Help Removal of Virtumonde

[GertieKins]

Below is my HJT Log. Any help is appreciated.
Millie, aka GertieKins


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:23:17 PM, on 11/15/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FCoder\Utilities\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\FCoder\Desktop\Lock My PC 4\lockpc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\WikMail\WikMail.exe
C:\Program Files\Common Files\AOL\1222288481\ee\aolsoftware.exe
C:\Program Files\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1107
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhapsody_app*.listen.com;<local>
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\FCoder\Desktop\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.download.com
O15 - Trusted Zone: www.iwon.com
O15 - Trusted Zone: http://*.kewlbox.com
O15 - Trusted Zone: http://www.pogo.com
O16 - DPF: Battle Phlinx by pogo - http://game3.pogo.com/v/9.1.3.19/applet/battlephlinx/battlephlinx-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.com/v/9.1.5.8/applet/chess2/chess2-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.7.14/applet/platespinner/platespinner-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.1.5.8/applet/firstclass2/firstclass2-en_US.cab
O16 - DPF: Jigsaw Treasure Hunter - http://game3.pogo.com/v/9.1.6.34/applet/jth/jth-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game3.pogo.com/v/9.1.6.34/applet/shoes/shoes-en_US.cab
O16 - DPF: Monopoly by pogo - http://game3.pogo.com/v/9.1.5.23/applet/monopoly/monopoly-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game3.pogo.com/v/9.1.1.1/applet/popfu/popfu-en_US.cab
O16 - DPF: Scrabble by pogo - http://game3.pogo.com/v/9.0.9.8/applet/scrabble/scrabble-en_US.cab
O16 - DPF: Spooky Slots - http://game3.pogo.com/v/9.1.3.19/applet/spooky/spooky-en_US.cab
O16 - DPF: Team Bingo by Pogo - http://game3.pogo.com/v/9.1.3.19/applet/teambingo/teambingo-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.com/v/9.1.1.8/applet/millbrae/millbrae-en_US.cab
O16 - DPF: Trivial Pursuit by pogo - http://game3.pogo.com/v/9.1.6.35/applet/trivial/trivial-en_US.cab
O16 - DPF: Yahtzee Party by pogo - http://game3.pogo.com/v/9.1.6.35/applet/yahtzee/yahtzee-en_US.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/Oneclickfix/tgctlsr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1215130684687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1215235066593
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://clubgames.pogo.com/online2/pogop/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://clubgames.pogo.com/online2/pogop/diner_dash/DinerDash.1.0.0.80.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ndkgov.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\FCoder\Utilities\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\FCoder\Multimedia\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8743 bytes

 

[Shaba]

Hi GertieKins

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download and install a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

After that, please post back a fresh HijackThis log

 

[GertieKins]

Here is my Hijackthis log after McAfee was installed.

Thanks for your time and concern in helping me.
GertieKins



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:14:14 AM, on 11/16/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FCoder\Utilities\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\FCoder\Desktop\Lock My PC 4\lockpc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Outlook Express\msimn.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1107
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhapsody_app*.listen.com;<local>
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\FCoder\Desktop\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.download.com
O15 - Trusted Zone: www.iwon.com
O15 - Trusted Zone: http://*.kewlbox.com
O15 - Trusted Zone: http://www.pogo.com
O16 - DPF: Battle Phlinx by pogo - http://game3.pogo.com/v/9.1.3.19/applet/battlephlinx/battlephlinx-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.com/v/9.1.5.8/applet/chess2/chess2-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.7.14/applet/platespinner/platespinner-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.1.5.8/applet/firstclass2/firstclass2-en_US.cab
O16 - DPF: Jigsaw Treasure Hunter - http://game3.pogo.com/v/9.1.6.34/applet/jth/jth-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game3.pogo.com/v/9.1.6.34/applet/shoes/shoes-en_US.cab
O16 - DPF: Monopoly by pogo - http://game3.pogo.com/v/9.1.5.23/applet/monopoly/monopoly-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game3.pogo.com/v/9.1.1.1/applet/popfu/popfu-en_US.cab
O16 - DPF: Scrabble by pogo - http://game3.pogo.com/v/9.0.9.8/applet/scrabble/scrabble-en_US.cab
O16 - DPF: Spooky Slots - http://game3.pogo.com/v/9.1.3.19/applet/spooky/spooky-en_US.cab
O16 - DPF: Team Bingo by Pogo - http://game3.pogo.com/v/9.1.3.19/applet/teambingo/teambingo-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.com/v/9.1.1.8/applet/millbrae/millbrae-en_US.cab
O16 - DPF: Trivial Pursuit by pogo - http://game3.pogo.com/v/9.1.6.35/applet/trivial/trivial-en_US.cab
O16 - DPF: Yahtzee Party by pogo - http://game3.pogo.com/v/9.1.6.35/applet/yahtzee/yahtzee-en_US.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/Oneclickfix/tgctlsr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1215130684687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1215235066593
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://clubgames.pogo.com/online2/pogop/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://clubgames.pogo.com/online2/pogop/diner_dash/DinerDash.1.0.0.80.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ndkgov.dll
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll
O23 - Service: McAfee Application Installer Cleanup (0075331226833344) (0075331226833344mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Millie\LOCALS~1\Temp\007533~1.EXE
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\FCoder\Utilities\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\FCoder\Multimedia\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10293 bytes

 

[Shaba]

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

 

[GertieKins]

Two Logs - here

Hi,

Okay I got these two listed below. Thanks for the help and your time.

