS\system32\59e2zte5l794.dll
2009-05-23 01:35:06 ----A---- C:\WINDOWS\system32\z9a1thief31795.exe
2009-05-22 18:22:42 ----A---- C:\WINDOWS\system32\32228ha9ktoolzd5.dll
2009-05-22 07:16:07 ----A---- C:\WINDOWS\16520not-a-59ruz522.exe
2009-05-20 14:48:11 ----A---- C:\WINDOWS\system32\26755orz73f9.exe
2009-05-18 13:00:03 ----A---- C:\WINDOWS\56aa9iz25075.exe
2009-05-15 07:06:46 ----A---- C:\WINDOWS\system32\z4155h9cktool4b4.dll
2009-05-12 14:44:03 ----A---- C:\WINDOWS\z05dbackdoor2892.dll
2009-05-11 19:59:48 ----A---- C:\WINDOWS\system32\1919zpy6da5.dll
2009-05-08 19:26:42 ----A---- C:\WINDOWS\3fz7addware5968.dll
2009-05-07 22:55:42 ----D---- C:\Program Files\iPod
2009-05-07 22:55:19 ----D---- C:\Program Files\iTunes
2009-05-07 22:55:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-07 22:52:11 ----D---- C:\Program Files\QuickTime
2009-05-07 22:49:01 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-05-05 18:37:17 ----A---- C:\WINDOWS\system32\4z3ath5ef389.exe
======List of files/folders modified in the last 3 months======
2009-08-04 15:10:31 ----HD---- C:\WINDOWS\inf
2009-08-04 15:10:31 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-04 15:09:24 ----D---- C:\WINDOWS\Prefetch
2009-08-04 15:09:19 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-04 15:09:18 ----D---- C:\WINDOWS
2009-08-04 15:04:33 ----D---- C:\Program Files\Mozilla Firefox
2009-08-04 13:34:36 ----SD---- C:\WINDOWS\Tasks
2009-08-04 13:09:55 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-08-04 13:07:12 ----D---- C:\WINDOWS\Temp
2009-08-04 13:05:29 ----D---- C:\Program Files\Messenger
2009-08-04 13:04:17 ----D---- C:\Downloads
2009-08-04 12:43:36 ----AD---- C:\Program Files
2009-08-04 11:36:24 ----AD---- C:\WINDOWS\system32
2009-08-04 00:04:58 ----A---- C:\WINDOWS\Brownie.ini
2009-08-04 00:03:04 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-03 23:54:57 ----D---- C:\WINDOWS\system32\drivers
2009-08-03 23:27:56 ----A---- C:\WINDOWS\WININIT.INI
2009-08-03 21:25:48 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-03 21:25:48 ----D---- C:\Program Files\Common Files
2009-08-03 21:23:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-03 18:08:03 ----ASH---- C:\boot.ini
2009-08-03 17:57:48 ----D---- C:\Program Files\Hijackthis
2009-08-03 17:57:13 ----D---- C:\Program Files\GoPets Ltd
2009-08-03 17:54:11 ----SHD---- C:\WINDOWS\Installer
2009-08-03 14:07:28 ----D---- C:\WINDOWS\Debug
2009-08-03 12:33:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2009-07-29 13:41:36 ----D---- C:\Program Files\PokerRoom.com
2009-07-29 13:36:05 ----RSD---- C:\WINDOWS\assembly
2009-07-28 21:53:41 ----D---- C:\Documents and Settings\Owner.70E9OW531HWRKW8\Application Data\Macromedia
2009-07-26 02:17:12 ----D---- C:\Program Files\mIRC
2009-07-24 19:23:03 ----D---- C:\WINDOWS\system32\wbem
2009-07-24 19:23:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-23 20:37:07 ----D---- C:\Program Files\BitComet
2009-07-22 22:35:31 ----SD---- C:\Documents and Settings\Owner.70E9OW531HWRKW8\Application Data\Microsoft
2009-07-17 09:08:15 ----D---- C:\Documents and Settings\Owner.70E9OW531HWRKW8\Application Data\Adobe
2009-07-17 09:08:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2009-07-13 22:01:39 ----HD---- C:\$AVG8.VAULT$
2009-06-29 08:55:50 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-06-19 21:05:22 ----A---- C:\WINDOWS\win.ini
2009-06-15 03:03:28 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-06-11 03:12:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-11 03:04:11 ----D---- C:\WINDOWS\system32\en-US
2009-06-11 03:04:11 ----D---- C:\Program Files\Internet Explorer
2009-06-11 03:03:57 ----D---- C:\WINDOWS\ie7updates
2009-06-06 01:20:43 ----D---- C:\Program Files\PokerStars
2009-06-01 12:51:12 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-05-07 22:56:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-07 22:55:40 ----D---- C:\Program Files\Common Files\Apple
2009-05-07 11:44:00 ----N---- C:\WINDOWS\system32\localspl.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-03 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-29 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-17 108552]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\System32\DRIVERS\DcCam.sys [2002-09-04 34938]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-08-08 20747]
R2 DCFS2K;DCFS2K; C:\WINDOWS\system32\drivers\dcfs2k.sys [2002-02-28 36885]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-09-03 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-03 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 RT73;Belkin USB Network Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-08-03 232192]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-23 2432]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-23 2560]
S1 Exportit;Exportit; C:\WINDOWS\System32\DRIVERS\exportit.sys [2002-09-04 131509]
S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-04 48128]
S3 ACCSKMD;Canon Camera Storage Device; C:\WINDOWS\system32\DRIVERS\accskmd.sys [2003-05-13 32640]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-04 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 DcFpoint;DcFpoint; C:\WINDOWS\System32\DRIVERS\DcFpoint.sys [2002-02-28 61568]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\System32\DRIVERS\DcLps.sys [2002-02-28 8058]
S3 DcPTP;dcptp; C:\WINDOWS\System32\DRIVERS\DcPTP.sys [2002-02-28 55866]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 RkHit;RkHit; \??\C:\WINDOWS\system32\drivers\RKHit.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2004-08-04 12672]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 Dcrmsnpbfarc;Dcrmsnpbfarc; C:\WINDOWS\system32\drivers\Dcrmsnpbfarc.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-03 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-03 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-29 298776]
R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter; C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 49152]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2003-01-07 46080]
R2 Dcfssvc;Dcfssvc; C:\WINDOWS\system32\drivers\dcfssvc.exe [2002-02-28 188987]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-07-22 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-05-30 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2006-07-22 68096]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 TVersityMediaServer;TVersityMediaServer; C:\Program Files\TVersity\Media Server\MediaServer.exe [2009-01-19 827392]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe []
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-08-04 15:11:00
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acubix PicoZip 4.02-->"C:\Program Files\PicoZip\unins000.exe"
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\56522b95c504adae9e882a21b9c91db\Setup.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Setup-->C:\Program Files\Common Files\Adobe\Installers\56522b95c504adae9e882a21b9c91db\Setup.exe
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger-->C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AVOne - RM to AVI DVD VCD SVCD Converter (d)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E94DDE5-1712-48F6-B815-7F9A76F2287C}\Setup.exe"
backburner 2.1-->C:\WINDOWS\unvise32.exe C:\3dsmax5\backburner2\uninstal.log
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Belkin 54g USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9
BitComet 0.96-->C:\Program Files\BitComet\uninst.exe
BitTorrent 5.0.9-->"C:\Program Files\BitTorrent\uninstall.exe"
Bodog Poker Version 2.16.3.49-->"C:\Program Files\Bodog Poker\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Brother HL-2140-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAC74F60-C8B8-4369-8E20-7760C71261E7}\SETUP.exe" -l0x9 -removeonly /uninst
Canon Camera Window for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}
Canon PhotoRecord-->MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2236B741-6631-49AE-B76E-3E14CA01CC87}
Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C05E2D43-A05F-4835-A15C-CD0AD1576506}
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
C-Dilla Licence Management System-->C:\C_DILLA\setup\cdunin16.exe
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
CRW Series Driver v1.17r023-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D757BE3C-77A1-11D6-856E-0050BA045EBA}\Setup.exe" -l0x9
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver-->C:\PROGRA~1\GTINTE~1\Driver\UNWISE.EXE C:\PROGRA~1\GTINTE~1\Driver\INSTALL.LOG
DV Network Software-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{AB85A4DB-357F-41B5-94A6-C9A4CBBD791B} /l1033
dvdSanta 4.00-->"C:\Program Files\dvdSanta\unins000.exe"
Easy Screen Capture 2-->"C:\Program Files\Easy Screen Capture 2\unins000.exe"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
ffdshow [rev 1723] [2007-12-24]-->"C:\Program Files\ffdshow\unins000.exe"
FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Garmin Communicator Plugin-->MsiExec.exe /X{14C9AE19-4254-4280-ACD3-E159231DC2CD}
Garmin TOPO U.S. 2008-->MsiExec.exe /X{47BA74C5-1890-4ED2-954A-AD11186D8E26}
Garmin Trip and Waypoint Manager v4-->MsiExec.exe /X{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
getPlus(R)_dll-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSd.INF, DefaultUninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intro and Interm Algebra Multimedia Setup-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{A244981E-8404-4D9D-AF17-121138BB71D6}\COMBO-MMSetup.exe" REMOVE=TRUE MODIFY=FALSE
Intro and Interm Algebra Multimedia Setup-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{A244981E-8404-4D9D-AF17-121138BB71D6}\COMBO-MMSetup.exe
Introductory and Intermediate Algebra (Fall 2008 Student Version)-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{94032222-2818-4C8C-8989-0DD3E335DD5D}\COMBO-Student-Setup.exe" REMOVE=TRUE MODIFY=FALSE
Introductory and Intermediate Algebra-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{94032222-2818-4C8C-8989-0DD3E335DD5D}\COMBO-Student-Setup.exe
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Kodak EasyShare software-->MsiExec.exe /I{11DB853A-6966-4724-BEAD-793C48AC8C54}
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand MXa-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Merge Version 2.0-->"C:\Program Files\Merge\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Ultimate 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL
Microsoft Office Ultimate 2007-->MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
MobileMe Control Panel-->MsiExec.exe /I{A14C24F6-615B-415E-84B0-610FDAD19B68}
MOV Converter 3-->C:\Program Files\ImTOO\MOV Converter 3\Uninstall.exe
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
Pando-->MsiExec.exe /I{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rebel Trucker-->C:\PROGRA~1\GLOBAL~1\REBELT~1\UNWISE.EXE C:\PROGRA~1\GLOBAL~1\REBELT~1\INSTALL.LOG
Recorder (C:\Program Files\Recorder\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Recorder\ST6UNST.000"
Recorder-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Recorder\ST6UNST.LOG"
RM Converter 3.28-->"C:\Program Files\RM Converter\unins000.exe"
RunAlyzer-->"C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SUPER © Version 2007.bld.22 (Mar 14, 2007)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
TreeSize Free V2.3.1-->"C:\Program Files\JAM Software\TreeSize Free\unins000.exe"
TVersity Codec Pack 1.2-->C:\Program Files\TVersity Codec Pack\uninst.exe
TVersity Media Server 1.0.0.11 RC7-->C:\Program Files\TVersity\Media Server\uninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Vodei Multimedia Processor 2.00-->C:\Program Files\Vodei\uninst.exe
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WD Media Center Driver-->MsiExec.exe /X{3F70FB44-FD00-4ED2-9154-661AA9DB0B28}
Win AVI HelixSDK-->"C:\Program Files\WinAVIVideoConverter\HelixSDK\unins000.exe"
WinAVIVideoConverter-->"C:\Program Files\WinAVIVideoConverter\unins000.exe"
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
xImage-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31492759-0E89-46B5-9770-F6E5808E3017}\Setup.exe" -l0x9
XviD 1.1 final uninstall-->"C:\Program Files\XviD\unins000.exe"
Yahoo! Address AutoComplete-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AVG Anti-Virus Free
======System event log======
Computer Name: 70E9OW531HWRKW8
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\HOME-PC on the network \Device\NetBT_Tcpip_{FC53C825-75D4-48EB-BFC6-AB8946AD24BA}.
The data is the error code.
Record Number: 35840
Source Name: BROWSER
Time Written: 20090618064816.000000-240
Event Type: warning
User:
Computer Name: 70E9OW531HWRKW8
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Record Number: 35839
Source Name: Windows Update Agent
Time Written: 20090618040208.000000-240
Event Type: error
User:
Computer Name: 70E9OW531HWRKW8
Event Code: 4321
Message: The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.96.
The machine with the IP address 192.168.1.94 did not allow the name to be claimed by
this machine.