Millie
GertieKins





ComboFix Log is here

ComboFix 08-11-14.01 - Millie 2008-11-16 6:49:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2855 [GMT -5:00]
Running from: c:\documents and settings\Millie\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\DinerDash.1.0.0.80
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
c:\windows\system32\ddccdCSk.dll
c:\windows\system32\fgslpfgd.dll
c:\windows\system32\jmislyai.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\pcsvan.dll
c:\windows\system32\tvuEOXbc.ini
c:\windows\system32\tvuEOXbc.ini2
c:\windows\system32\wvUoOHwV.dll
c:\windows\system32\xxywXqnM.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-16 06:04 . 2008-11-16 06:55 6,789 --a------ c:\windows\system32\Config.MPF
2008-11-16 06:02 . 2008-11-16 06:02 <DIR> d-------- c:\program files\McAfee.com
2008-11-16 06:02 . 2008-11-16 06:03 <DIR> d-------- c:\program files\McAfee
2008-11-16 06:02 . 2008-11-16 06:02 <DIR> d-------- c:\program files\Common Files\McAfee
2008-11-16 06:02 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-11-16 06:02 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-11-16 06:02 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-11-16 06:02 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-11-16 06:02 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-11-16 06:02 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-11-15 20:27 . 1999-10-21 11:06 304,640 --a------ c:\windows\system32\imgman32.dll
2008-11-15 20:27 . 1999-06-07 15:56 67,072 --a------ c:\windows\system32\IM31jpg.dil
2008-11-15 20:27 . 1999-10-21 19:06 59,392 --a------ c:\windows\system32\imhost32.dll
2008-11-15 20:27 . 1999-06-07 16:55 35,840 --a------ c:\windows\system32\IM31bmp.dil
2008-11-15 20:27 . 1999-06-07 17:00 32,256 --a------ c:\windows\system32\IM31xbmp.del
2008-11-15 14:22 . 2008-11-15 14:22 <DIR> d-------- c:\program files\Trend Micro
2008-11-15 04:28 . 2008-11-15 04:51 <DIR> d-------- c:\documents and settings\Millie\.housecall6.6
2008-11-15 04:24 . 2008-11-15 04:27 <DIR> d-------- c:\documents and settings\Millie\Application Data\HouseCall 6.6
2008-11-14 18:27 . 2008-11-14 18:27 120 ---hs---- c:\windows\system32\wkmynpvx.ini
2008-11-14 12:25 . 2008-11-14 12:25 120 ---hs---- c:\windows\system32\cnjmhajs.ini
2008-11-14 11:42 . 2008-11-14 12:44 <DIR> d-------- c:\program files\WikMail
2008-11-14 11:42 . 2008-01-20 06:33 396,288 --a------ c:\windows\system32\HtmlCapture.dll
2008-11-14 11:42 . 2008-05-23 18:04 389,120 --a------ c:\windows\system32\ANPOP.dll
2008-11-14 11:42 . 2008-10-08 10:01 357,888 --a------ c:\windows\system32\AOSMTPEX.dll
2008-11-14 11:42 . 2006-05-25 16:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-14 11:42 . 2005-08-26 02:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-14 11:42 . 2000-06-08 17:00 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-12 23:08 . 2008-11-12 23:08 <DIR> d-------- c:\documents and settings\Millie\Application Data\SpinTop Games
2008-11-12 17:33 . 2008-11-12 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\PDREIIMIYG
2008-11-12 12:22 . 2008-11-12 12:22 <DIR> d-------- C:\Temp
2008-11-12 12:22 . 2008-11-12 12:22 209 --a------ c:\temp\Temp.Bat
2008-11-11 17:33 . 2008-09-17 23:55 201,050 --a------ c:\windows\system32\nvapps.nvb
2008-11-11 00:51 . 2008-11-11 00:52 <DIR> d-------- c:\documents and settings\Millie\Application Data\SecretIslandEng
2008-11-05 03:33 . 2008-11-10 09:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\KAREIIMIYG
2008-11-04 09:10 . 2008-11-04 09:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAREIIMIYG
2008-11-01 15:25 . 2008-11-01 15:25 <DIR> d-------- c:\program files\The Cameron Files 2 - Pharaoh's Curse
2008-10-29 00:53 . 2008-10-29 01:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\XKREIIMIYG
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx07.dll
2008-10-28 17:35 . 2008-10-28 17:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll
2008-10-28 17:35 . 2008-10-28 17:35 802,816 --a------ c:\windows\system32\divx_xx11.dll
2008-10-28 17:35 . 2008-10-28 17:35 684,032 --a------ c:\windows\system32\DivX.dll
2008-10-28 03:53 . 2008-10-28 03:53 <DIR> d-------- c:\documents and settings\Millie\Application Data\cerasus
2008-10-28 03:33 . 2008-10-28 03:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\JJREIIMIYG
2008-10-27 11:54 . 2008-10-27 11:54 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-27 05:36 . 2008-10-27 05:36 <DIR> d-------- c:\documents and settings\Millie\Application Data\PlayFirst
2008-10-27 05:36 . 2008-10-27 05:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2008-10-24 04:22 . 2008-10-24 04:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\FDREIIMIYG
2008-10-23 15:33 . 2008-10-23 15:33 <DIR> d-------- c:\program files\Pando Networks
2008-10-21 20:40 . 2008-10-21 20:40 <DIR> d-------- c:\documents and settings\Millie\Application Data\Dragon Altar Games
2008-10-20 21:36 . 2008-10-20 21:36 <DIR> d-------- c:\documents and settings\Millie\Application Data\Yahoo!
2008-10-20 20:55 . 2008-10-20 21:37 <DIR> d-------- c:\program files\Common Files\Scanner
2008-10-20 20:55 . 2008-10-20 20:55 <DIR> d-------- c:\program files\Common Files\LogiShared
2008-10-20 20:55 . 2008-10-20 20:55 <DIR> d-------- c:\documents and settings\Millie\Application Data\Logitech
2008-10-20 20:54 . 2008-10-20 20:54 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-10-20 20:54 . 2002-02-21 17:56 24,576 --a------ c:\windows\system32\msxml3a.dll
2008-10-20 20:53 . 2008-10-20 20:54 <DIR> d-------- c:\program files\Logitech
2008-10-20 20:53 . 2008-10-20 20:53 <DIR> d-------- c:\program files\Common Files\Logitech
2008-10-20 20:53 . 2008-10-20 20:53 <DIR> d-------- c:\documents and settings\Millie\Application Data\InstallShield
2008-10-20 20:53 . 2008-10-20 20:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2008-10-20 20:53 . 2008-10-20 20:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2008-10-20 20:53 . 2007-04-23 03:00 163,840 --a------ c:\windows\system32\kemutb.dll
2008-10-20 20:53 . 2007-04-23 03:00 135,168 --a------ c:\windows\system32\KemUtil.dll
2008-10-20 20:53 . 2007-04-23 03:00 110,592 --a------ c:\windows\system32\KemWnd.dll
2008-10-20 20:53 . 2007-04-11 14:33 79,376 --a------ c:\windows\system32\drivers\LMouKE.Sys
2008-10-20 20:53 . 2007-04-23 03:00 69,632 --a------ c:\windows\system32\KemXML.dll
2008-10-20 20:53 . 2007-04-11 14:32 63,248 --a------ c:\windows\system32\drivers\L8042mou.Sys
2008-10-20 20:53 . 2007-04-11 14:32 56,080 --a------ c:\windows\KHALMNPR.Exe
2008-10-20 20:53 . 2007-04-11 14:32 20,496 --a------ c:\windows\system32\drivers\L8042Kbd.sys
2008-10-17 06:09 . 2008-10-17 06:14 <DIR> d-------- c:\documents and settings\Millie\uspy
2008-10-16 06:32 . 2008-10-16 07:01 <DIR> d-------- c:\documents and settings\Millie\Application Data\Creative
2008-10-16 06:27 . 2008-10-16 06:27 <DIR> d--h----- c:\program files\Creative Installation Information
2008-10-16 06:27 . 2008-10-16 06:27 <DIR> d-------- c:\program files\Common Files\Creative
2008-10-16 06:27 . 1999-12-13 00:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2008-10-16 06:27 . 1999-11-18 00:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 11:03 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-11-16 01:08 --------- d-----w c:\documents and settings\Millie\Application Data\XnView
2008-11-15 12:14 --------- d-----w c:\program files\BadgeHelp
2008-11-14 20:02 1,020,291 ----a-w c:\windows\java\Packages\29JRV931.ZIP
2008-11-14 20:01 3,321,018 ----a-w c:\windows\java\Packages\URZF7HN7.ZIP
2008-11-14 05:08 2,902,690 ----a-w c:\windows\java\Packages\4YQTZ7DB.ZIP
2008-11-09 09:59 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-07 03:53 3,034,169 ----a-w c:\windows\java\Packages\FD3LZR3N.ZIP
2008-11-07 03:51 3,807,558 ----a-w c:\windows\java\Packages\GF7JVV7L.ZIP
2008-11-03 01:19 --------- d-----w c:\documents and settings\All Users\Application Data\OLREIIMIYG
2008-11-02 09:16 4,604,316 ----a-w c:\windows\java\Packages\0QMOD39R.ZIP
2008-11-01 21:09 --------- d-----w c:\documents and settings\Millie\Application Data\Alien Skin
2008-11-01 05:03 --------- d-----w c:\documents and settings\Millie\Application Data\Flood Light Games
2008-10-30 20:53 --------- d-----w c:\program files\IncrediMail
2008-10-29 05:54 2,791,613 ----a-w c:\windows\java\Packages\WZPFVLVL.ZIP
2008-10-29 05:28 1,004,471 ----a-w c:\windows\java\Packages\57Z7ZTJ1.ZIP
2008-10-28 21:49 3,301,034 ----a-w c:\windows\java\Packages\MG7P7FXB.ZIP
2008-10-28 08:27 --------- d-----w c:\documents and settings\All Users\Application Data\YJREIIMIYG
2008-10-27 16:54 --------- d-----w c:\program files\Java
2008-10-25 19:51 --------- d-----w c:\documents and settings\All Users\Application Data\SFREIIMIYG
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 08:44 --------- d-----w c:\program files\Games Various
2008-10-24 07:33 3,301,034 ----a-w c:\windows\java\Packages\VJ5Z5BVR.ZIP
2008-10-23 10:23 --------- d-----w c:\program files\Yahoo!
2008-10-23 10:23 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-22 05:33 1,690,873 ----a-w c:\windows\java\Packages\FT7FBXRX.ZIP
2008-10-22 01:01 1,723,215 ----a-w c:\windows\java\Packages\6WWQJRXZ.ZIP
2008-10-21 01:54 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-17 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\Flood Light Games
2008-10-17 09:45 --------- d-----w c:\documents and settings\All Users\Application Data\EQREIIMIYG
2008-10-16 11:27 --------- d-----w c:\program files\Creative
2008-10-16 08:59 --------- d-----w c:\documents and settings\All Users\Application Data\OJREIIMIYG
2008-10-16 01:35 --------- d-----w c:\documents and settings\Millie\Application Data\Home Sweet Home
2008-10-15 19:59 --------- d-----w c:\documents and settings\All Users\Application Data\LBXEIIMIYG
2008-10-15 03:35 218,064 ----a-w c:\documents and settings\Millie\Application Data\GDIPFONTCACHEV1.DAT
2008-10-15 02:34 --------- d-----w c:\documents and settings\Millie\Application Data\EleFun Games
2008-10-15 01:21 --------- d-----w c:\documents and settings\Millie\Application Data\Gold Casual Games
2008-10-15 01:21 --------- d-----w c:\documents and settings\All Users\Application Data\Gold Casual Games
2008-10-14 19:26 --------- d-----w c:\program files\Astrology
2008-10-13 19:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-10 17:42 --------- d-----w c:\program files\The Mystery of the Crystal Portal
2008-10-08 22:05 --------- d-----w c:\documents and settings\All Users\Application Data\MLREIIMIYG
2008-10-08 18:46 --------- d-----w c:\documents and settings\All Users\Application Data\HQREIIMIYG
2008-10-07 22:29 --------- d-----w c:\documents and settings\All Users\Application Data\WTREIIMIYG
2008-10-05 03:00 --------- d-----w c:\documents and settings\All Users\Application Data\The Game Equation
2008-10-04 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-04 16:34 --------- d-----w c:\documents and settings\Millie\Application Data\Apple Computer
2008-10-04 08:33 442,090 ----a-w c:\windows\java\Packages\07FJ7TBZ.ZIP
2008-10-04 08:33 2,281,407 ----a-w c:\windows\java\Packages\OKENZ5RR.ZIP
2008-10-04 08:18 2,536,053 ----a-w c:\windows\java\Packages\9NLRFZ3B.ZIP
2008-10-04 08:17 2,281,407 ----a-w c:\windows\java\Packages\ZXRHFRJB.ZIP
2008-10-04 07:18 2,723,475 ----a-w c:\windows\java\Packages\408W79NP.ZIP
2008-10-03 19:59 27,136 ----a-w c:\windows\system32\drivers\nchssvad.sys
2008-10-03 19:49 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-03 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-03 19:24 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-10-03 19:21 --------- d-----w c:\program files\NCH Swift Sound
2008-10-03 19:21 --------- d-----w c:\program files\NCH Software
2008-10-03 19:21 --------- d-----w c:\documents and settings\Millie\Application Data\NCH Swift Sound
2008-10-01 21:44 --------- d-----w c:\documents and settings\All Users\Application Data\BRREIIMIYG
2008-10-01 20:10 --------- d-----w c:\documents and settings\Millie\Application Data\BinaryMark
2008-09-27 20:26 --------- d-----w c:\documents and settings\Millie\Application Data\cerasus.media
2008-09-27 20:09 --------- d-----w c:\documents and settings\All Users\Application Data\HipSoft
2008-09-26 23:49 --------- d-----w c:\documents and settings\All Users\Application Data\Gogii
2008-09-26 13:37 --------- d-----w c:\documents and settings\All Users\Application Data\ZSREIIMIYG
2008-09-26 13:35 --------- d-----w c:\documents and settings\All Users\Application Data\FFREIIMIYG
2008-09-26 07:07 --------- d-----w c:\documents and settings\All Users\Application Data\ZIREIIMIYG
2008-09-24 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-09-24 20:36 --------- d-----w c:\program files\AOL 9.1
2008-09-24 20:36 --------- d-----w c:\documents and settings\Millie\Application Data\AOL
2008-09-24 20:35 --------- d-----w c:\program files\Viewpoint
2008-09-24 20:35 --------- d-----w c:\program files\Common Files\Nullsoft
2008-09-24 20:35 --------- d-----w c:\program files\Common Files\aolshare
2008-09-24 20:35 --------- d-----w c:\program files\Common Files\AOL
2008-09-24 20:32 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-09-24 13:05 --------- d-----w c:\documents and settings\All Users\Application Data\RKREIIMIYG
2008-09-22 05:05 787 ----a-w C:\Board.Dat
2008-09-20 06:42 --------- d-----w c:\program files\Oberon Media
2008-09-19 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\YOREIIMIYG
2008-09-19 03:16 --------- d-----w c:\documents and settings\All Users\Application Data\MysteryChronicles
2008-09-18 04:55 6,132,576 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-09-04 05:05 0 ----a-w c:\program files\temp01
2008-09-04 02:47 1,943,744 ----a-w c:\windows\java\Packages\CS9Z9VTZ.ZIP
2008-08-30 16:59 3,121,495 ----a-w c:\windows\java\Packages\I2K1JBFF.ZIP
2008-08-16 03:32 2,127,733 ----a-w c:\windows\java\Packages\GGJJDBHB.ZIP
.

<pre>
----a-w           250,104 2008-09-02 19:47:11  c:\documents and settings\Millie\My Documents\Zipped\Astrology\Software ACS Updates\ACS Atlas 3 0 050628 .exe
----a-w         2,404,352 2008-09-02 19:49:05  c:\documents and settings\Millie\My Documents\Zipped\Astrology\Software ACS Updates\UPDATEARomance w Juno and Nodes ver 2 01 040523 .EXE
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Architect"="c:\program files\FCoder\Desktop\Desktop Architect\datray.exe" [2001-05-07 53248]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)
"NoLogoff"= 0 (0x0)
"NoRecentDocsNetHood"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
2008-06-13 20:39 45184 c:\windows\system32\fsp_lmwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ndkgov.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Millie\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\ImPackr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\FCoder\\Chat\\YIM\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\FCoder\\Chat\\YIM\\Messenger\\YServer.exe"=
"c:\\Program Files\\FCoder\\Multimedia\\PC Satellite TV\\PC Satellite TV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1222288481\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Documents and Settings\\Millie\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Millie\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57551:TCP"= 57551:TCPando P2P TCP Listening Port
"57551:UDP"= 57551:UDPando P2P UDP Listening Port
"56069:TCP"= 56069:TCPando P2P TCP Listening Port
"56069:UDP"= 56069:UDPando P2P UDP Listening Port
"57801:TCP"= 57801:TCPando P2P TCP Listening Port
"57801:UDP"= 57801:UDPando P2P UDP Listening Port
"58334:TCP"= 58334:TCPando P2P TCP Listening Port
"58334:UDP"= 58334:UDPando P2P UDP Listening Port
"58359:TCP"= 58359:TCPando P2P TCP Listening Port
"58359:UDP"= 58359:UDPando P2P UDP Listening Port
"59033:TCP"= 59033:TCPando P2P TCP Listening Port
"59033:UDP"= 59033:UDPando P2P UDP Listening Port
"56793:TCP"= 56793:TCPando P2P TCP Listening Port
"56793:UDP"= 56793:UDPando P2P UDP Listening Port