Record Number: 35838
Source Name: NetBT
Time Written: 20090618001611.000000-240
Event Type: error
User:
Computer Name: 70E9OW531HWRKW8
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Record Number: 35833
Source Name: W32Time
Time Written: 20090617070607.000000-240
Event Type: warning
User:
Computer Name: 70E9OW531HWRKW8
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
Record Number: 35830
Source Name: Service Control Manager
Time Written: 20090616082759.000000-240
Event Type: error
User:
=====Application event log=====
Computer Name: 70E9OW531HWRKW8
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Record Number: 6219
Source Name: Userenv
Time Written: 20080713130029.000000-240
Event Type: warning
User: 70E9OW531HWRKW8\Owner
Computer Name: 70E9OW531HWRKW8
Event Code: 1517
Message: Windows saved user 70E9OW531HWRKW8\Guest registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 6218
Source Name: Userenv
Time Written: 20080713130008.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: 70E9OW531HWRKW8
Event Code: 5000
Message: EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Record Number: 6216
Source Name: MPSampleSubmission
Time Written: 20080711080104.000000-240
Event Type: error
User:
Computer Name: 70E9OW531HWRKW8
Event Code: 1517
Message: Windows saved user 70E9OW531HWRKW8\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 6206
Source Name: Userenv
Time Written: 20080710030445.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: 70E9OW531HWRKW8
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Record Number: 6205
Source Name: Userenv
Time Written: 20080710030403.000000-240
Event Type: warning
User: 70E9OW531HWRKW8\Owner
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\3dsmax5\backburner2\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
-----------------EOF-----------------
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
BitComet 0.96
BitTorrent 5.0.9
I'd like you to read the Guidelines for P2P Programs (http://spywarewarrior.com/viewtopic.php?t=26216) where we explain why it's not a good idea to have them.
Also available here (http://forum.malwareremoval.com/viewtopic.php?t=23812&sid=a609c56441d8a2e5dc8d24e3e96420cc).
My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Step # 1: Download and Run ComboFix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
* IMPORTANT !!! Save ComboFix.exe to your Desktop
When finished, it shall produce a log for you. Please include C:\ComboFix.txt and a fresh HiJackThis Log in your next reply.
Use multiple posts if you can't fit everything into one post.
ComboFix 09-08-04.04 - Owner 08/05/2009 20:09.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.638.205 [GMT -4:00]
Running from: c:\documents and settings\Owner.70E9OW531HWRKW8\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\OWNER~1.70E\LOCALS~1\Temp\catchme.dll
c:\documents and settings\Owner.70E9OW531HWRKW8\Local Settings\Temp\catchme.dll
c:\program files\Common Files\fnts~1
c:\program files\Common Files\stem32~1
c:\program files\Common Files\wnsxs~1
c:\program files\icroso~1.net
c:\program files\SmartShopper
c:\recycler\S-1-5-21-1292428093-1482476501-1417001333-1003
c:\recycler\S-1-5-21-1292428093-1482476501-1417001333-1004
c:\recycler\S-1-5-21-1292428093-1482476501-1417001333-501
c:\windows\10357zro91ef.cpl
c:\windows\1054thie92z58.cpl
c:\windows\11401s5az9ot59b.dll
c:\windows\11598spamboz5e6.cpl
c:\windows\11649n5t-a-vzr9s62.dll
c:\windows\12226v9rzs17e5.dll
c:\windows\1253ad59aze2.ocx
c:\windows\1267z9iru590.dll
c:\windows\13409not-a-v5rus113z.ocx
c:\windows\1354zviru9155.ocx
c:\windows\1355nzt-9-virus1f3.dll
c:\windows\1359zhief1191.bin
c:\windows\137045ot-9-virzs6d3.ocx
c:\windows\13927hzckt59l59.dll
c:\windows\1395zi5us7fa.cpl
c:\windows\13z5ha9ktool2d7.ocx
c:\windows\14061z9cktool502.dll
c:\windows\140aspzwa5e2969.cpl
c:\windows\1445znot-a-virus759.dll
c:\windows\14484wo5m1z9.exe
c:\windows\14958zirus39b.ocx
c:\windows\1496zw9rm250.bin
c:\windows\14z66wo5m5b09.cpl
c:\windows\15175n9t-a-vir5s2z.bin
c:\windows\15222v9ru53ebz.dll
c:\windows\153cs9eaz2682.ocx
c:\windows\1559addwarz9791.bin
c:\windows\15b99ownlozder229.ocx
c:\windows\15d4addwaz979.bin
c:\windows\15z799pyc3.bin
c:\windows\160fspy5are9z8.exe
c:\windows\16158z9t-a-virus1cb.ocx
c:\windows\16520not-a-59ruz522.exe
c:\windows\1672zspa5b9t21a.ocx
c:\windows\170z8vi5us7c9.bin
c:\windows\1723t5rezt19958.dll
c:\windows\17251w9rm4bbz.dll
c:\windows\17599hacktool752z.cpl
c:\windows\1795troj5z5.ocx
c:\windows\17d3t5rezt29697.bin
c:\windows\1800spa9bot545z.dll
c:\windows\18232woz9455.ocx
c:\windows\18390wormz835.bin
c:\windows\187995zrm5f8.exe
c:\windows\18863za95tool86.exe
c:\windows\18945zirus635.bin
c:\windows\19045spazbot12e.exe
c:\windows\190zvir1075.exe
c:\windows\19131tro591z.ocx
c:\windows\19143hazktool5849.bin
c:\windows\19275szyc99.cpl
c:\windows\195backdzor9435.cpl
c:\windows\19725spamb5tz5.exe
c:\windows\198b5hrzat27564.ocx
c:\windows\1997zp5ec.cpl
c:\windows\1a99do5nloaderz853.dll
c:\windows\1b39addwarz2485.bin
c:\windows\1e785teaz2309.exe
c:\windows\1ed5baczd9or399.bin
c:\windows\1z34959ambot4d6.dll
c:\windows\1z5not-a9virus15.exe
c:\windows\1z9435ackt9olbf.exe
c:\windows\1z951worm759.exe
c:\windows\1z9799o5-a-virus200.exe
c:\windows\1zd9s9arse5000.bin
c:\windows\1zf1st5al1995.bin
c:\windows\2029spywar51408z.bin
c:\windows\202bs5zwar9391.dll
c:\windows\20afaddwa95678z.cpl
c:\windows\20z9thie524359.exe
c:\windows\21290zpy759.dll
c:\windows\21375ownlzader26209.ocx
c:\windows\215ddo95loazer98.cpl
c:\windows\2185s9ywa5ez289.bin
c:\windows\21z24troj5f79.cpl
c:\windows\2325thre5t3z998.ocx
c:\windows\2388zo9m4c85.dll
c:\windows\23985ownloade97z.cpl
c:\windows\23999ha5ktool1z2.ocx
c:\windows\24563zot-a-v5rus296.bin
c:\windows\25118h9ckzool55c.ocx
c:\windows\25154hacz9ool1ef.dll
c:\windows\2515a9dwarz1389.cpl
c:\windows\2544backzoor2912.ocx
c:\windows\25601s9amzot7f1.exe
c:\windows\25656trojz595.exe
c:\windows\2569zspy1055.cpl
c:\windows\2575tr9j5bz.cpl
c:\windows\25835nzt-a-v9rus69a.bin
c:\windows\258579pz55.bin
c:\windows\25951spzmbot719.exe
c:\windows\2596addwarz581.exe
c:\windows\25b4s9azse5858.dll
c:\windows\25z4a5dware1895.bin
c:\windows\25zbbackdoor199.exe
c:\windows\26084virus695z.ocx
c:\windows\26470zack5oo9fb.dll
c:\windows\27d2vir9z65.cpl
c:\windows\28511spy9cz5.exe
c:\windows\28678spa5bot9z7.cpl
c:\windows\2880not-a-vi5u95bz.cpl
c:\windows\29017worz593.exe
c:\windows\29055zorm1a8.dll
c:\windows\291thre59z642.exe
c:\windows\2982s5ar9e234z.exe
c:\windows\2983zspy569.cpl
c:\windows\29e7threa52505z.bin
c:\windows\29z9hac5tool184.cpl
c:\windows\2a11steal91z5.dll
c:\windows\2b9cs9arsz3155.ocx
c:\windows\2c59a9dza5e780.bin
c:\windows\2c79spzwar91825.exe
c:\windows\2d95backdoor1310z.ocx
c:\windows\2dc1addwaze23959.exe
c:\windows\2eazsp9r5e319.ocx
c:\windows\2f7fzddw5re2209.exe
c:\windows\2z295ief765.exe
c:\windows\2z39spywar51993.exe
c:\windows\2z40t9re5t20565.dll
c:\windows\2z830not-a-virus951.cpl
c:\windows\30bfs9z5l2823.bin
c:\windows\30z79vi5us267.ocx
c:\windows\3158zspamb9te5.bin
c:\windows\31870zpam95t230.exe
c:\windows\31934spz9bot5ab.dll
c:\windows\32201zot-a-v9ru533d.exe
c:\windows\32420zot-a-vi9us456.dll
c:\windows\3490add9zr5366.cpl
c:\windows\35098spy6z0.dll
c:\windows\353sp965z.dll
c:\windows\3547virz99.cpl
c:\windows\355fbackdoor2z09.bin
c:\windows\359zv9r3035.bin
c:\windows\3679stea516z9.cpl
c:\windows\3732h5zkt9ol325.ocx
c:\windows\39223zorm465.bin
c:\windows\3929s5eal248z.exe
c:\windows\39505acztool562.bin
c:\windows\39cezpyw9re1259.dll
c:\windows\3a88s95alz15.bin
c:\windows\3aa4addzare5095.dll
c:\windows\3aa5zhreat19647.cpl
c:\windows\3addbac5doo9z29.bin
c:\windows\3ae6zac5d9or855.bin
c:\windows\3bee5pars93z63.dll
c:\windows\3c9badzware5629.cpl
c:\windows\3cazsteal2957.bin
c:\windows\3f10steal905z5.dll
c:\windows\3f5btzie91502.dll
c:\windows\3fz7addware5968.dll
c:\windows\3z709irus6ec5.ocx
c:\windows\40fb59ief256z.ocx
c:\windows\41e4spars915z4.dll
c:\windows\4399tr9z565.ocx
c:\windows\44db9ck5oor12z5.cpl
c:\windows\4527addwarez0669.ocx
c:\windows\453thr9atz37235.ocx
c:\windows\4551spyza5e1895.exe
c:\windows\4570virus1z9.dll
c:\windows\4599zirus675.exe
c:\windows\459backdoor2z44.bin
c:\windows\45aeaddw5r9177z.exe
c:\windows\45c5vir9z80.dll
c:\windows\45fbackdo5z1994.ocx
c:\windows\45z9spyw5re86.ocx
c:\windows\476edow9zoa5er1554.ocx
c:\windows\481s5ars91265z.bin
c:\windows\4875szea59697.bin
c:\windows\4881not-a9viru55za.cpl
c:\windows\48acthreaz92915.exe
c:\windows\48f9zackd9o5329.bin
c:\windows\4994thie95738z.exe
c:\windows\4b61zpa9se19225.ocx
c:\windows\4bb5spyware27z89.cpl
c:\windows\4bz15ownloade91551.ocx
c:\windows\4c06dzwnl5a9er119.ocx
c:\windows\4c645ack9oor3z92.ocx
c:\windows\4d7aza9kdoor1465.exe
c:\windows\4dcfsparsz51219.bin
c:\windows\4dzdadd9are509.cpl
c:\windows\50f3vir1z709.dll
c:\windows\51279worm7z9.dll
c:\windows\51460z9ambotaf.bin
c:\windows\51bed5wnzoade91561.ocx
c:\windows\51f3addw5r9181z.dll
c:\windows\52227hacktool169z.dll
c:\windows\5223zsp91fa.exe
c:\windows\52z1stea96735.ocx
c:\windows\53304vir9z608.dll
c:\windows\53507wo9m363z.cpl
c:\windows\53955pyz8c.ocx
c:\windows\54201vizu9135.bin
c:\windows\5426zte5l9339.bin
c:\windows\54349ackdoor1z50.dll
c:\windows\54533spy19z.bin
c:\windows\5458downloa9er555z.exe
c:\windows\54759pywarz2146.bin
c:\windows\549zvi9958.ocx
c:\windows\54ab9ckdo5r166z.cpl
c:\windows\54be5zief27059.dll
c:\windows\54fzpa9se2955.exe
c:\windows\54z2s9yware770.cpl
c:\windows\55225pzmbot391.dll
c:\windows\559fspazse2192.exe
c:\windows\55eavir1z069.ocx
c:\windows\5631spzrse3095.bin
c:\windows\5650thzef2957.ocx
c:\windows\5692vir9916z.bin
c:\windows\56aa9iz25075.exe
c:\windows\5739downz9ader2276.bin
c:\windows\5778backdzor9975.ocx
c:\windows\57ee5hreat9z730.ocx
c:\windows\58474not-9-virzs74d.bin
c:\windows\58e4thre9t273z3.exe
c:\windows\5929sz59se300.dll
c:\windows\594z59ormd5.bin
c:\windows\5955h5cktooz19f.ocx
c:\windows\595daddzare3247.bin
c:\windows\59659wormz4f.exe
c:\windows\599eazdware1597.dll
c:\windows\59z16spy497.dll
c:\windows\5a15vir916z.ocx
c:\windows\5b79threaz23858.exe
c:\windows\5b95vzr154.exe
c:\windows\5b9zbackd5or470.bin
c:\windows\5d72vir909z.dll
c:\windows\5f90backdoo935z8.ocx
c:\windows\5z04back9oo51819.cpl
c:\windows\5z7ca9dware19955.dll
c:\windows\5za6t9reat8352.ocx
c:\windows\5za9vir2954.exe
c:\windows\6052viruzb9.bin
c:\windows\60azt95ef2379.cpl
c:\windows\6159sparsz2597.bin
c:\windows\620thre9tz5589.dll
c:\windows\63abdo9nlozder2105.bin
c:\windows\63beviz99765.bin
c:\windows\655czt9al1487.dll
c:\windows\656zsp9rse2790.ocx
c:\windows\65b5st5al994z.cpl
c:\windows\65z8vir26559.ocx
c:\windows\65za5ddware789.cpl
c:\windows\66279ddwaze855.exe
c:\windows\6799thrzat55393.bin
c:\windows\6995backdoor6z5.dll
c:\windows\6a5dthrezt96045.exe