R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2002-08-29 14336]
R3 LMPC4;LMPC4;c:\windows\system32\drivers\LMPC4.sys [2008-09-05 10096]
S2 0075331226833344mcinstcleanup;McAfee Application Installer Cleanup (0075331226833344);c:\docume~1\Millie\LOCALS~1\Temp\007533~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S3 DrvFltIp;DrvFltIp;\??\c:\documents and settings\Millie\Local Settings\TEMP\DrvFltIp []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\FCoder\Multimedia\Common\Database\bin\fbserver.exe [2008-09-07 1527900]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\F:\NTGLM7X.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-07-07 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09acc992-4882-11dd-8dbe-806d6172696f}]
\Shell\AutoRun\command - F:\Setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c23dd370-cb79-11d2-898a-00c04f80a47f}]
rundll32.exe advpack.dll,LaunchINFSectionEx %SystemRoot%\INF\toolimg.inf,PerUserStub.Install,,36
.
Contents of the 'Scheduled Tasks' folder

2008-11-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\FCoder\Utilities\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2008-11-16 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Millie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-14 12:11]

2008-11-16 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-11-16 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Millie\Application Data\Mozilla\Firefox\Profiles\towq75vj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig?hl=en&source=iglk
FF -: plugin - c:\program files\FCoder\Multimedia\DivX\DivX Player\npDivxPlayerPlugin.dll
FF -: plugin - c:\program files\FCoder\Multimedia\DivX\DivX Web Player\npdivx32.dll
FF -: plugin - c:\program files\FCoder\Multimedia\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - c:\program files\FCoder\Multimedia\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 06:54:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\documents and settings\Millie\Local Settings\TEMP\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\c:\documents and settings\Millie\Local Settings\TEMP\DrvFltIp"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\FCoder\Utilities\Ad-Aware\aawservice.exe
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\FCoder\Desktop\Lock My PC 4\lockpc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-11-16 7:07:48 - machine was rebooted [Millie]
ComboFix-quarantined-files.txt 2008-11-16 12:07:43

Pre-Run: 123,542,339,584 bytes free
Post-Run: 123,459,104,768 bytes free

634



------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:27:03 PM, on 11/16/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FCoder\Utilities\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\FCoder\Desktop\Lock My PC 4\lockpc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\FCoder\Desktop\Desktop Architect\datray.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Millie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1107
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhapsody_app*.listen.com;<local>
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\FCoder\Desktop\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.download.com
O15 - Trusted Zone: www.iwon.com
O15 - Trusted Zone: http://*.kewlbox.com
O15 - Trusted Zone: http://www.pogo.com
O16 - DPF: Battle Phlinx by pogo - http://game3.pogo.com/v/9.1.3.19/applet/battlephlinx/battlephlinx-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.com/v/9.1.5.8/applet/chess2/chess2-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.7.14/applet/platespinner/platespinner-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.1.5.8/applet/firstclass2/firstclass2-en_US.cab
O16 - DPF: Jigsaw Treasure Hunter - http://game3.pogo.com/v/9.1.6.34/applet/jth/jth-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game3.pogo.com/v/9.1.6.34/applet/shoes/shoes-en_US.cab
O16 - DPF: Monopoly by pogo - http://game3.pogo.com/v/9.1.5.23/applet/monopoly/monopoly-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game3.pogo.com/v/9.1.1.1/applet/popfu/popfu-en_US.cab
O16 - DPF: Scrabble by pogo - http://game3.pogo.com/v/9.0.9.8/applet/scrabble/scrabble-en_US.cab
O16 - DPF: Spooky Slots - http://game3.pogo.com/v/9.1.3.19/applet/spooky/spooky-en_US.cab
O16 - DPF: Team Bingo by Pogo - http://game3.pogo.com/v/9.1.3.19/applet/teambingo/teambingo-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.com/v/9.1.1.8/applet/millbrae/millbrae-en_US.cab
O16 - DPF: Trivial Pursuit by pogo - http://game3.pogo.com/v/9.1.6.35/applet/trivial/trivial-en_US.cab
O16 - DPF: Yahtzee Party by pogo - http://game3.pogo.com/v/9.1.6.35/applet/yahtzee/yahtzee-en_US.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/Oneclickfix/tgctlsr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1215130684687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1215235066593
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://clubgames.pogo.com/online2/pogop/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://clubgames.pogo.com/online2/pogop/diner_dash/DinerDash.1.0.0.80.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ndkgov.dll
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll
O23 - Service: McAfee Application Installer Cleanup (0075331226833344) (0075331226833344mcinstcleanup) - Unknown owner - C:\DOCUME~1\Millie\LOCALS~1\Temp\007533~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\FCoder\Utilities\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\FCoder\Multimedia\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9972 bytes

 

[Shaba]

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

 

[GertieKins]

Here is Uninstall List

My copy of the Uninstall List is below

Thanks again.
Millie, aka GertieKins


20/20 v2.2
Abra Academy - Returning Cast
AceMoney Lite
Acoustica Effects Pack
Acoustica Mixcraft 4.2
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Reader 9
Adobe Shockwave Player
AdSubtract PRO 3
Advanced Sound Recorder v6.0
Agatha Christie Death On The Nile
Almeza MultiSet Professional 6.1
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
AstrAstr v1.03
Belarc Advisor 7.2
Between the Worlds
Big City Adventure - San Francisco
Big City Adventure-Sydney Australia
Big Fish Games Client
Biorhythm Calculator Standard 2009
CCleaner (remove only)
CDDRV_Installer
ClearType Tuning Control Panel Applet
Color Cop 5.4.3
Corel Paint Shop Pro Photo X2
Corel Paint Shop Pro X
Creative MediaSource 5
CutePDF Writer 2.7
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp [Multi Encoder] Codec
dBpoweramp [ReplayGain] Codec
dBpoweramp AAC Encoder
dBpoweramp CLI Encoder
dBpoweramp Dalet Codec
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp m4a Utilities
dBpoweramp Midi Decoder
dBpoweramp Monkeys Audio Codec
dBpoweramp Mp2 and BwfMp2 codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Musepack Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dBpoweramp Ogg Vorbis Lancer Encoder
dBpoweramp OptimFROG Codec
dBpoweramp Real Audio (Helix) Encoder
dBpoweramp Shorten Codec
dBpoweramp Speex Codec
dBPoweramp tooLame MP2 codec
dBpoweramp TTA Codec
dBpoweramp Wave64 Codec
dBpoweramp WavPack Codec
dBpoweramp Windows Media Audio 10 Codec
dBpowerAMP Windows Media Audio 9 Codec
Desktop Architect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Dream Day - Married in Manhattan
Enchanted Fairy Friends - Secret of the Fairy Queen
Express Rip
Eye Candy 4000
FastFontPreview v2.1.0 FREEWARE
Firebird SQL Server - MAGIX Edition (UK)
ForgotRiddle2
Google Talk Plugin
Hidden Expedition Titanic
Hide & Secret 2: Cliffhanger Castle
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows XP (KB915865)
HouseCall 6.6
hp instant support
hp officejet g series
I Spy Spooky Mansion
IncrediMail
iRecordMax Sound Recorder v7.1.3
IZArc 3.81
Jasc Animation Shop 3
Java(TM) 6 Update 10
Java(TM) 6 Update 6
Java(TM) 6 Update 7
KhalInstallWrapper
KPT Equalizer
Little Shop Of Treasures
Lock My PC 4.7
Logitech Desktop Messenger
Logitech Registration
Logitech SetPoint
Magic Encyclopedia First Story
MAGIX Music Maker 12 silver (UK)
McAfee SecurityCenter
Media Library Management Wizard
MediaMonkey 3.0
Melody
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Internet Explorer 5 Toolbar Wallpaper
Microsoft National Language Support Downlevel APIs
Microsoft Office Sounds
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Moraff's MahJongg 2009
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MWSnap 3
Mystery Case Files Tri-Pack
Mystery PI The Lottery Ticket
Mysteryville 2
Nero Suite
NoteTab Light 5 (Remove only)
NVIDIA Drivers
Operation Mania
Pando
Path Copy Utility Uninstall
Personal License Update Wizard for Windows Media Player
PIXELRULER
Plugin Commander Light 1.60
Plus! MP3 Audio Converter LE
PowerDVD
PSP Thumbnail Handler
QuickTime
Satellite TV for PC
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Serials 2000 7.1+
Sound Blaster Audigy
SoundTap Streaming Audio Recorder
Spelling Dictionaries Support For Adobe Reader 9
Splat! 1.0
Sprill - The Mystery of The Bermuda Triangle
Spybot - Search & Destroy
Strange Town
SWF Opener
Switch Sound File Converter
System Requirements Lab
Text-To-Speech-Runtime
The Cameron Files 2 - Pharaoh's Curse
The Mysterious City Golden Prague
Treasure Masters, Inc.
TuneUp Utilities 2008
Tweak UI
TweakNow PowerPack 2006 Professional
Ulead ArtTexture.Plugin 1.0
Ulead Particle.Plugin 1.0
Unicorn Castle 1.0
Uninstall AOL Emergency Connect Utility 1.0
Viewpoint Media Player
WavePad Sound Editor
WikMail Pro Build 1615
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows Presentation Foundation
Windows XP Hotfix - KB885884
WinRAR archiver
WinZip
XnView 1.94.2
XnView Shell Extension 2.4.0
Yahoo! Messenger