c:\windows\6b5espywzre23169.cpl
c:\windows\6b96za9kdoor16895.bin
c:\windows\6c19s5yware1596z.ocx
c:\windows\6d72a9dware15z3.ocx
c:\windows\6z55vi9us12f.bin
c:\windows\70d6downzoa9er5815.bin
c:\windows\71c09ir5267z.exe
c:\windows\727zv591683.dll
c:\windows\7491spywz5e674.cpl
c:\windows\74f6zparse9435.dll
c:\windows\7525zparse2496.exe
c:\windows\7529thzef2615.dll
c:\windows\7597downloader20z89.dll
c:\windows\75f6s9yzare1075.cpl
c:\windows\7844hackz9ol7925.cpl
c:\windows\786ath5eat39332z.cpl
c:\windows\7895s5arze2150.ocx
c:\windows\793zviru559.exe
c:\windows\7a38zp9rse29795.cpl
c:\windows\7a8fadd95re6z3.exe
c:\windows\7bbcspyzare11935.cpl
c:\windows\7bc1spy9are2975z.cpl
c:\windows\7c12z5eal796.exe
c:\windows\7c84s5y9are252z.cpl
c:\windows\7e38downloazer9597.dll
c:\windows\7f9495wnloadzr1862.ocx
c:\windows\819zvir5sce.cpl
c:\windows\84s9ars52z16.dll
c:\windows\8529hackt95z2cc.ocx
c:\windows\857spars91028z.cpl
c:\windows\862spar5e31z9.ocx
c:\windows\8790notz9-virus785.cpl
c:\windows\8855z9cktool20c.exe
c:\windows\8d5th5z9t9437.ocx
c:\windows\9123not-a-vzru5152.ocx
c:\windows\9219n59-a-virzsa2.dll
c:\windows\9222sp579z.exe
c:\windows\946459y553z.bin
c:\windows\9465hackto5l92z.exe
c:\windows\956dst5az532.bin
c:\windows\95755tealz55.bin
c:\windows\958zsp5mbot30e.exe
c:\windows\959sparse1z83.bin
c:\windows\97276hacktoo51d4z.exe
c:\windows\97espy5a9ez66.bin
c:\windows\988fdownloader5205z.bin
c:\windows\991bac5doorz456.ocx
c:\windows\99463h5zktool53f.exe
c:\windows\995virz933.dll
c:\windows\996t5oz408.cpl
c:\windows\99959vzrus15.exe
c:\windows\9b02spa5sez01.dll
c:\windows\9b82addware58z.ocx
c:\windows\9b8bvir3155z.bin
c:\windows\9c0spyzare26685.dll
c:\windows\9dfzhreat158219.ocx
c:\windows\9evzr5009.dll
c:\windows\9z185or915d.ocx
c:\windows\9z95not-a-virus2fd.exe
c:\windows\9zeaspyw5re746.ocx
c:\windows\a059pars5804z.dll
c:\windows\a57spywaze1955.bin
c:\windows\b79zteal5359.ocx
c:\windows\d3a9hie5z53.exe
c:\windows\d51stezl969.dll
c:\windows\e63spy95ze2659.dll
c:\windows\e815zarse11559.exe
c:\windows\ed9s5eal176z.exe
c:\windows\fdavz9553.exe
c:\windows\Installer\80a4107.msp
c:\windows\system32\1004noz-a-virus45b9.dll
c:\windows\system32\10145n9t-a-zirus2aa.dll
c:\windows\system32\10316not-9-viruz6845.dll
c:\windows\system32\10583w9rmza25.bin
c:\windows\system32\1063zte953197.exe
c:\windows\system32\107535irusz489.ocx
c:\windows\system32\10942z9rus1165.ocx
c:\windows\system32\11809not-a-v5zusb9.ocx
c:\windows\system32\1190spywaz5495.dll
c:\windows\system32\11z2vir9256.bin
c:\windows\system32\120z1s9y58a5.ocx
c:\windows\system32\12583hazktool1569.bin
c:\windows\system32\12751no5-a-9izus4f5.exe
c:\windows\system32\12895tzoj645.exe
c:\windows\system32\1295zir9128.bin
c:\windows\system32\12996szambo516e.cpl
c:\windows\system32\12z955ot-9-virus366.cpl
c:\windows\system32\1306zhacktoo95cc.exe
c:\windows\system32\13337hac59oolz5e.bin
c:\windows\system32\13435sp9z6.cpl
c:\windows\system32\13595spz46f.cpl
c:\windows\system32\136549py7ez.bin
c:\windows\system32\13679virzs511.dll
c:\windows\system32\138899orm5a5z.dll
c:\windows\system32\13z11spy759.exe
c:\windows\system32\14099sp9mb5tze6.cpl
c:\windows\system32\14145not-azvirus9f3.cpl
c:\windows\system32\14594spy1z.ocx
c:\windows\system32\14667s5yzf9.exe
c:\windows\system32\15094s5zmbo9317.exe
c:\windows\system32\1516virz5559.ocx
c:\windows\system32\15508s9ambot5z6.exe
c:\windows\system32\15847spambot39z.cpl
c:\windows\system32\15999zroj62c.dll
c:\windows\system32\16247n5t-a9zirus45d.cpl
c:\windows\system32\1652spamb9t16fz.cpl
c:\windows\system32\16587not9azvirus35b5.ocx
c:\windows\system32\1685895rusz40.exe
c:\windows\system32\17135vir9s45z.exe
c:\windows\system32\1721tzief2539.cpl
c:\windows\system32\175da9dwz5e1031.bin
c:\windows\system32\176799pzmbot145.ocx
c:\windows\system32\17849zir5s593.exe
c:\windows\system32\17995zirus5bd.exe
c:\windows\system32\179z5py4fc.bin
c:\windows\system32\188b95zware3244.exe
c:\windows\system32\18907wzrm145.bin
c:\windows\system32\18919sp9252z.ocx
c:\windows\system32\1919zpy6da5.dll
c:\windows\system32\19327spzmbot5cc.bin
c:\windows\system32\19478spambot7z5.bin
c:\windows\system32\1978thre5t1198z.exe
c:\windows\system32\1985z5py4a9.cpl
c:\windows\system32\19897w9r529bz.cpl
c:\windows\system32\19920zpa5bot285.ocx
c:\windows\system32\19e0thizf158.dll
c:\windows\system32\19z25spy9d.exe
c:\windows\system32\19z54worm56d.cpl
c:\windows\system32\1a38szyw5re964.bin
c:\windows\system32\1abdthre59z0606.exe
c:\windows\system32\1be1zt59l294.exe
c:\windows\system32\1c2ddownlo9der2z5.exe
c:\windows\system32\1c40bzckdo5r2963.ocx
c:\windows\system32\1ca4thr5at19z67.bin
c:\windows\system32\1e4c5hi9f634z.bin
c:\windows\system32\1z2f5ac9door657.ocx
c:\windows\system32\1z31spy569.ocx
c:\windows\system32\1z369sp54309.cpl
c:\windows\system32\1z75ba5kd9or751.dll
c:\windows\system32\1z9dthrea925414.bin
c:\windows\system32\1zacbackdoo52389.dll
c:\windows\system32\1zd25pyware6299.cpl
c:\windows\system32\202dthrea910945z.cpl
c:\windows\system32\21259spy2d5z.dll
c:\windows\system32\21366s5a9boz33e.dll
c:\windows\system32\21545v9rus36z.cpl
c:\windows\system32\2158sp9rze837.exe
c:\windows\system32\21z905iru965a.ocx
c:\windows\system32\225evir194z.exe
c:\windows\system32\225fazdware22479.exe
c:\windows\system32\231359o5z685.cpl
c:\windows\system32\23305ha9ktoolz4.cpl
c:\windows\system32\2331h5cztool4bd9.cpl
c:\windows\system32\2390zha5ktool5be.dll
c:\windows\system32\239fthie51269z.ocx
c:\windows\system32\23f2bac5do9r26z0.cpl
c:\windows\system32\240z8not9a-5irus6b5.exe
c:\windows\system32\24499not5azvirus4d9.ocx
c:\windows\system32\24809virus50z.exe
c:\windows\system32\24952zroj261.exe
c:\windows\system32\24z75hac5tool1c9.bin
c:\windows\system32\25129ddwzre2557.exe
c:\windows\system32\255z8tro9315.bin
c:\windows\system32\258235acktool579z.bin
c:\windows\system32\25840not-a-9iruzda.ocx
c:\windows\system32\258z09pambot1255.bin
c:\windows\system32\2595spzware2859.exe
c:\windows\system32\25dz9ackdoor3151.cpl
c:\windows\system32\25e4threaz295999.exe
c:\windows\system32\25f25t9az1182.cpl
c:\windows\system32\26589tro54z5.exe
c:\windows\system32\265ebackd9orz384.bin
c:\windows\system32\26755orz73f9.exe
c:\windows\system32\27258vzru59dd.ocx
c:\windows\system32\2761zs9552f.ocx
c:\windows\system32\277295rzj769.cpl
c:\windows\system32\2775zwo9m649.bin
c:\windows\system32\2805steal963z.exe
c:\windows\system32\2811downloader596z9.bin
c:\windows\system32\28595v9rus7z5.ocx
c:\windows\system32\287225or91e6z.ocx
c:\windows\system32\2889th5ef1z30.cpl
c:\windows\system32\28a9spywzr5973.bin
c:\windows\system32\291z7s5y4d5.ocx
c:\windows\system32\29436vir5z422.bin
c:\windows\system32\295389ackzool654.dll
c:\windows\system32\295faddwarz2635.cpl
c:\windows\system32\29z8sparse1595.dll
c:\windows\system32\2bb5z5e9l20.exe
c:\windows\system32\2bf5ackd9oz2173.exe
c:\windows\system32\2bfz9hreat31592.ocx
c:\windows\system32\2ca79hizf518.exe
c:\windows\system32\2d2e59dware249z.exe
c:\windows\system32\2f9a5zwnloader816.cpl
c:\windows\system32\2faastea91z59.exe
c:\windows\system32\2z536n9t-a-vir5s34f.dll
c:\windows\system32\2z554not-a9virus2d.dll
c:\windows\system32\2z6335orm3259.exe
c:\windows\system32\3015addwarz1595.exe
c:\windows\system32\30215s9zmbot2ac.ocx
c:\windows\system32\302955ot-a-vizus521.bin
c:\windows\system32\30471hzck9ool569.ocx
c:\windows\system32\30557not-z-virus1a99.bin
c:\windows\system32\3086959rmzf.bin
c:\windows\system32\30895zo593d6.ocx
c:\windows\system32\30905worm1b6z.exe
c:\windows\system32\31255not-9-v5rzs440.dll
c:\windows\system32\313z9sp9159.ocx
c:\windows\system32\31629hacktooz15f.dll
c:\windows\system32\31649s9am5ot6cz.exe
c:\windows\system32\317065pam9otze2.bin
c:\windows\system32\32228ha9ktoolzd5.dll
c:\windows\system32\32451not-a-virus695z.exe
c:\windows\system32\32766wor95zf.exe
c:\windows\system32\3358noz-a5viru9502.cpl
c:\windows\system32\339ca5dwarez808.dll
c:\windows\system32\3423zi9us579.dll
c:\windows\system32\344et5r9zt26296.ocx
c:\windows\system32\3497vi5243z.cpl
c:\windows\system32\34b9t5reatz2829.dll
c:\windows\system32\3589back9oor5z5.dll
c:\windows\system32\35aspzrse595.ocx
c:\windows\system32\3623zac5door19.exe
c:\windows\system32\3630s9ywar5z014.cpl
c:\windows\system32\36e25d9warez008.dll
c:\windows\system32\3756bazkdoor996.cpl
c:\windows\system32\3799s5arsez15.cpl
c:\windows\system32\37cc9teal8z15.cpl
c:\windows\system32\3967th5zat176349.cpl
c:\windows\system32\3991threaz11589.dll
c:\windows\system32\399cs5ywarez327.cpl
c:\windows\system32\39b7threatz8534.exe
c:\windows\system32\39zethief1854.exe
c:\windows\system32\3c8ezpywar524969.bin
c:\windows\system32\40fdspywa5e93z9.dll
c:\windows\system32\410notza-v5rus995.dll
c:\windows\system32\419bbackd5or1347z.bin
c:\windows\system32\41cfbackdoo5z928.ocx
c:\windows\system32\435b5hief2z49.exe
c:\windows\system32\43f9thi592515z.bin
c:\windows\system32\4455v9z521.cpl
c:\windows\system32\4523worm5zd9.dll
c:\windows\system32\459cthiez1232.ocx
c:\windows\system32\45b6tzrea925849.ocx
c:\windows\system32\45bviz1199.cpl
c:\windows\system32\4659th5zat12952.ocx
c:\windows\system32\477cbazkd95r1650.dll
c:\windows\system32\47a3szarse5969.dll
c:\windows\system32\47e1downlozd95482.dll
c:\windows\system32\crosof~1.net
c:\windows\system32\lo2.txtt
c:\windows\system32\ppatch~1
c:\windows\system32\sembly~1
c:\windows\system32\stem~1
c:\windows\system32\stem32~1
c:\windows\system32\uninstall.exe
c:\windows\system32\wnsxs~1
c:\windows\z0025acktool590.ocx
c:\windows\z014t5ief491.ocx
c:\windows\z05dbackdoor2892.dll
c:\windows\z1484worm5b69.exe
c:\windows\z169ack5oor2854.bin
c:\windows\z19ethrea917045.bin
c:\windows\z2169hack5ool326.bin
c:\windows\z2438not-a-9i5us7a5.ocx
c:\windows\z2718spam95t244.bin
c:\windows\z515th9ef1697.exe
c:\windows\z518vir190.cpl
c:\windows\z5489virus359.cpl
c:\windows\z558threat19755.cpl
c:\windows\z5930hacktool19a.bin
c:\windows\z5959spy1d.dll
c:\windows\z5997not-a-v9rus154.ocx
c:\windows\z612ba5kdoor2194.exe
c:\windows\z6362virus3985.dll
c:\windows\z6552vi9us49d.exe
c:\windows\z7859virus64d9.bin
c:\windows\z796spamb5t535.bin
c:\windows\z855wormac9.cpl
c:\windows\z891d5wnload9r2382.exe
c:\windows\z8a4spar5e9914.bin
c:\windows\z8th5ef994.bin
c:\windows\z9188spy985.dll
c:\windows\z921s5eal1642.exe
c:\windows\z9504virus2cd.exe
c:\windows\z96235pambot54a.cpl
c:\windows\z966addw59e526.exe
c:\windows\z979virus55e.ocx
c:\windows\z9b55teal1461.bin
c:\windows\z9e4backdoor529.dll
c:\windows\zbdcdo9nloade5143.bin
c:\windows\zbf0backdoor13945.cpl
c:\windows\zc21backd5or9264.exe
c:\windows\zce3th59f1201.exe
c:\windows\ze55backdoor1619.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_RKHIT
-------\Legacy_WINDOWS_OVERLAY_COMPONENTS
-------\Service_RkHit
((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.
2009-12-24 22:45 . 2009-12-24 22:45 9672 ----a-w- c:\windows\system32\65z259t-a-virus732.bin
2009-12-11 05:10 . 2009-12-11 05:10 5269 ----a-w- c:\windows\system32\985bspywarez192.bin
2009-12-06 00:13 . 2009-12-06 00:13 13226 ----a-w- c:\windows\system32\5500troj6fz9.dll
2009-11-22 22:45 . 2009-11-22 22:45 4511 ----a-w- c:\windows\system32\54319zpy73d.dll
2009-11-21 21:10 . 2009-11-21 21:10 10488 ----a-w- c:\windows\system32\7c5dspyzare1695.dll
2009-11-16 11:27 . 2009-11-16 11:27 11102 ----a-w- c:\windows\system32\z7713troj9875.bin
2009-11-16 06:49 . 2009-11-16 06:49 7584 ----a-w- c:\windows\system32\5zathi9f396.bin
2009-10-27 16:28 . 2009-10-27 16:28 8743 ----a-w- c:\windows\system32\5119thr9z514866.dll
2009-10-17 15:08 . 2009-10-17 15:08 10649 ----a-w- c:\windows\system32\7z94ha9kt5ol786.exe
2009-10-11 21:12 . 2009-10-11 21:12 11201 ----a-w- c:\windows\system32\f1fadd5arz9314.exe
2009-10-11 13:10 . 2009-10-11 13:10 10701 ----a-w- c:\windows\system32\6918hzck9oolc55.exe
2009-10-09 06:09 . 2009-10-09 06:09 4025 ----a-w- c:\windows\system32\69c45oznloader2851.dll
2009-10-06 11:26 . 2009-10-06 11:26 3390 ----a-w- c:\windows\system32\z13389i5us1aa.dll
2009-09-28 20:47 . 2009-09-28 20:47 15009 ----a-w- c:\windows\system32\49c7thiez1577.dll
2009-09-23 15:35 . 2009-09-23 15:35 16429 ----a-w- c:\windows\system32\7cbzdown5oader9700.bin
2009-09-21 16:27 . 2009-09-21 16:27 10332 ----a-w- c:\windows\system32\8ectzr9at18358.dll
2009-09-17 01:25 . 2009-09-17 01:25 11779 ----a-w- c:\windows\system32\92645p94adz.exe
2009-09-16 08:26 . 2009-09-16 08:26 11934 ----a-w- c:\windows\system32\594caddzare21915.dll
2009-09-12 01:20 . 2009-09-12 01:20 3299 ----a-w- c:\windows\system32\99149irus18z5.dll
2009-08-17 10:32 . 2009-08-17 10:32 12871 ----a-w- c:\windows\system32\4975zorm367.dll
2009-08-14 03:22 . 2009-08-14 03:22 4215 ----a-w- c:\windows\system32\759c5ackdzor4149.bin
2009-08-04 19:08 . 2009-08-04 19:11 -------- d-----w- C:\rsit
2009-08-04 04:03 . 2005-03-01 03:52 102400 ----a-w- c:\windows\system32\unzip3252.dll
2009-08-04 04:03 . 2001-05-30 14:00 352256 ----a-w- c:\windows\system32\ijl15.dll
2009-08-04 04:03 . 2004-05-04 15:53 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2009-08-04 04:03 . 2002-07-25 02:43 667648 ----a-w- c:\windows\system32\FreeImage.dll
2009-08-04 04:03 . 1998-08-29 17:50 40448 ----a-w- c:\windows\system32\UNACE.DLL
2009-08-04 03:44 . 2009-08-04 03:44 -------- d-----w- c:\program files\Trend Micro
2009-08-03 21:50 . 2009-08-03 21:50 -------- d-----w- c:\program files\Safer Networking
2009-08-03 20:31 . 2009-08-03 21:59 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-08-03 15:58 . 2009-08-03 15:58 11922 ----a-w- c:\windows\system32\5a59vzr9215.dll
2009-08-03 09:08 . 2009-08-03 09:08 12961 ----a-w- c:\windows\system32\4z72t59ef2502.dll
2009-08-01 10:16 . 2009-08-01 10:16 10394 ----a-w- c:\windows\system32\4979spyware295z.dll
2009-07-29 17:33 . 2009-07-29 17:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Sony
2009-07-24 01:44 . 2009-07-24 01:44 7307 ----a-w- c:\windows\system32\9za4threat14529.bin
2009-07-21 10:34 . 2009-07-21 10:34 6694 ----a-w- c:\windows\system32\4899downlza5er113.exe
2009-07-18 02:35 . 2009-07-22 18:49 -------- d-----w- C:\0ftp
2009-07-11 23:14 . 2009-07-11 23:14 17223 ----a-w- c:\windows\system32\62c59parsz884.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 23:59 . 2006-02-12 21:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-08-05 23:57 . 2009-04-04 03:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-08-05 23:57 . 2006-09-26 20:18 -------- d-----w- c:\program files\BitTorrent
2009-08-05 18:35 . 2008-04-10 08:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-08-05 07:13 . 2009-04-19 17:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-08-05 03:59 . 2006-02-12 21:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-04 04:03 . 2003-05-24 23:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-04 03:53 . 2009-04-04 03:54 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-03 21:57 . 2007-03-09 04:05 -------- d-----w- c:\program files\GoPets Ltd
2009-07-29 17:41 . 2007-03-07 03:03 -------- d-----w- c:\program files\PokerRoom.com
2009-07-26 06:17 . 2006-09-07 10:47 -------- d-----w- c:\program files\mIRC
2009-07-24 00:37 . 2007-11-15 07:48 -------- d-----w- c:\program files\BitComet
2009-07-03 00:44 . 2009-07-03 00:44 16952 ----a-w- c:\windows\system32\zd15backdoo92486.exe
2009-06-29 16:12 . 2004-08-24 04:32 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2002-09-03 16:29 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-29 12:55 . 2009-04-04 03:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-29 12:55 . 2008-04-14 22:35 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-24 01:18 . 2009-06-24 01:18 8611 ----a-w- c:\windows\system32\z7585ir9197.bin
2009-06-20 20:25 . 2009-06-20 20:25 3182 ----a-w- c:\windows\system32\aecszyware29519.bin
2009-06-16 14:55 . 2002-09-03 17:06 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2002-09-03 16:33 82432 ------w- c:\windows\system32\fontsub.dll
2009-06-12 14:07 . 2009-06-12 14:07 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{A244981E-8404-4D9D-AF17-121138BB71D6}
2009-06-12 01:18 . 2009-06-12 00:30 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{94032222-2818-4C8C-8989-0DD3E335DD5D}
2009-06-12 01:06 . 2009-06-12 01:06 -------- d-----w- c:\program files\Hawkes Learning Systems
2009-06-08 22:09 . 2009-06-08 22:09 4040 ----a-w- c:\windows\system32\90735pz358.bin
2009-06-06 10:34 . 2009-06-06 10:34 15905 ----a-w- c:\windows\system32\5975addware319z5.bin
2009-06-05 17:16 . 2009-06-05 17:16 3818 ----a-w- c:\windows\system32\z018threat58089.dll
2009-06-03 19:27 . 2004-11-05 17:41 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 21:46 . 2007-02-18 05:31 130760 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-31 21:43 . 2009-05-31 21:43 130760 ----a-w- c:\documents and settings\Pinnkkk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-31 21:41 . 2007-02-18 05:15 8224 ----a-w- c:\documents and settings\Guest.70E9OW531HWRKW8\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-28 11:11 . 2009-05-28 11:11 8953 ----a-w- c:\windows\system32\z7824virus295.dll
2009-05-27 09:11 . 2009-05-27 09:11 18094 ----a-w- c:\windows\system32\59e2zte5l794.dll
2009-05-23 05:35 . 2009-05-23 05:35 4189 ----a-w- c:\windows\system32\z9a1thief31795.exe
2009-05-21 09:11 . 2009-05-21 09:11 5605 ----a-w- c:\windows\system32\z4472worm59e.bin
2009-05-20 08:39 . 2009-05-20 08:39 13040 ----a-w- c:\windows\system32\73dcdownzoa5er4619.bin
2009-05-19 05:36 . 2009-06-14 10:36 2884832 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-05-19 05:36 . 2009-06-14 10:36 28 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-05-19 05:36 . 2009-06-14 10:36 1484856 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-05-19 05:36 . 2009-06-14 10:36 25 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-05-19 05:36 . 2009-06-14 10:36 97072 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-05-19 05:36 . 2009-06-14 10:36 142040 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-05-19 05:36 . 2009-06-14 10:36 30512 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-05-19 05:36 . 2009-06-14 10:36 111920 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
2009-05-17 21:23 . 2009-04-04 03:54 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-15 11:06 . 2009-05-15 11:06 17082 ----a-w- c:\windows\system32\z4155h9cktool4b4.dll
2009-05-14 04:17 . 2009-05-14 04:17 6615 ----a-w- c:\windows\system32\79875iz334.bin
2009-05-10 19:07 . 2009-05-10 19:07 12006 ----a-w- c:\windows\system32\7489spzrse10925.bin
2009-05-08 02:42 . 2009-05-08 02:42 75048 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2006-05-03 09:06 . 2007-04-29 10:57 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-04-29 10:57 31232 --sh--r- c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528]
"PicoZip"="c:\progra~1\PicoZip\PicoZipTray.exe" [2006-06-09 581632]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBDetector"="c:\usbstorage\USBDetector.exe" [2002-11-26 53248]
"ShowIcon_The Company_CRW Series Driver v1.17r023"="c:\program files\CRW\shwicon.exe" [2003-01-27 73728]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-03-25 69632]
"SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 42496]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"EPSON Stylus Photo RX620 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE" [2004-05-20 98304]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\Mindscape\PrintMaster\PMREMIND.EXE [1998-6-6 325632]
Medic.lnk - c:\program files\Road Runner\Medic\RRMedic.exe [2003-5-24 3362939]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-22 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\program files\Windows NT\pokodezu.html
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\program files\Common Files\mehe.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-29 12:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk
backup=c:\windows\pss\Workspace Macro Pro Hotkeys.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner.70E9OW531HWRKW8^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]
path=c:\documents and settings\Owner.70E9OW531HWRKW8\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk
backup=c:\windows\pss\Workspace Macro Pro Hotkeys.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Canon\\DV Messenger\\DV Messenger.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21603:TCP"= 21603:TCP:BitComet 21603 TCP
"21603:UDP"= 21603:UDP:BitComet 21603 UDP
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2009 11:54 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2009 11:54 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/3/2009 11:54 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/3/2009 11:54 PM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/27/2007 3:38 AM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 10:19 PM 13592]
S3 ACCSKMD;Canon Camera Storage Device;c:\windows\system32\drivers\accskmd.sys [5/13/2003 11:50 PM 32640]
S4 Dcrmsnpbfarc;Dcrmsnpbfarc; [x]
.