 

[Shaba]

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Pando

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Uninstall also this:

Serials 2000 7.1+

Please run a new uninstall list scan when finished and post the log back here.

 

[GertieKins]

New Uninstall Log

20/20 v2.2
Abra Academy - Returning Cast
AceMoney Lite
Acoustica Effects Pack
Acoustica Mixcraft 4.2
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Reader 9
Adobe Shockwave Player
AdSubtract PRO 3
Advanced Sound Recorder v6.0
Agatha Christie Death On The Nile
Almeza MultiSet Professional 6.1
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
AstrAstr v1.03
Belarc Advisor 7.2
Between the Worlds
Big City Adventure - San Francisco
Big City Adventure-Sydney Australia
Big Fish Games Client
Biorhythm Calculator Standard 2009
CCleaner (remove only)
CDDRV_Installer
ClearType Tuning Control Panel Applet
Color Cop 5.4.3
Corel Paint Shop Pro Photo X2
Corel Paint Shop Pro X
Creative MediaSource 5
CutePDF Writer 2.7
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp [Multi Encoder] Codec
dBpoweramp [ReplayGain] Codec
dBpoweramp AAC Encoder
dBpoweramp CLI Encoder
dBpoweramp Dalet Codec
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp m4a Utilities
dBpoweramp Midi Decoder
dBpoweramp Monkeys Audio Codec
dBpoweramp Mp2 and BwfMp2 codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Musepack Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dBpoweramp Ogg Vorbis Lancer Encoder
dBpoweramp OptimFROG Codec
dBpoweramp Real Audio (Helix) Encoder
dBpoweramp Shorten Codec
dBpoweramp Speex Codec
dBPoweramp tooLame MP2 codec
dBpoweramp TTA Codec
dBpoweramp Wave64 Codec
dBpoweramp WavPack Codec
dBpoweramp Windows Media Audio 10 Codec
dBpowerAMP Windows Media Audio 9 Codec
Desktop Architect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Dream Day - Married in Manhattan
Enchanted Fairy Friends - Secret of the Fairy Queen
Express Rip
Eye Candy 4000
FastFontPreview v2.1.0 FREEWARE
Firebird SQL Server - MAGIX Edition (UK)
ForgotRiddle2
Google Talk Plugin
Hidden Expedition Titanic
Hide & Secret 2: Cliffhanger Castle
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows XP (KB915865)
HouseCall 6.6
hp instant support
hp officejet g series
I Spy Spooky Mansion
IncrediMail
iRecordMax Sound Recorder v7.1.3
IZArc 3.81
Jasc Animation Shop 3
Java(TM) 6 Update 10
Java(TM) 6 Update 6
Java(TM) 6 Update 7
KhalInstallWrapper
KPT Equalizer
Little Shop Of Treasures
Lock My PC 4.7
Logitech Desktop Messenger
Logitech Registration
Logitech SetPoint
Magic Encyclopedia First Story
MAGIX Music Maker 12 silver (UK)
McAfee SecurityCenter
Media Library Management Wizard
MediaMonkey 3.0
Melody
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Internet Explorer 5 Toolbar Wallpaper
Microsoft National Language Support Downlevel APIs
Microsoft Office Sounds
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Moraff's MahJongg 2009
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MWSnap 3
Mystery Case Files Tri-Pack
Mystery PI The Lottery Ticket
Mysteryville 2
Nero Suite
NoteTab Light 5 (Remove only)
NVIDIA Drivers
Operation Mania
Path Copy Utility Uninstall
Personal License Update Wizard for Windows Media Player
PIXELRULER
Plugin Commander Light 1.60
Plus! MP3 Audio Converter LE
PowerDVD
PSP Thumbnail Handler
QuickTime
Satellite TV for PC
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sound Blaster Audigy
SoundTap Streaming Audio Recorder
Spelling Dictionaries Support For Adobe Reader 9
Splat! 1.0
Sprill - The Mystery of The Bermuda Triangle
Spybot - Search & Destroy
Strange Town
SWF Opener
Switch Sound File Converter
System Requirements Lab
Text-To-Speech-Runtime
The Cameron Files 2 - Pharaoh's Curse
The Mysterious City Golden Prague
Treasure Masters, Inc.
TuneUp Utilities 2008
Tweak UI
TweakNow PowerPack 2006 Professional
Ulead ArtTexture.Plugin 1.0
Ulead Particle.Plugin 1.0
Unicorn Castle 1.0
Uninstall AOL Emergency Connect Utility 1.0
Viewpoint Media Player
WavePad Sound Editor
WikMail Pro Build 1615
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows Presentation Foundation
Windows XP Hotfix - KB885884
WinRAR archiver
WinZip
XnView 1.94.2
XnView Shell Extension 2.4.0
Yahoo! Messenger

 

[Shaba]

Thank you

Next I need to ask that do you recognize folders like these?

c:\documents and settings\All Users\Application Data\MLREIIMIYG
c:\documents and settings\All Users\Application Data\HQREIIMIYG
c:\documents and settings\All Users\Application Data\WTREIIMIYG

All are c:\documents and settings\All Users\Application Data\???EIIMIYG, where ? = any letter.

 

[GertieKins]

Folders not recognized

No, folders named like that mean nothing to me.

Thanks for your continued effort and time.

Millie, aka GertieKins

 

[Shaba]

Thank you for information.