Contents of the 'Scheduled Tasks' folder
2009-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-08-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-10 13:43]
2009-08-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {FC53C825-75D4-48EB-BFC6-AB8946AD24BA} = 208.67.220.220,208.67.222.222
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner.70E9OW531HWRKW8\Application Data\Mozilla\Firefox\Profiles\9ncmh1ox.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
disk not found C:\
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1424)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\windows\system32\drivers\CDANTSRV.EXE
c:\windows\system32\drivers\dcfssvc.exe
c:\windows\system32\locator.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\WDC\SetIcon.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-06 20:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-06 00:33
Pre-Run: 18,314,784,768 bytes free
Post-Run: 18,216,943,616 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
[spybotsd]
timeout.old=30
833 --- E O F --- 2009-08-05 07:13
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:31 PM, on 8/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\CRW\shwicon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_CRW Series Driver v1.17r023] "C:\Program Files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.17r023"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC53C825-75D4-48EB-BFC6-AB8946AD24BA}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\pokodezu.html
O24 - Desktop Component 1: (no name) - C:\Program Files\Common Files\mehe.html
--
End of file - 9925 bytes
Step # 1: Run CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
KILLALL::
Driver::
Dcrmsnpbfarc
File::
c:\windows\system32\65z259t-a-virus732.bin
c:\windows\system32\985bspywarez192.bin
c:\windows\system32\5500troj6fz9.dll
c:\windows\system32\54319zpy73d.dll
c:\windows\system32\7c5dspyzare1695.dll
c:\windows\system32\z7713troj9875.bin
c:\windows\system32\5zathi9f396.bin
c:\windows\system32\5119thr9z514866.dll
c:\windows\system32\7z94ha9kt5ol786.exe
c:\windows\system32\f1fadd5arz9314.exe
c:\windows\system32\6918hzck9oolc55.exe
c:\windows\system32\69c45oznloader2851.dll
c:\windows\system32\z13389i5us1aa.dll
c:\windows\system32\49c7thiez1577.dll
c:\windows\system32\7cbzdown5oader9700.bin
c:\windows\system32\8ectzr9at18358.dll
c:\windows\system32\92645p94adz.exe
c:\windows\system32\594caddzare21915.dll
c:\windows\system32\99149irus18z5.dll
c:\windows\system32\4975zorm367.dll
c:\windows\system32\759c5ackdzor4149.bin
c:\windows\system32\5a59vzr9215.dll
c:\windows\system32\4z72t59ef2502.dll
c:\windows\system32\4979spyware295z.dll
c:\windows\system32\9za4threat14529.bin
c:\windows\system32\4899downlza5er113.exe
c:\windows\system32\62c59parsz884.dll
c:\windows\system32\zd15backdoo92486.exe
c:\windows\system32\z7585ir9197.bin
c:\windows\system32\aecszyware29519.bin
c:\windows\system32\90735pz358.bin
c:\windows\system32\5975addware319z5.bin
c:\windows\system32\z018threat58089.dll
c:\windows\system32\z7824virus295.dll
c:\windows\system32\59e2zte5l794.dll
c:\windows\system32\z9a1thief31795.exe
c:\windows\system32\z4472worm59e.bin
c:\windows\system32\73dcdownzoa5er4619.bin
c:\windows\system32\z4155h9cktool4b4.dll
c:\windows\system32\79875iz334.bin
c:\windows\system32\7489spzrse10925.bin
c:\program files\Windows NT\pokodezu.html
c:\program files\Common Files\mehe.html
Folder::
c:\program files\BitTorrent
c:\program files\BitComet
Registry::
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitComet\\BitComet.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21603:TCP"=-
"21603:UDP"=-
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Note: This CFScript is for use on piink's computer only! Do not use it on your computer.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
After ComboFix has run, do the following:
Go to Start -> Control Panel -> Display Properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My Current Home Page"),
Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Click Apply.
Click Apply and then Exit Display Properties.
In your next post/reply, I need to see the following:
1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh HiJackThis Log taken after Step 1 has been completed.
ComboFix 09-08-04.04 - Owner 08/06/2009 10:16.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.638.337 [GMT -4:00]
Running from: c:\documents and settings\Owner.70E9OW531HWRKW8\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.70E9OW531HWRKW8\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\program files\Common Files\mehe.html"
"c:\program files\Windows NT\pokodezu.html"
"c:\windows\system32\4899downlza5er113.exe"
"c:\windows\system32\4975zorm367.dll"
"c:\windows\system32\4979spyware295z.dll"
"c:\windows\system32\49c7thiez1577.dll"
"c:\windows\system32\4z72t59ef2502.dll"
"c:\windows\system32\5119thr9z514866.dll"
"c:\windows\system32\54319zpy73d.dll"
"c:\windows\system32\5500troj6fz9.dll"
"c:\windows\system32\594caddzare21915.dll"
"c:\windows\system32\5975addware319z5.bin"
"c:\windows\system32\59e2zte5l794.dll"
"c:\windows\system32\5a59vzr9215.dll"
"c:\windows\system32\5zathi9f396.bin"
"c:\windows\system32\62c59parsz884.dll"
"c:\windows\system32\65z259t-a-virus732.bin"
"c:\windows\system32\6918hzck9oolc55.exe"
"c:\windows\system32\69c45oznloader2851.dll"
"c:\windows\system32\73dcdownzoa5er4619.bin"
"c:\windows\system32\7489spzrse10925.bin"
"c:\windows\system32\759c5ackdzor4149.bin"
"c:\windows\system32\79875iz334.bin"
"c:\windows\system32\7c5dspyzare1695.dll"
"c:\windows\system32\7cbzdown5oader9700.bin"
"c:\windows\system32\7z94ha9kt5ol786.exe"
"c:\windows\system32\8ectzr9at18358.dll"
"c:\windows\system32\90735pz358.bin"
"c:\windows\system32\92645p94adz.exe"
"c:\windows\system32\985bspywarez192.bin"
"c:\windows\system32\99149irus18z5.dll"
"c:\windows\system32\9za4threat14529.bin"
"c:\windows\system32\aecszyware29519.bin"
"c:\windows\system32\f1fadd5arz9314.exe"
"c:\windows\system32\z018threat58089.dll"
"c:\windows\system32\z13389i5us1aa.dll"
"c:\windows\system32\z4155h9cktool4b4.dll"
"c:\windows\system32\z4472worm59e.bin"
"c:\windows\system32\z7585ir9197.bin"
"c:\windows\system32\z7713troj9875.bin"
"c:\windows\system32\z7824virus295.dll"
"c:\windows\system32\z9a1thief31795.exe"
"c:\windows\system32\zd15backdoo92486.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\OWNER~1.70E\LOCALS~1\Temp\catchme.dll
c:\documents and settings\Owner.70E9OW531HWRKW8\Local Settings\Temp\catchme.dll
c:\program files\BitComet
c:\program files\BitComet\BitComet.exe
c:\program files\BitComet\BitComet.url
c:\program files\BitComet\BitComet.xml
c:\program files\BitComet\cache\post_info.xml
c:\program files\BitComet\cache\rss_index.xml
c:\program files\BitComet\ChangeLog.txt
c:\program files\BitComet\CRASH.DMP
c:\program files\BitComet\CRASH.ZIP
c:\program files\BitComet\CRASH.ZIP.0001
c:\program files\BitComet\CRASHLOG.DAT
c:\program files\BitComet\CRASHLOG.TXT
c:\program files\BitComet\CrashReport.exe
c:\program files\BitComet\dbghelp.dll
c:\program files\BitComet\Downloads.xml
c:\program files\BitComet\fav\ad\artow.gif
c:\program files\BitComet\fav\ad\previewdlg_en_us.htm
c:\program files\BitComet\fav\ad\previewdlg_zh_cn.htm
c:\program files\BitComet\fav\ad\previewwnd_en_us.htm
c:\program files\BitComet\fav\ad\previewwnd_en_us.htm.bak
c:\program files\BitComet\fav\ad\previewwnd_zh_cn.htm
c:\program files\BitComet\fav\ad\pv_dlg.swf
c:\program files\BitComet\fav\ad\pv_wnd.swf
c:\program files\BitComet\fav\ad\pv_wnd_us.swf
c:\program files\BitComet\fav\ad\pv_wnd_us1.swf
c:\program files\BitComet\fav\ad\pv_wnd_us2.swf
c:\program files\BitComet\fav\download-complete.wav
c:\program files\BitComet\fav\fav_bg_bg.xml
c:\program files\BitComet\fav\fav_ca_es.xml
c:\program files\BitComet\fav\fav_de_de.xml
c:\program files\BitComet\fav\fav_el_gr.xml
c:\program files\BitComet\fav\fav_en_us.xml
c:\program files\BitComet\fav\fav_en_us.xml.bak
c:\program files\BitComet\fav\fav_es_es.xml
c:\program files\BitComet\fav\fav_fi_fi.xml
c:\program files\BitComet\fav\fav_he_il.xml
c:\program files\BitComet\fav\fav_hu_hu.xml
c:\program files\BitComet\fav\fav_it_it.xml
c:\program files\BitComet\fav\fav_jp_jp.xml
c:\program files\BitComet\fav\fav_ko_kr.xml
c:\program files\BitComet\fav\fav_lv_lv.xml
c:\program files\BitComet\fav\fav_nl_nl.xml
c:\program files\BitComet\fav\fav_pl_pl.xml
c:\program files\BitComet\fav\fav_pt_br.xml
c:\program files\BitComet\fav\fav_pt_pt.xml
c:\program files\BitComet\fav\fav_ru_ru.xml
c:\program files\BitComet\fav\fav_sl_si.xml
c:\program files\BitComet\fav\fav_th_th.xml
c:\program files\BitComet\fav\fav_uk_ua.xml
c:\program files\BitComet\fav\fav_va_es.xml
c:\program files\BitComet\fav\fav_vi_vn.xml
c:\program files\BitComet\fav\fav_zh_cn.xml
c:\program files\BitComet\fav\fav_zh_tw.xml
c:\program files\BitComet\fav\HowTo-AddYourSite.txt
c:\program files\BitComet\fav\passport_info_en_us.mht
c:\program files\BitComet\fav\passport_info_zh_cn.mht
c:\program files\BitComet\fav\passport_login_en_us.mht
c:\program files\BitComet\fav\passport_login_zh_cn.mht
c:\program files\BitComet\Favourite.xml
c:\program files\BitComet\lang\HowTo-Translate.txt
c:\program files\BitComet\lang\lang_ar_ae.xml
c:\program files\BitComet\lang\lang_ba_ba.xml
c:\program files\BitComet\lang\lang_ba_eu.xml
c:\program files\BitComet\lang\lang_bg_bg.xml
c:\program files\BitComet\lang\lang_ca_es.xml
c:\program files\BitComet\lang\lang_cz_cz.xml
c:\program files\BitComet\lang\lang_da_dk.xml
c:\program files\BitComet\lang\lang_de_de.xml
c:\program files\BitComet\lang\lang_el_gr.xml
c:\program files\BitComet\lang\lang_en_us.xml
c:\program files\BitComet\lang\lang_es_ar.xml
c:\program files\BitComet\lang\lang_es_es.xml
c:\program files\BitComet\lang\lang_et_ee.xml
c:\program files\BitComet\lang\lang_fi_fi.xml
c:\program files\BitComet\lang\lang_fr_fr.xml
c:\program files\BitComet\lang\lang_gl_es.xml
c:\program files\BitComet\lang\lang_he_il.xml
c:\program files\BitComet\lang\lang_hr_hr.xml
c:\program files\BitComet\lang\lang_hu_hu.xml
c:\program files\BitComet\lang\lang_it_it.xml
c:\program files\BitComet\lang\lang_jp_jp.xml
c:\program files\BitComet\lang\lang_ko_kr.xml
c:\program files\BitComet\lang\lang_lt_lt.xml
c:\program files\BitComet\lang\lang_lv_lv.xml
c:\program files\BitComet\lang\lang_nb_no.xml
c:\program files\BitComet\lang\lang_nl_nl.xml
c:\program files\BitComet\lang\lang_pl_pl.xml
c:\program files\BitComet\lang\lang_pt_br.xml
c:\program files\BitComet\lang\lang_pt_pt.xml
c:\program files\BitComet\lang\lang_ro_ro.xml
c:\program files\BitComet\lang\lang_ru_ru.xml
c:\program files\BitComet\lang\lang_sk_sk.xml
c:\program files\BitComet\lang\lang_sl_si.xml
c:\program files\BitComet\lang\lang_sq_al.xml
c:\program files\BitComet\lang\lang_sr_sr.xml
c:\program files\BitComet\lang\lang_sv_se.xml
c:\program files\BitComet\lang\lang_th_th.xml
c:\program files\BitComet\lang\lang_tr_tr.xml
c:\program files\BitComet\lang\lang_uk_ua.xml
c:\program files\BitComet\lang\lang_va_es.xml
c:\program files\BitComet\lang\lang_vi_vn.xml
c:\program files\BitComet\lang\lang_zh_cn.xml
c:\program files\BitComet\lang\lang_zh_tw.xml
c:\program files\BitComet\License.txt
c:\program files\BitComet\ReadMe.txt
c:\program files\BitComet\rules\blocklist.dat
c:\program files\BitComet\rules\dhtnodes.dat
c:\program files\BitComet\rules\tracker.dat
c:\program files\BitComet\scripts\cookie.lua
c:\program files\BitComet\scripts\mp3_baidu.lua
c:\program files\BitComet\scripts\mp3_didai.lua
c:\program files\BitComet\scripts\mp3_iask.lua
c:\program files\BitComet\scripts\mp3_qihoo.lua
c:\program files\BitComet\scripts\mp3_sogou.lua
c:\program files\BitComet\scripts\mp3_sogua.lua
c:\program files\BitComet\scripts\mp3_yahoo.lua
c:\program files\BitComet\scripts\mp3_zhongsou.lua
c:\program files\BitComet\scripts\refer_crsky.lua
c:\program files\BitComet\scripts\refer_newhua.lua
c:\program files\BitComet\scripts\refer_pchome.lua
c:\program files\BitComet\scripts\refer_skycn.lua
c:\program files\BitComet\scripts\refer_sourceforge.lua
c:\program files\BitComet\scripts\soft_2118.lua
c:\program files\BitComet\scripts\soft_21cn.lua
c:\program files\BitComet\scripts\soft_ddooo.lua
c:\program files\BitComet\scripts\soft_duote.lua
c:\program files\BitComet\scripts\soft_it_com_cn.lua
c:\program files\BitComet\scripts\soft_mydown.lua
c:\program files\BitComet\scripts\soft_mydrivers.lua
c:\program files\BitComet\scripts\soft_newhua.lua
c:\program files\BitComet\scripts\soft_pchome.lua
c:\program files\BitComet\scripts\soft_pconline.lua
c:\program files\BitComet\scripts\soft_sina.lua
c:\program files\BitComet\scripts\soft_skycn.lua
c:\program files\BitComet\scripts\soft_sohu.lua
c:\program files\BitComet\scripts\soft_zol.lua
c:\program files\BitComet\tools\BitCometAgent_1.1.11.1.dll
c:\program files\BitComet\tools\CometBrowser.exe
c:\program files\BitComet\tools\curl.exe
c:\program files\BitComet\tools\FlvPlayer.exe
c:\program files\BitComet\tools\RealMediaSplitter.ax
c:\program files\BitComet\tools\UPNP.exe
c:\program files\BitComet\tools\VideoSnapshot.exe
c:\program files\BitComet\tools\VistaTcpPatch.exe
c:\program files\BitComet\torrents\Twilight.DVDR-Replica.torrent
c:\program files\BitComet\torrents\Twilight.DVDRip.XviD-DiAMOND.torrent
c:\program files\BitComet\uninst.exe
c:\program files\BitTorrent
c:\program files\BitTorrent\addrmap.dat
c:\program files\BitTorrent\credits-l10n.txt
c:\program files\BitTorrent\plugin.inf
c:\windows\system32\47zad5wnloader9822.cpl
c:\windows\system32\4899downlza5er113.exe
c:\windows\system32\492backdzor17775.cpl
c:\windows\system32\4975zorm367.dll
c:\windows\system32\4979spyware295z.dll
c:\windows\system32\4996backdoo59z7.dll
c:\windows\system32\49c7thiez1577.dll
c:\windows\system32\4a58bzckdoo9483.ocx
c:\windows\system32\4ded59zal137.ocx
c:\windows\system32\4z3ath5ef389.exe
c:\windows\system32\4z5cthief3966.exe
c:\windows\system32\4z72t59ef2502.dll
c:\windows\system32\4zd0threat528589.bin
c:\windows\system32\500aspyware25z9.ocx
c:\windows\system32\501sz5rse9834.cpl
c:\windows\system32\5060sp5917z.cpl
c:\windows\system32\5091zroj209.ocx
c:\windows\system32\50979tzal3115.ocx
c:\windows\system32\50a2s9eaz5949.dll
c:\windows\system32\50z6backdoo52597.bin
c:\windows\system32\5119thr9z514866.dll
c:\windows\system32\5139zorm634.bin
c:\windows\system32\5143trojz93.dll
c:\windows\system32\51717z9rusba.dll
c:\windows\system32\51e0addw59e3z7.exe
c:\windows\system32\5249zvirus151.ocx
c:\windows\system32\528c9ownlo5der155z.cpl
c:\windows\system32\52addware196z.cpl
c:\windows\system32\5332spzmb9t14a5.cpl
c:\windows\system32\53589spz5959.bin
c:\windows\system32\537d9zief1002.cpl
c:\windows\system32\53z95ownloader2092.bin
c:\windows\system32\5426sz95are1853.dll
c:\windows\system32\54319zpy73d.dll
c:\windows\system32\54813hacz9ool4ce.dll
c:\windows\system32\5488spyw9re5221z.dll
c:\windows\system32\54z6tro55569.bin
c:\windows\system32\5500troj6fz9.dll
c:\windows\system32\5555tzreat27905.ocx
c:\windows\system32\558459rus7zb.ocx
c:\windows\system32\55a6backdooz839.exe
c:\windows\system32\55b0szeal18965.cpl
c:\windows\system32\55z9thie92994.dll
c:\windows\system32\5610w9zm60a.dll
c:\windows\system32\56237szy2139.ocx
c:\windows\system32\562v9ruz650.cpl
c:\windows\system32\56323s9y46z.cpl
c:\windows\system32\56825hzckto9l344.exe
c:\windows\system32\5745steal9035z.cpl
c:\windows\system32\57502not-a-9irzs42b.ocx
c:\windows\system32\5769ddzare2340.bin
c:\windows\system32\57c5do5nloader159z.ocx
c:\windows\system32\58959viruz69c.ocx
c:\windows\system32\59285wozm9de.exe
c:\windows\system32\594caddzare21915.dll
c:\windows\system32\5955zi9us393.cpl
c:\windows\system32\595spambz51b.ocx
c:\windows\system32\5960thief1131z.exe
c:\windows\system32\5975addware319z5.bin
c:\windows\system32\5990do9nloadzr255.exe
c:\windows\system32\59c8threa594478z.exe
c:\windows\system32\59cfdowzloader32585.exe
c:\windows\system32\59e2zte5l794.dll
c:\windows\system32\59zthreat15613.dll
c:\windows\system32\5a59vzr9215.dll
c:\windows\system32\5aa9pzware308.cpl
c:\windows\system32\5az3spar9e1019.dll
c:\windows\system32\5b9fthrzat6582.cpl
c:\windows\system32\5bb5ste9z48.ocx
c:\windows\system32\5c51stealz3249.dll
c:\windows\system32\5c91zir559.ocx
c:\windows\system32\5ccdownl9ader51z.exe
c:\windows\system32\5e62t5r9az31427.ocx
c:\windows\system32\5ec5b5ckdoorz899.exe
c:\windows\system32\5f5eadd5are39z7.bin
c:\windows\system32\5f82s9arsz5784.bin
c:\windows\system32\5fc5spyza9e302.exe
c:\windows\system32\5fd69hreat250z3.cpl
c:\windows\system32\5z25s9y9c5.cpl
c:\windows\system32\5z35h9ef856.exe
c:\windows\system32\5z49spyware2572.cpl
c:\windows\system32\5z4b9par5e3188.ocx
c:\windows\system32\5z64wor921.bin
c:\windows\system32\5z7e9teal590.cpl
c:\windows\system32\5za1threat199305.ocx
c:\windows\system32\5zathi9f396.bin
c:\windows\system32\6045hacztoo9410.exe
c:\windows\system32\613ddo5nloaderz910.cpl
c:\windows\system32\6181spa59e14z4.cpl
c:\windows\system32\6188sp5z89.exe
c:\windows\system32\62c59parsz884.dll
c:\windows\system32\62z1bac59oor615.cpl
c:\windows\system32\6506thr9zt17042.cpl
c:\windows\system32\65e5t9reat2443z.cpl
c:\windows\system32\65z259t-a-virus732.bin
c:\windows\system32\6610zot5a-v9rus4b5.ocx
c:\windows\system32\67d85hrza925978.ocx
c:\windows\system32\68czspyware595.ocx
c:\windows\system32\6918hzck9oolc55.exe
c:\windows\system32\69c45oznloader2851.dll
c:\windows\system32\6bz95ir66.dll
c:\windows\system32\6z0dbackd5or952.ocx
c:\windows\system32\6z2v5rus9bc.cpl
c:\windows\system32\7064dow9loader519z.cpl
c:\windows\system32\711hac5too9306z.dll
c:\windows\system32\71959zief1549.bin
c:\windows\system32\71f3szywar5595.bin
c:\windows\system32\73b3threat900z5.dll
c:\windows\system32\73dcdownzoa5er4619.bin
c:\windows\system32\7489spzrse10925.bin
c:\windows\system32\74f39owzload5r1785.bin
c:\windows\system32\7538zown9oader967.cpl
c:\windows\system32\759c5ackdzor4149.bin
c:\windows\system32\75z8sp9369.ocx
c:\windows\system32\7798thrz5t31911.ocx
c:\windows\system32\77dbthrzat6957.dll
c:\windows\system32\785azhi9f1250.dll
c:\windows\system32\788359y5z3.dll
c:\windows\system32\7896addwa5z14189.ocx
c:\windows\system32\7931dzwn5oader398.cpl
c:\windows\system32\79875iz334.bin
c:\windows\system32\79a359reat3z79.dll
c:\windows\system32\79d9vz510999.dll
c:\windows\system32\79z1vir5s79b.ocx
c:\windows\system32\79z9stea51214.ocx
c:\windows\system32\7a82bz9kdoor5474.bin
c:\windows\system32\7b54s5e9lz591.cpl
c:\windows\system32\7c5dspyzare1695.dll
c:\windows\system32\7cbzdown5oader9700.bin
c:\windows\system32\7d5aba9kdooz1991.ocx
c:\windows\system32\7z94ha9kt5ol786.exe
c:\windows\system32\7zc5vir14599.bin
c:\windows\system32\8039tro95bz.bin
c:\windows\system32\8256vzrus7d9.dll
c:\windows\system32\8812spazbot5e9.ocx
c:\windows\system32\89ezpyware456.cpl
c:\windows\system32\8ectzr9at18358.dll
c:\windows\system32\8z0virus9155.cpl
c:\windows\system32\900t9zj2315.exe
c:\windows\system32\9025oznloader2151.bin
c:\windows\system32\90488nzt-a5virus4ba.ocx
c:\windows\system32\904z5virus4c2.bin
c:\windows\system32\905aspywaze1452.ocx
c:\windows\system32\90735pz358.bin
c:\windows\system32\9075zhief959.ocx
c:\windows\system32\91c1tzief1835.dll
c:\windows\system32\920badd5arz340.dll
c:\windows\system32\925z8hacktool255.bin
c:\windows\system32\92645p94adz.exe
c:\windows\system32\932zworm253.cpl
c:\windows\system32\93f2add5arz1613.ocx
c:\windows\system32\94434hacktoo5ze.exe
c:\windows\system32\9575vzr35.dll
c:\windows\system32\95865szy64b.ocx
c:\windows\system32\958dvzr5635.ocx
c:\windows\system32\9590t5reatz5350.cpl
c:\windows\system32\95f6spzrse31045.ocx
c:\windows\system32\96fb5teaz1153.cpl
c:\windows\system32\97575szy14e.bin
c:\windows\system32\979zwo5m7e5.ocx
c:\windows\system32\985bspywarez192.bin
c:\windows\system32\98z44v5rus339.exe
c:\windows\system32\98z95s5ambot4b5.ocx
c:\windows\system32\99149irus18z5.dll
c:\windows\system32\9999sz559.dll
c:\windows\system32\9b56szeal875.exe
c:\windows\system32\9c5sparsz927.ocx
c:\windows\system32\9d5szeal2997.bin
c:\windows\system32\9ea5spywaze140.bin
c:\windows\system32\9ezvir452.cpl
c:\windows\system32\9f0downloader5917z.cpl
c:\windows\system32\9z5faddware13155.ocx
c:\windows\system32\9z796virus5b3.cpl
c:\windows\system32\9za4threat14529.bin
c:\windows\system32\9zc8threat10501.ocx
c:\windows\system32\aecszyware29519.bin
c:\windows\system32\b79azdw5re3086.cpl
c:\windows\system32\c9aspzw9r5296.cpl
c:\windows\system32\e5zs9eal2191.cpl
c:\windows\system32\eeebzck5oor899.ocx
c:\windows\system32\ef5sp9rse1z57.ocx
c:\windows\system32\f1fadd5arz9314.exe
c:\windows\system32\z018threat58089.dll
c:\windows\system32\z0525py9are3230.bin
c:\windows\system32\z058stea9395.cpl
c:\windows\system32\z0680not-a9vir5sd2.dll
c:\windows\system32\z13389i5us1aa.dll
c:\windows\system32\z175v9rus575.dll
c:\windows\system32\z2400spy5e9.cpl
c:\windows\system32\z33695wnloader1791.exe
c:\windows\system32\z4155h9cktool4b4.dll
c:\windows\system32\z43aspyw9re358.dll
c:\windows\system32\z4472worm59e.bin
c:\windows\system32\z5389virus1115.exe
c:\windows\system32\z565spy56f9.bin
c:\windows\system32\z5894wo5m1e0.dll
c:\windows\system32\z5dsparse2959.exe
c:\windows\system32\z645t9ief2416.cpl
c:\windows\system32\z694spy5a9e107.exe
c:\windows\system32\z6c2th9e5t28487.cpl
c:\windows\system32\z7585ir9197.bin
c:\windows\system32\z7713troj9875.bin
c:\windows\system32\z7824virus295.dll
c:\windows\system32\z8039spambot145.ocx
c:\windows\system32\z908spywar918555.dll
c:\windows\system32\z9529ro5434.exe
c:\windows\system32\z993t5oj720.ocx
c:\windows\system32\z9a1thief31795.exe
c:\windows\system32\zbdthreat69425.ocx
c:\windows\system32\zc62a5d9are2068.exe
c:\windows\system32\zd15backdoo92486.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Dcrmsnpbfarc
((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.