Open notepad and copy/paste the text in the codebox below into it:

File::
c:\windows\system32\wkmynpvx.ini
c:\windows\system32\cnjmhajs.ini
c:\program files\temp01

Folder::
c:\documents and settings\All Users\Application Data\PDREIIMIYG
c:\documents and settings\All Users\Application Data\KAREIIMIYG
c:\documents and settings\All Users\Application Data\DAREIIMIYG
c:\documents and settings\All Users\Application Data\XKREIIMIYG
c:\documents and settings\All Users\Application Data\JJREIIMIYG
c:\documents and settings\All Users\Application Data\FDREIIMIYG
c:\documents and settings\All Users\Application Data\OLREIIMIYG
c:\documents and settings\All Users\Application Data\YJREIIMIYG
c:\documents and settings\All Users\Application Data\SFREIIMIYG
c:\documents and settings\All Users\Application Data\EQREIIMIYG
c:\documents and settings\All Users\Application Data\OJREIIMIYG
c:\documents and settings\All Users\Application Data\MLREIIMIYG
c:\documents and settings\All Users\Application Data\HQREIIMIYG
c:\documents and settings\All Users\Application Data\WTREIIMIYG
c:\documents and settings\All Users\Application Data\BRREIIMIYG
c:\documents and settings\All Users\Application Data\ZSREIIMIYG
c:\documents and settings\All Users\Application Data\FFREIIMIYG
c:\documents and settings\All Users\Application Data\ZIREIIMIYG

Driver::
0075331226833344mcinstcleanup

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57551:TCP"=-
"57551:UDP"=-
"56069:TCP"=-
"56069:UDP"=-
"57801:TCP"=-
"57801:UDP"=-
"58334:TCP"=-
"58334:UDP"=-
"58359:TCP"=-
"58359:UDP"=-
"59033:TCP"=-
"59033:UDP"=-
"56793:TCP"=-
"56793:UDP"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

 

[GertieKins]

Posting after CFScript

Hi,

I did what you asked. Although the ComboFix ran well and it did reboot my computer, the log it produced was blank -- totally with nothing to copy for you. It just saved it as log.txt with nothing in it.

So I ran the HijackThis again and here it that report below.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:22:47 PM, on 11/17/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FCoder\Utilities\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\FCoder\Desktop\Lock My PC 4\lockpc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\FCoder\Desktop\Desktop Architect\datray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\FCoder\HTML\NoteTab Light\NoteTab.exe
C:\Documents and Settings\Millie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1107
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhapsody_app*.listen.com;<local>
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\FCoder\Desktop\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.download.com
O15 - Trusted Zone: www.iwon.com
O15 - Trusted Zone: http://*.kewlbox.com
O15 - Trusted Zone: http://www.pogo.com
O16 - DPF: Battle Phlinx by pogo - http://game3.pogo.com/v/9.1.3.19/applet/battlephlinx/battlephlinx-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.com/v/9.1.5.8/applet/chess2/chess2-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.7.14/applet/platespinner/platespinner-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.1.5.8/applet/firstclass2/firstclass2-en_US.cab
O16 - DPF: Jigsaw Treasure Hunter - http://game3.pogo.com/v/9.1.6.34/applet/jth/jth-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game3.pogo.com/v/9.1.6.34/applet/shoes/shoes-en_US.cab
O16 - DPF: Monopoly by pogo - http://game3.pogo.com/v/9.1.5.23/applet/monopoly/monopoly-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game3.pogo.com/v/9.1.1.1/applet/popfu/popfu-en_US.cab
O16 - DPF: Scrabble by pogo - http://game3.pogo.com/v/9.0.9.8/applet/scrabble/scrabble-en_US.cab
O16 - DPF: Spooky Slots - http://game3.pogo.com/v/9.1.3.19/applet/spooky/spooky-en_US.cab
O16 - DPF: Team Bingo by Pogo - http://game3.pogo.com/v/9.1.3.19/applet/teambingo/teambingo-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.com/v/9.1.1.8/applet/millbrae/millbrae-en_US.cab
O16 - DPF: Trivial Pursuit by pogo - http://game3.pogo.com/v/9.1.6.35/applet/trivial/trivial-en_US.cab
O16 - DPF: Yahtzee Party by pogo - http://game3.pogo.com/v/9.1.6.35/applet/yahtzee/yahtzee-en_US.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/Oneclickfix/tgctlsr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1215130684687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1215235066593
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://clubgames.pogo.com/online2/pogop/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://clubgames.pogo.com/online2/pogop/diner_dash/DinerDash.1.0.0.80.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\FCoder\Utilities\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\FCoder\Multimedia\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9813 bytes

 

[Shaba]

Please then re-run combofix in normal way and post back its log and a fresh combofix log and a fresh hijackthis log

 

[GertieKins]

ReRan ComboFix and HijackThis Here they are

ComboFix 08-11-16.05 - Millie 2008-11-17 16:02:03.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2777 [GMT -5:00]
Running from: c:\documents and settings\Millie\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.