2009-08-04 19:08 . 2009-08-04 19:11 -------- d-----w- C:\rsit
2009-08-04 04:03 . 2005-03-01 03:52 102400 ----a-w- c:\windows\system32\unzip3252.dll
2009-08-04 04:03 . 2001-05-30 14:00 352256 ----a-w- c:\windows\system32\ijl15.dll
2009-08-04 04:03 . 2004-05-04 15:53 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2009-08-04 04:03 . 2002-07-25 02:43 667648 ----a-w- c:\windows\system32\FreeImage.dll
2009-08-04 04:03 . 1998-08-29 17:50 40448 ----a-w- c:\windows\system32\UNACE.DLL
2009-08-04 03:44 . 2009-08-04 03:44 -------- d-----w- c:\program files\Trend Micro
2009-08-03 21:50 . 2009-08-03 21:50 -------- d-----w- c:\program files\Safer Networking
2009-08-03 20:31 . 2009-08-03 21:59 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-07-29 17:33 . 2009-07-29 17:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Sony
2009-07-18 02:35 . 2009-07-22 18:49 -------- d-----w- C:\0ftp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 01:46 . 2006-02-12 21:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-08-06 01:12 . 2007-09-23 06:08 -------- d-----w- c:\program files\AIM6
2009-08-06 01:12 . 2007-09-23 06:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads
2009-08-05 23:57 . 2009-04-04 03:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-08-05 18:35 . 2008-04-10 08:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-08-05 07:13 . 2009-04-19 17:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-08-05 03:59 . 2006-02-12 21:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-04 04:03 . 2003-05-24 23:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-04 03:53 . 2009-04-04 03:54 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-03 21:57 . 2007-03-09 04:05 -------- d-----w- c:\program files\GoPets Ltd
2009-07-29 17:41 . 2007-03-07 03:03 -------- d-----w- c:\program files\PokerRoom.com
2009-07-26 06:17 . 2006-09-07 10:47 -------- d-----w- c:\program files\mIRC
2009-06-29 16:12 . 2004-08-24 04:32 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2002-09-03 16:29 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-29 12:55 . 2009-04-04 03:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-29 12:55 . 2008-04-14 22:35 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:55 . 2002-09-03 17:06 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2002-09-03 16:33 82432 ------w- c:\windows\system32\fontsub.dll
2009-06-12 14:07 . 2009-06-12 14:07 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{A244981E-8404-4D9D-AF17-121138BB71D6}
2009-06-12 01:18 . 2009-06-12 00:30 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{94032222-2818-4C8C-8989-0DD3E335DD5D}
2009-06-12 01:06 . 2009-06-12 01:06 -------- d-----w- c:\program files\Hawkes Learning Systems
2009-06-03 19:27 . 2004-11-05 17:41 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 21:46 . 2007-02-18 05:31 130760 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-31 21:43 . 2009-05-31 21:43 130760 ----a-w- c:\documents and settings\Pinnkkk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-31 21:41 . 2007-02-18 05:15 8224 ----a-w- c:\documents and settings\Guest.70E9OW531HWRKW8\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-19 05:35 . 2009-08-06 01:12 11568 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\tbinst.dll
2009-05-17 21:23 . 2009-04-04 03:54 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2006-05-03 09:06 . 2007-04-29 10:57 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-04-29 10:57 31232 --sh--r- c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528]
"PicoZip"="c:\progra~1\PicoZip\PicoZipTray.exe" [2006-06-09 581632]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBDetector"="c:\usbstorage\USBDetector.exe" [2002-11-26 53248]
"ShowIcon_The Company_CRW Series Driver v1.17r023"="c:\program files\CRW\shwicon.exe" [2003-01-27 73728]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-03-25 69632]
"SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 42496]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"EPSON Stylus Photo RX620 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE" [2004-05-20 98304]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\Mindscape\PrintMaster\PMREMIND.EXE [1998-6-6 325632]
Medic.lnk - c:\program files\Road Runner\Medic\RRMedic.exe [2003-5-24 3362939]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-22 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-29 12:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk
backup=c:\windows\pss\Workspace Macro Pro Hotkeys.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner.70E9OW531HWRKW8^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]
path=c:\documents and settings\Owner.70E9OW531HWRKW8\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk
backup=c:\windows\pss\Workspace Macro Pro Hotkeys.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Canon\\DV Messenger\\DV Messenger.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2009 11:54 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2009 11:54 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/3/2009 11:54 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/3/2009 11:54 PM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/27/2007 3:38 AM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 10:19 PM 13592]
S3 ACCSKMD;Canon Camera Storage Device;c:\windows\system32\drivers\accskmd.sys [5/13/2003 11:50 PM 32640]
.
Contents of the 'Scheduled Tasks' folder
2009-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-08-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-10 13:43]
2009-08-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {FC53C825-75D4-48EB-BFC6-AB8946AD24BA} = 208.67.220.220,208.67.222.222
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner.70E9OW531HWRKW8\Application Data\Mozilla\Firefox\Profiles\9ncmh1ox.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
disk not found C:\
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3644)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\windows\system32\drivers\CDANTSRV.EXE
c:\windows\system32\drivers\dcfssvc.exe
c:\windows\system32\locator.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\WDC\SetIcon.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-06 10:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-06 14:43
ComboFix2.txt 2009-08-06 00:33
Pre-Run: 18,057,625,600 bytes free
Post-Run: 18,184,908,800 bytes free
618 --- E O F --- 2009-08-05 07:13
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:21 AM, on 8/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\CRW\shwicon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_CRW Series Driver v1.17r023] "C:\Program Files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.17r023"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC53C825-75D4-48EB-BFC6-AB8946AD24BA}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9646 bytes
Step # 1: Remove Poker programs
From your log I can see you've installed poker programs. A lot of poker programs are infected/can infect you with malware.
I would advise you to go to Add/Remove programs and uninstall the following poker program(s):
Bodog Poker Version 2.16.3.49
Full Tilt Poker
Here are links to some poker sites regarded as safe for your reference.
1. http://www.pokerstars.net/ - This is a free to use/play site with play money.
2. http://www.pokerstars.com/ - This is a free to use/play site with play money and real money.
Step # 2 Update Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u15 (http://www.java.com/en/download/manual.jsp).
Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Remove the following old versions of Java:
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 10
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
From your desktop double-click on the download to install the newest version.
Step # 3 Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
Then select the items you wish to clean up.
In the Windows Tab:
Clean all entries in the Internet Explorer section except Cookies
Clean all the entries in the Windows Explorer section
Clean all entries in the System section
Clean all entries in the Advanced section
Clean any others that you choose
In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it
Clean all in the Opera section if you use it
Clean Sun Java in the Internet Section
Clean any others that you choose
Click the Run Cleaner button.
A pop up box will appear advising this process will permanently delete files from your system.
Click OK and it will scan and clean your system.
Click exit when done.
If it asks you to reboot at the end, click NO
Step # 4: Remove Hijackthis Entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
Step # 5 Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php).
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
In your next post/reply, I need to see the following:
1. MalwareBytes' Log
2. A fresh HiJackThis Log
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2
8/7/2009 12:50:29 AM
mbam-log-2009-08-07 (00-50-29).txt
Scan type: Quick Scan
Objects scanned: 159259
Time elapsed: 5 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Owner.70E9OW531HWRKW8\Desktop\AdobeFlashPlayer.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:51 AM, on 8/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\CRW\shwicon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_CRW Series Driver v1.17r023] "C:\Program Files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.17r023"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC53C825-75D4-48EB-BFC6-AB8946AD24BA}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10318 bytes
Test post to see page 2, please ignore.
Step # 1 Update Adobe Acrobat Reader
There is a newer version of Adobe Acrobat Reader available. (See Note below)
First, go to Add/Remove Programs and uninstall all previous versions.
Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts
Note: Adobe 9.1.3 is a large program and if you prefer a smaller program you can get Foxit 3.0 instead from http://www.foxitsoftware.com/pdf/rd_intro.php
If you decide to install Foxit 3.0 instead of Adobe, do the following during Foxit's Setup/Installation process:
Uncheck the following boxes:
I accept the License Terms and want to install Foxit Toolbar
Make Ask.com my default search
Create desktop, quick launch and start menu icon to eBay
Step # 2: Run Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
In your next post/reply, I need to see the following:
1. Kaspersky Log
2. A fresh HiJackThis Log
3. How is your computer doing, any problems?
I have done the uninstallation, but am unable to update Kaspersky Online Scan, so I am unable to run it, I tried on both Firefox and Internet Explorer and can't seem to figure out the problem. Any advice on what to do?
Since Kaspersky is giving you problems, let's try another online scanner in its place:
I'd like us to scan your machine with ESET OnlineScan Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan) Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. Accept any security warnings from your browser. Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png Push the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Post the ESET log, a fresh HiJackThis Log and let me know how your computer is doing in your next post/reply.
I'm not sure what is going on, I am unable to update the ESET OnlineScan. I disabled my firewall to see if it would help, but unfortunately I am still unable to update both ESET OnlineScan and Kaspersky.
Other than being unable to run the online scans the computer seems to be running fine, no more popups regarding WiniFighter, and everytime I run Spybot the logs are clear.
Since I cannot run the online scans, I will post the HijackThis log alone.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:53 PM, on 8/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\USBStorage\USBDetector.exe
C:\Program Files\CRW\shwicon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_CRW Series Driver v1.17r023] "C:\Program Files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.17r023"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner.70E9OW531HWRKW8\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC53C825-75D4-48EB-BFC6-AB8946AD24BA}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10238 bytes
Besides the problem with the online scans, its good to hear that your computer appears to be running well. :)
Let's try one more online scanner:
Step # 1: Run Panda Online Scan
Run Panda's ActiveScan from here (http://www.pandasecurity.com/homeusers/solutions/activescan/) and perform a full system scan.
- Once you are on the Panda site click the "Scan your PC" button
- A new window will open...click the big "Check Now" button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Click on "Local Disks" to start the scan
- Save the log file to your desktop
Post the Panda Log in your next reply/post.
Finally got one to work and let it run overnight. Here is the text file
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-13 11:00:06
PROTECTIONS: 1
MALWARE: 53
SUSPECTS: 9
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.5 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSgen.zip
00029767 adware/delfinmedia Adware No 1 Yes No c:\program files\common files\dpi
00040538 adware/zango Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{99410cde-6f16-42ce-9d49-3807f78f0287}
00048628 Adware/Exact.BargainBuddy Adware No 0 Yes No C:\System Volume Information\_restore{7D5810CB-5A21-4399-8A27-33D1EC9A8A13}(2)\RP254\A0083719.exe
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.trafficmp.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.atdmt.com/]
00145359 Cookie/Sandboxer TrackingCookie No 0 Yes No C:\Documents and Settings\rick\Cookies\rick@www.sandboxer[1].txt
00145427 Cookie/Kazaa Networks TrackingCookie No 0 Yes No C:\Documents and Settings\rick\Cookies\rick@desktop.kazaa[1].txt
00145427 Cookie/Kazaa Networks TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@desktop.kazaa[1].txt
00145439 Cookie/Santa Monica networks inc TrackingCookie No 0 Yes No C:\Documents and Settings\rick\Cookies\rick@smni[2].txt
00145439 Cookie/Santa Monica networks inc TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@smni[2].txt
00145454 Cookie/Centralmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@centralmedia[2].txt
00145454 Cookie/Centralmedia TrackingCookie No 0 Yes No C:\Documents and Settings\rick\Cookies\rick@centralmedia[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.tribalfusion.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\rick\Cookies\rick@offeroptimizer[2].txt
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@offeroptimizer[2].txt
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@entrepreneur[1].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.70E9OW531HWRKW8\Cookies\guest@belnk[2].txt
00157143 Cookie/MyWay TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@www.xzoomy[1].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.70E9OW531HWRKW8\Cookies\guest@dist.belnk[1].txt
00165384 Cookie/DelfinMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@delfinproject[2].txt
00165384 Cookie/DelfinMedia TrackingCookie No 0 Yes No C:\Documents and Settings\rick\Cookies\rick@delfinproject[2].txt
00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@webpower[2].txt
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\rick\Cookies\rick@rightmedia[1].txt
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@rightmedia[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\rick\Cookies\rick@azjmp[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@azjmp[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Owner.70E9OW531HWRKW8\Application Data\Mozilla\Firefox\Profiles\9ncmh1ox.default\cookies-1.txt[.azjmp.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[ad.yieldmanager.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.bs.serving-sys.com/]
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\rick\Cookies\rick@888[2].txt
00168099 Cookie/TouchClarity TrackingCookie No 0 Yes No C:\Documents and Settings\rick\Cookies\rick@intercasino.touchclarity[1].txt
00168099 Cookie/TouchClarity TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@intercasino.touchclarity[1].txt
00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@web.tickle[1].txt
00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@web.tickle[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.adtech.de/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.advertising.com/]
00169288 Cookie/Gorillanation TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ads.gorillanation[1].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.70E9OW531HWRKW8\Cookies\guest@adopt.hbmediapro[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.70E9OW531HWRKW8\Application Data\Mozilla\Firefox\Profiles\taebs9yj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.70E9OW531HWRKW8\Application Data\Mozilla\Firefox\Profiles\taebs9yj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.70E9OW531HWRKW8\Application Data\Mozilla\Firefox\Profiles\taebs9yj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.70E9OW531HWRKW8\Application Data\Mozilla\Firefox\Profiles\taebs9yj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.70E9OW531HWRKW8\Application Data\Mozilla\Firefox\Profiles\taebs9yj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.70E9OW531HWRKW8\Application Data\Mozilla\Firefox\Profiles\taebs9yj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.70E9OW531HWRKW8\Application Data\Mozilla\Firefox\Profiles\taebs9yj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.overture.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.questionmarket.com/]
00173545 Cookie/Rn11 TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.70E9OW531HWRKW8\Cookies\guest@rn11[2].txt
00184654 Cookie/empnads TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.70E9OW531HWRKW8\Cookies\guest@empnads[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.go.com/]
00196960 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Guest.70E9OW531HWRKW8\Cookies\guest@ath.belnk[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.target.com/]
00213030 application/regclean32 HackTools No 0 Yes No hkey_local_machine\software\registry cleaner
00219028 adware/cashsaver Adware No 0 Yes No c:\windows\system32\csuninstall.exe
00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\User\Cookies\user@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\rick\Cookies\rick@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\96xkvec2.default\cookies.txt[.atwola.com/]
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@cgi-bin[1].txt
00472802 Adware/Beginto Adware No 0 No No C:\Documents and Settings\Owner.70E9OW531HWRKW8\Desktop\Software\Software Starters\Divix Software\DivXBundle.exe[²ÜÇ\GoogleToolbarFirefox.msi][unk_0020][xpi][components/googletoolbar.dll]
00472802 Adware/Beginto Adware No 0 No No C:\Documents and Settings\Owner.70E9OW531HWRKW8\Desktop\Program Starters\Divix Software\DivXBundle.exe[²ÜÇ\GoogleToolbarFirefox.msi][unk_0020][xpi][components/googletoolbar.dll]
00536244 Rootkit/Agent.LIL Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{3CB30990-F79E-407C-A0B7-F8CA41B743CD}\RP1040\A0142094.sys
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{3CB30990-F79E-407C-A0B7-F8CA41B743CD}\RP1052\A0143735.sys
01692679 Bck/Hupigon.AZG Virus/Trojan No 1 Yes No C:\Program Files\SlySoft\AnyDVD\AnyDVD 6.0.x.x Patch.exe
01692679 Bck/Hupigon.AZG Virus/Trojan No 1 Yes No C:\Documents and Settings\Owner.70E9OW531HWRKW8\Desktop\Software\DVD Software INTSALLS & Guides\RIP\AnyDVD6 with patch\AnyDVD 6.0.x.x Patch.exe
01904535 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\System Volume Information\_restore{3CB30990-F79E-407C-A0B7-F8CA41B743CD}\RP1052\A0143733.exe[HDQuality.exe]
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{3CB30990-F79E-407C-A0B7-F8CA41B743CD}\RP1048\A0142978.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{3CB30990-F79E-407C-A0B7-F8CA41B743CD}\RP1048\A0143290.sys
02894315 Trj/Downloader.SEC Virus/Trojan No 0 Yes No C:\WINDOWS\system32\stt.exe
03378493 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\LQfix\BFU.exe
03378493 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\LQfix\bfu.zip[BFU.exe]
03378493 Generic Trojan Virus/Trojan No 0 Yes No C:\BFU\BFU.exe
03909949 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{7D5810CB-5A21-4399-8A27-33D1EC9A8A13}(2)\RP260\A0087077.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Documents and Settings\All Users.WINDOWS\Documents\Khori\Game_Cracks\DinerDash\diner dash keygen.zip[Diner.Dash.v1.0.0.53.Keygen.zip][ecldd153.exe]
No C:\Documents and Settings\All Users.WINDOWS\Documents\Khori\Game_Cracks\DinerDash\ecldd153.exe
No C:\Documents and Settings\All Users.WINDOWS\Documents\Khori\Game_Cracks\DinerDash.zip[DinerDash/diner dash keygen.zip][Diner.Dash.v1.0.0.53.Keygen.zip][ecldd153.exe]
No C:\Documents and Settings\Owner.70E9OW531HWRKW8\Desktop\FlashFXP v3.6.0.1240 Final\FFXP36_Keygen.exe
No C:\Program Files\AIM95\AIMWDInstall.exe
No C:\Program Files\AIM95\Sysfiles\AIMWDInstall.exe
No C:\Program Files\WinAVIVideoConverter\WinAVIVideoConverterv76_Crack.exe
No C:\System Volume Information\_restore{3CB30990-F79E-407C-A0B7-F8CA41B743CD}\RP1040\A0142096.exe
No C:\WINDOWS\Downloaded Program Files\webscan.dll
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
From the Panda results:
No C:\Documents and Settings\All Users.WINDOWS\Documents\Khori\Game_Cracks\DinerDash\diner dash keygen.zip[Diner.Dash.v1.0.0.53.Keygen.zip][ecldd153.exe]
No C:\Documents and Settings\All Users.WINDOWS\Documents\Khori\Game_Cracks\DinerDash\ecldd153.exe
No C:\Documents and Settings\All Users.WINDOWS\Documents\Khori\Game_Cracks\DinerDash.zip[DinerDash/diner dash keygen.zip][Diner.Dash.v1.0.0.53.Keygen.zip][ecldd153.exe]
No C:\Documents and Settings\Owner.70E9OW531HWRKW8\Desktop\FlashFXP v3.6.0.1240 Final\FFXP36_Keygen.exe
No C:\Program Files\WinAVIVideoConverter\WinAVIVideoConverterv76_Crack.exe
I strongly advise against downloading/installing any cracks/keygens/warez in the future. They easily infect your machine and are not worth the trouble they put you and your computer through.
Please uninstall the following programs:
FlashFXP v3
WinAVIVideoConverter
Reboot your Computer.
Once your computer has rebooted, delete the following folders, if found:
C:\Documents and Settings\All Users.WINDOWS\Documents\Khori\Game_Cracks
C:\Documents and Settings\Owner.70E9OW531HWRKW8\Desktop\FlashFXP v3.6.0.1240 Final
C:\Program Files\WinAVIVideoConverter
Once that is done, we can start the cleaning up process:
You can delete RSIT.exe, C:\RSIT folder, and the two RSIT Logs from your computer.
To remove ComboFix, do the following:
Go to Start > Run - type in ComboFix /u & click OK
Your version of SpyBot S&D is out of date. The latest version is 1.6.2
http://www.safer-networking.org/en/mirrors/index.html
Be sure to uninstall Spybot - Search & Destroy
and Spybot - Search & Destroy 1.4 before installing 1.6.2.
Empty your Recycle Bin.
Since your computer looks to be clean, now would be a good time to upgrade to Windows XP SP3. To do to that, go to Windows Update (http://windowsupdate.microsoft.com) and download and install SP3. Once that is done, reboot your computer and go back to Windows Update and download all the critical updates listed. Reboot once they are installed and repeat until they are no more critical updates left to download.
Please take the time to read my All Clean Post.
Please follow these simple steps in order to keep your computer clean and secure:
This is a good time to clear your existing system restore points and establish a new clean restore point
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Make sure the C:\ drive is selected and click OK. If your computer's Hard Drive is not located on C:, change it to the correct drive letter then click OK.
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created..
Clearing your restore points is not something you should do on a regular basis. Normally, this process only needs to be done after clearing out an infestation of malware.
Make your Internet Explorer more secure This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub frames across different domains to Prompt When all these settings have been made, click on the OK button.
If it asks you if you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Set correct settings for files that should be hidden in Windows XP
Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
If unchecked please checkHide protected operating system files (Recommended)
If necessary check "Display content of system folders"
If necessary Uncheck Hide file extensions for known file types.
Click OK
Use An Antivirus Software and Keep It Updated - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a day. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.
Visit Microsoft's Update Site Frequently It is important that you visit Microsoft Updates (http://update.microsoft.com/) regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install SpywareBlaster SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
Computer Safety on line Anti Malware (http://forum.malwareremoval.com/viewtopic.php?p=54#54)
Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file (http://www.mvps.org/winhelp2002/hosts.htm) Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE (http://www.bleepingcomputer.com/forums/tutorial51.html) If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button on the task bar at the bottom of your screen Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then doubleclick it. On the dropdown box, change the setting from automatic to manual. Click ok..
Use an alternative instant messenger program.Trillian (http://www.trillian.cc/) and Miranda IM (http://www.miranda-im.com/) These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
Please read Tony Klein's excellent article: How I got Infected in the First Place (http://forums.subratam.org/index.php?showtopic=5931)
Please read Understanding Spyware, Browser Hijackers, and Dialers (http://www.bleepingcomputer.com/forums/tutorial41.html)
Please read Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/tutorial82.html)
If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox (http://www.mozilla.org/products/firefox) or
Opera (http://www.opera.com/download/).
If you decide to use either FireFox or Opera, it is very important that you keep them up to date and check frequently for updates of the browser of your choice.
Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back (http://spyware-free.us/2006/01/time-to-fight-back.html). Follow these steps and your potential for being infected again will reduce dramatically.
Here's a good website to read about Malware prevention:
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
If your computer is running slow, click here (http://www.malwareremoval.com/tutorials/runningslowly.php) for instructions on how to help speed up your computer.
Good luck!
Please reply one last time so that I know you have read my post and this thread can be closed.
Going to do all the things you listed now.
Thank you very much, km2357.
You're welcome. I'm glad I was able to help you out. :)
Good luck and safe surfing!