2008-11-16 06:04 . 2008-11-17 13:45 8,153 --a------ c:\windows\system32\Config.MPF
2008-11-16 06:02 . 2008-11-16 06:02 <DIR> d-------- c:\program files\McAfee.com
2008-11-16 06:02 . 2008-11-16 06:03 <DIR> d-------- c:\program files\McAfee
2008-11-16 06:02 . 2008-11-16 06:02 <DIR> d-------- c:\program files\Common Files\McAfee
2008-11-16 06:02 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-11-16 06:02 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-11-16 06:02 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-11-16 06:02 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-11-16 06:02 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-11-16 06:02 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-11-15 20:27 . 1999-10-21 11:06 304,640 --a------ c:\windows\system32\imgman32.dll
2008-11-15 20:27 . 1999-06-07 15:56 67,072 --a------ c:\windows\system32\IM31jpg.dil
2008-11-15 20:27 . 1999-10-21 19:06 59,392 --a------ c:\windows\system32\imhost32.dll
2008-11-15 20:27 . 1999-06-07 16:55 35,840 --a------ c:\windows\system32\IM31bmp.dil
2008-11-15 20:27 . 1999-06-07 17:00 32,256 --a------ c:\windows\system32\IM31xbmp.del
2008-11-15 14:22 . 2008-11-15 14:22 <DIR> d-------- c:\program files\Trend Micro
2008-11-15 04:28 . 2008-11-15 04:51 <DIR> d-------- c:\documents and settings\Millie\.housecall6.6
2008-11-15 04:24 . 2008-11-15 04:27 <DIR> d-------- c:\documents and settings\Millie\Application Data\HouseCall 6.6
2008-11-14 11:42 . 2008-11-14 12:44 <DIR> d-------- c:\program files\WikMail
2008-11-14 11:42 . 2008-01-20 06:33 396,288 --a------ c:\windows\system32\HtmlCapture.dll
2008-11-14 11:42 . 2008-05-23 18:04 389,120 --a------ c:\windows\system32\ANPOP.dll
2008-11-14 11:42 . 2008-10-08 10:01 357,888 --a------ c:\windows\system32\AOSMTPEX.dll
2008-11-14 11:42 . 2006-05-25 16:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-14 11:42 . 2005-08-26 02:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-14 11:42 . 2000-06-08 17:00 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-12 23:08 . 2008-11-12 23:08 <DIR> d-------- c:\documents and settings\Millie\Application Data\SpinTop Games
2008-11-12 12:22 . 2008-11-12 12:22 <DIR> d-------- C:\Temp
2008-11-12 12:22 . 2008-11-12 12:22 209 --a------ c:\temp\Temp.Bat
2008-11-11 17:33 . 2008-09-17 23:55 201,050 --a------ c:\windows\system32\nvapps.nvb
2008-11-11 00:51 . 2008-11-11 00:52 <DIR> d-------- c:\documents and settings\Millie\Application Data\SecretIslandEng
2008-11-01 15:25 . 2008-11-01 15:25 <DIR> d-------- c:\program files\The Cameron Files 2 - Pharaoh's Curse
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx07.dll
2008-10-28 17:35 . 2008-10-28 17:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll
2008-10-28 17:35 . 2008-10-28 17:35 802,816 --a------ c:\windows\system32\divx_xx11.dll
2008-10-28 17:35 . 2008-10-28 17:35 684,032 --a------ c:\windows\system32\DivX.dll
2008-10-28 03:53 . 2008-10-28 03:53 <DIR> d-------- c:\documents and settings\Millie\Application Data\cerasus
2008-10-27 11:54 . 2008-10-27 11:54 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-27 05:36 . 2008-10-27 05:36 <DIR> d-------- c:\documents and settings\Millie\Application Data\PlayFirst
2008-10-27 05:36 . 2008-10-27 05:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2008-10-21 20:40 . 2008-10-21 20:40 <DIR> d-------- c:\documents and settings\Millie\Application Data\Dragon Altar Games
2008-10-20 21:36 . 2008-10-20 21:36 <DIR> d-------- c:\documents and settings\Millie\Application Data\Yahoo!
2008-10-20 20:55 . 2008-10-20 21:37 <DIR> d-------- c:\program files\Common Files\Scanner
2008-10-20 20:55 . 2008-10-20 20:55 <DIR> d-------- c:\program files\Common Files\LogiShared
2008-10-20 20:55 . 2008-10-20 20:55 <DIR> d-------- c:\documents and settings\Millie\Application Data\Logitech
2008-10-20 20:54 . 2008-10-20 20:54 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-10-20 20:54 . 2002-02-21 17:56 24,576 --a------ c:\windows\system32\msxml3a.dll
2008-10-20 20:53 . 2008-10-20 20:54 <DIR> d-------- c:\program files\Logitech
2008-10-20 20:53 . 2008-10-20 20:53 <DIR> d-------- c:\program files\Common Files\Logitech
2008-10-20 20:53 . 2008-10-20 20:53 <DIR> d-------- c:\documents and settings\Millie\Application Data\InstallShield
2008-10-20 20:53 . 2008-10-20 20:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2008-10-20 20:53 . 2008-10-20 20:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2008-10-20 20:53 . 2007-04-23 03:00 163,840 --a------ c:\windows\system32\kemutb.dll
2008-10-20 20:53 . 2007-04-23 03:00 135,168 --a------ c:\windows\system32\KemUtil.dll
2008-10-20 20:53 . 2007-04-23 03:00 110,592 --a------ c:\windows\system32\KemWnd.dll
2008-10-20 20:53 . 2007-04-11 14:33 79,376 --a------ c:\windows\system32\drivers\LMouKE.Sys
2008-10-20 20:53 . 2007-04-23 03:00 69,632 --a------ c:\windows\system32\KemXML.dll
2008-10-20 20:53 . 2007-04-11 14:32 63,248 --a------ c:\windows\system32\drivers\L8042mou.Sys
2008-10-20 20:53 . 2007-04-11 14:32 56,080 --a------ c:\windows\KHALMNPR.Exe
2008-10-20 20:53 . 2007-04-11 14:32 20,496 --a------ c:\windows\system32\drivers\L8042Kbd.sys
2008-10-17 06:09 . 2008-10-17 06:14 <DIR> d-------- c:\documents and settings\Millie\uspy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 11:03 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-11-16 01:08 --------- d-----w c:\documents and settings\Millie\Application Data\XnView
2008-11-15 12:14 --------- d-----w c:\program files\BadgeHelp
2008-11-14 20:02 1,020,291 ----a-w c:\windows\java\Packages\29JRV931.ZIP
2008-11-14 20:01 3,321,018 ----a-w c:\windows\java\Packages\URZF7HN7.ZIP
2008-11-14 05:08 2,902,690 ----a-w c:\windows\java\Packages\4YQTZ7DB.ZIP
2008-11-09 09:59 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-07 03:53 3,034,169 ----a-w c:\windows\java\Packages\FD3LZR3N.ZIP
2008-11-07 03:51 3,807,558 ----a-w c:\windows\java\Packages\GF7JVV7L.ZIP
2008-11-02 09:16 4,604,316 ----a-w c:\windows\java\Packages\0QMOD39R.ZIP
2008-11-01 21:09 --------- d-----w c:\documents and settings\Millie\Application Data\Alien Skin
2008-11-01 05:03 --------- d-----w c:\documents and settings\Millie\Application Data\Flood Light Games
2008-10-30 20:53 --------- d-----w c:\program files\IncrediMail
2008-10-29 05:54 2,791,613 ----a-w c:\windows\java\Packages\WZPFVLVL.ZIP
2008-10-27 16:54 --------- d-----w c:\program files\Java
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 08:44 --------- d-----w c:\program files\Games Various
2008-10-24 07:33 3,301,034 ----a-w c:\windows\java\Packages\VJ5Z5BVR.ZIP
2008-10-23 10:23 --------- d-----w c:\program files\Yahoo!
2008-10-23 10:23 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-22 05:33 1,690,873 ----a-w c:\windows\java\Packages\FT7FBXRX.ZIP
2008-10-22 01:01 1,723,215 ----a-w c:\windows\java\Packages\6WWQJRXZ.ZIP
2008-10-21 01:54 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-18 19:37 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-10-17 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\Flood Light Games
2008-10-16 12:01 --------- d-----w c:\documents and settings\Millie\Application Data\Creative
2008-10-16 11:27 --------- d--h--w c:\program files\Creative Installation Information
2008-10-16 11:27 --------- d-----w c:\program files\Creative
2008-10-16 11:27 --------- d-----w c:\program files\Common Files\Creative
2008-10-16 01:35 --------- d-----w c:\documents and settings\Millie\Application Data\Home Sweet Home
2008-10-15 19:59 --------- d-----w c:\documents and settings\All Users\Application Data\LBXEIIMIYG
2008-10-15 03:35 218,064 ----a-w c:\documents and settings\Millie\Application Data\GDIPFONTCACHEV1.DAT
2008-10-15 02:34 --------- d-----w c:\documents and settings\Millie\Application Data\EleFun Games
2008-10-15 01:21 --------- d-----w c:\documents and settings\Millie\Application Data\Gold Casual Games
2008-10-15 01:21 --------- d-----w c:\documents and settings\All Users\Application Data\Gold Casual Games
2008-10-14 19:26 --------- d-----w c:\program files\Astrology
2008-10-13 19:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-10 17:42 --------- d-----w c:\program files\The Mystery of the Crystal Portal
2008-10-05 03:00 --------- d-----w c:\documents and settings\All Users\Application Data\The Game Equation
2008-10-04 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-04 16:34 --------- d-----w c:\documents and settings\Millie\Application Data\Apple Computer
2008-10-04 08:33 442,090 ----a-w c:\windows\java\Packages\07FJ7TBZ.ZIP
2008-10-04 08:33 2,281,407 ----a-w c:\windows\java\Packages\OKENZ5RR.ZIP
2008-10-04 08:18 2,536,053 ----a-w c:\windows\java\Packages\9NLRFZ3B.ZIP
2008-10-04 08:17 2,281,407 ----a-w c:\windows\java\Packages\ZXRHFRJB.ZIP
2008-10-04 07:18 2,723,475 ----a-w c:\windows\java\Packages\408W79NP.ZIP
2008-10-04 05:09 510,840 ----a-w c:\windows\system32\SpoonUninstall.exe
2008-10-04 05:06 88,576 ----a-w c:\windows\system32\OptimFROG.dll
2008-10-03 19:59 27,136 ----a-w c:\windows\system32\drivers\nchssvad.sys
2008-10-03 19:49 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-03 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-03 19:24 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-10-03 19:21 --------- d-----w c:\program files\NCH Swift Sound
2008-10-03 19:21 --------- d-----w c:\program files\NCH Software
2008-10-03 19:21 --------- d-----w c:\documents and settings\Millie\Application Data\NCH Swift Sound
2008-10-01 20:10 --------- d-----w c:\documents and settings\Millie\Application Data\BinaryMark
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-27 20:26 --------- d-----w c:\documents and settings\Millie\Application Data\cerasus.media
2008-09-27 20:09 --------- d-----w c:\documents and settings\All Users\Application Data\HipSoft
2008-09-26 23:49 --------- d-----w c:\documents and settings\All Users\Application Data\Gogii
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-24 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-09-24 20:36 --------- d-----w c:\program files\AOL 9.1
2008-09-24 20:36 --------- d-----w c:\documents and settings\Millie\Application Data\AOL
2008-09-24 20:35 --------- d-----w c:\program files\Viewpoint
2008-09-24 20:35 --------- d-----w c:\program files\Common Files\Nullsoft
2008-09-24 20:35 --------- d-----w c:\program files\Common Files\aolshare
2008-09-24 20:35 --------- d-----w c:\program files\Common Files\AOL
2008-09-24 20:32 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-09-24 13:05 --------- d-----w c:\documents and settings\All Users\Application Data\RKREIIMIYG
2008-09-22 05:05 787 ----a-w C:\Board.Dat
2008-09-20 06:42 --------- d-----w c:\program files\Oberon Media
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-19 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\YOREIIMIYG
2008-09-19 03:16 --------- d-----w c:\documents and settings\All Users\Application Data\MysteryChronicles
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 02:47 1,943,744 ----a-w c:\windows\java\Packages\CS9Z9VTZ.ZIP
2008-08-30 16:59 3,121,495 ----a-w c:\windows\java\Packages\I2K1JBFF.ZIP
2008-08-30 01:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
.

<pre>
----a-w           250,104 2008-09-02 19:47:11  c:\documents and settings\Millie\My Documents\Zipped\Astrology\Software ACS Updates\ACS Atlas 3 0 050628 .exe
----a-w         2,404,352 2008-09-02 19:49:05  c:\documents and settings\Millie\My Documents\Zipped\Astrology\Software ACS Updates\UPDATEARomance w Juno and Nodes ver 2 01 040523 .EXE
</pre>

((((((((((((((((((((((((((((( snapshot@2008-11-16_ 7.07.23.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-02 00:40:31 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-17 18:25:52 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-08-02 00:40:31 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-17 18:25:52 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-17 18:44:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_708.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Architect"="c:\program files\FCoder\Desktop\Desktop Architect\datray.exe" [2001-05-07 53248]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)
"NoLogoff"= 0 (0x0)
"NoRecentDocsNetHood"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
2008-06-13 20:39 45184 c:\windows\system32\fsp_lmwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Millie\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\ImPackr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\FCoder\\Chat\\YIM\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\FCoder\\Chat\\YIM\\Messenger\\YServer.exe"=
"c:\\Program Files\\FCoder\\Multimedia\\PC Satellite TV\\PC Satellite TV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1222288481\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\Millie\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Millie\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56793:UDP"= 56793:UDPando P2P UDP Listening Port

R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2002-08-29 14336]
R3 LMPC4;LMPC4;c:\windows\system32\drivers\LMPC4.sys [2008-09-05 10096]
S3 DrvFltIp;DrvFltIp;\??\c:\documents and settings\Millie\Local Settings\TEMP\DrvFltIp []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\FCoder\Multimedia\Common\Database\bin\fbserver.exe [2008-09-07 1527900]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\F:\NTGLM7X.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-07-07 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09acc992-4882-11dd-8dbe-806d6172696f}]
\Shell\AutoRun\command - F:\Setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c23dd370-cb79-11d2-898a-00c04f80a47f}]
rundll32.exe advpack.dll,LaunchINFSectionEx %SystemRoot%\INF\toolimg.inf,PerUserStub.Install,,36
.
Contents of the 'Scheduled Tasks' folder

2008-11-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\FCoder\Utilities\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2008-11-17 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Millie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-14 12:11]

2008-11-16 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-11-16 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Millie\Application Data\Mozilla\Firefox\Profiles\towq75vj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig?hl=en&source=iglk
FF -: plugin - c:\documents and settings\Millie\Application Data\Mozilla\plugins\npgoogletalk.dll
FF -: plugin - c:\documents and settings\Millie\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\FCoder\Multimedia\DivX\DivX Player\npDivxPlayerPlugin.dll
FF -: plugin - c:\program files\FCoder\Multimedia\DivX\DivX Web Player\npdivx32.dll
FF -: plugin - c:\program files\FCoder\Multimedia\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - c:\program files\FCoder\Multimedia\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 16:02:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\documents and settings\Millie\Local Settings\TEMP\ASFWHide"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\c:\documents and settings\Millie\Local Settings\TEMP\DrvFltIp"
.
Completion time: 2008-11-17 16:05:10
ComboFix-quarantined-files.txt 2008-11-17 21:04:20
ComboFix2.txt 2008-11-17 18:57:08
ComboFix3.txt 2008-11-16 12:07:49

Pre-Run: 123,232,612,352 bytes free
Post-Run: 123,233,034,240 bytes free

302












--- now for HijackThis log -----



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:07:04 PM, on 11/17/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FCoder\Utilities\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\FCoder\Desktop\Lock My PC 4\lockpc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\FCoder\Desktop\Desktop Architect\datray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Millie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1107
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhapsody_app*.listen.com;<local>
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\FCoder\Desktop\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.download.com
O15 - Trusted Zone: www.iwon.com
O15 - Trusted Zone: http://*.kewlbox.com
O15 - Trusted Zone: http://www.pogo.com
O16 - DPF: Battle Phlinx by pogo - http://game3.pogo.com/v/9.1.3.19/applet/battlephlinx/battlephlinx-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.com/v/9.1.5.8/applet/chess2/chess2-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.7.14/applet/platespinner/platespinner-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.1.5.8/applet/firstclass2/firstclass2-en_US.cab
O16 - DPF: Jigsaw Treasure Hunter - http://game3.pogo.com/v/9.1.6.34/applet/jth/jth-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game3.pogo.com/v/9.1.6.34/applet/shoes/shoes-en_US.cab
O16 - DPF: Monopoly by pogo - http://game3.pogo.com/v/9.1.5.23/applet/monopoly/monopoly-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game3.pogo.com/v/9.1.1.1/applet/popfu/popfu-en_US.cab
O16 - DPF: Scrabble by pogo - http://game3.pogo.com/v/9.0.9.8/applet/scrabble/scrabble-en_US.cab
O16 - DPF: Spooky Slots - http://game3.pogo.com/v/9.1.3.19/applet/spooky/spooky-en_US.cab
O16 - DPF: Team Bingo by Pogo - http://game3.pogo.com/v/9.1.3.19/applet/teambingo/teambingo-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.com/v/9.1.1.8/applet/millbrae/millbrae-en_US.cab
O16 - DPF: Trivial Pursuit by pogo - http://game3.pogo.com/v/9.1.6.35/applet/trivial/trivial-en_US.cab
O16 - DPF: Yahtzee Party by pogo - http://game3.pogo.com/v/9.1.6.35/applet/yahtzee/yahtzee-en_US.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/Oneclickfix/tgctlsr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1215130684687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1215235066593
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://clubgames.pogo.com/online2/pogop/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://clubgames.pogo.com/online2/pogop/diner_dash/DinerDash.1.0.0.80.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\FCoder\Utilities\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\FCoder\Multimedia\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9790 bytes

 

[Shaba]

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here

 

[Shaba]

Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.