need help with malware

[abowlofsoda]

I've got Gay Fetish Sex icon on my dekstop and fake antivirus programs popping up like crazy (Rapid Antivirus and more)

I have C.exe in my task manager that when i end that process I can get things under control until reboot.

I ran VundoFix it claimed there was 0 problems. My Kaspersky anti-virus looks like it dealt with alot of stuff as well as Spybot but on reboot the problems remain.

Please help!

 

[Shaba]

Hi abowlofsoda

Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

[abowlofsoda]

Hi there Shaba.. thank you for the help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:58:18, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Livestation\Livestation.exe
C:\WINDOWS\system32\ngfsbmhe.exe
C:\Program Files\BWMeter\BWMeter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [\YURB.exe] C:\Windows\system32\YURB.exe
O4 - HKLM\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe
O4 - HKLM\..\Run: [\YURD.exe] C:\Windows\system32\YURD.exe
O4 - HKLM\..\Run: [\YURE.exe] C:\Windows\system32\YURE.exe
O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Livestation] C:\Program Files\Livestation\Livestation.exe -startup
O4 - HKCU\..\Run: [\YURB.exe] C:\Windows\system32\YURB.exe
O4 - HKCU\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe
O4 - HKCU\..\Run: [\YURD.exe] C:\Windows\system32\YURD.exe
O4 - HKCU\..\Run: [\YURE.exe] C:\Windows\system32\YURE.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\pirate\LOCALS~1\Temp\a.exe
O4 - HKCU\..\Run: [AppSrvUtil] C:\WINDOWS\system32\ngfsbmhe.exe
O4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - Startup: BWMeter.lnk = C:\Program Files\BWMeter\BWMeter.exe
O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\BlueSoleil\BsHelpCS.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 6403 bytes

 

[Shaba]

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

 

[abowlofsoda]

here it is...

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Beyond TV DVD Burning Foundation
Bluesoleil 5.0.5.178
Bonjour
BWMeter v4.1.0
CoreAVC Professional Edition (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Full Speed
Google Gmail Notifier
Hauppauge WinTV Infrared Remote
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iTunes
Java 2 Runtime Environment, SE v1.4.2_11
Java(TM) 6 Update 5
Kaspersky Anti-Virus 2009
Kaspersky Anti-Virus 2009
LibUSB-Win32-0.1.10.1
Linksys Wireless-G PCI Adapter
Livestation
Malwarebytes' RogueRemover
MediaPortal
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
OpenAL
PeerGuardian 2.0
QuickTime
Realtek AC'97 Audio
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Spybot - Search & Destroy
SwarmPlayer (remove only)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VLC media player 0.9.2
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Resource Kit Tools
WinRAR archiver
WinZip 11.2

 

[Shaba]

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete this folder afterwards:

C:\Program Files\uTorrent\

Empty Recycle Bin.

Please run a new HJT scan when finished and post the log back here.

 

[abowlofsoda]

uTorrent doesn't have an entry in Add/Remove panel. I manually deleted the file (it was just 1 file).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:00, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Livestation\Livestation.exe
C:\WINDOWS\system32\ngfsbmhe.exe
C:\Program Files\BWMeter\BWMeter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ngfsbmhe.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [\YURB.exe] C:\Windows\system32\YURB.exe
O4 - HKLM\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe
O4 - HKLM\..\Run: [\YURD.exe] C:\Windows\system32\YURD.exe
O4 - HKLM\..\Run: [\YURE.exe] C:\Windows\system32\YURE.exe
O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Livestation] C:\Program Files\Livestation\Livestation.exe -startup
O4 - HKCU\..\Run: [\YURB.exe] C:\Windows\system32\YURB.exe
O4 - HKCU\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe
O4 - HKCU\..\Run: [\YURD.exe] C:\Windows\system32\YURD.exe
O4 - HKCU\..\Run: [\YURE.exe] C:\Windows\system32\YURE.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\pirate\LOCALS~1\Temp\a.exe
O4 - HKCU\..\Run: [AppSrvUtil] C:\WINDOWS\system32\ngfsbmhe.exe
O4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - Startup: BWMeter.lnk = C:\Program Files\BWMeter\BWMeter.exe
O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\BlueSoleil\BsHelpCS.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 6391 bytes

 

[abowlofsoda]

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Beyond TV DVD Burning Foundation
Bluesoleil 5.0.5.178
Bonjour
BWMeter v4.1.0
CoreAVC Professional Edition (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Full Speed
Google Gmail Notifier
Hauppauge WinTV Infrared Remote
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iTunes
Java 2 Runtime Environment, SE v1.4.2_11
Java(TM) 6 Update 5
Kaspersky Anti-Virus 2009
Kaspersky Anti-Virus 2009
LibUSB-Win32-0.1.10.1
Linksys Wireless-G PCI Adapter
Livestation
Malwarebytes' RogueRemover
MediaPortal
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
OpenAL
PeerGuardian 2.0
QuickTime
Realtek AC'97 Audio
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Spybot - Search & Destroy
SwarmPlayer (remove only)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VLC media player 0.9.2
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Resource Kit Tools
WinRAR archiver
WinZip 11.2

 

[Shaba]

We will begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

 

[abowlofsoda]

omboFix 08-10-11.04 - pirate 2008-10-12 11:14:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.700 [GMT -7:00]
Running from: C:\Documents and Settings\pirate\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\0000005738.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\vlc-0.9.4-win32.exe
C:\Documents and Settings\pirate\Application Data\Adobe\crc.dat
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1007038180
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1015623172
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1017571294
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1026042703
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1031245520
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1033469190
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1034017120
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1039978012
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1042939036
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1045751417
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1046474554
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1049253497
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1053699402
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1077135168
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1078151604
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1078296752
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1079457695
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1081083517
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1096015169
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1104822000
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1107292622
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1113597774
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1117409949
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1119261261
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1129351339
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1154599582
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1164778780
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1168057158
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1175281732
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1184720155
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1186071986
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1192156276
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-119853010
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1206705385
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1207150168
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1217370089
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1236410676
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1241905953
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1246779775
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1247222665
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-125182983
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1251873860
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1259165441
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1267273095
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1271722636
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1273302853
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1286443371
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1310851625
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1318049847
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-132414967
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1326748257
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1335207904
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1344926938
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1352017812
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1355316346
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1355466362
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1356090915
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1357233535
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1370096744
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1392613057
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1405108374
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1414376737
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1416137844
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-141960801
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1425025408
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1426617499
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1429329029
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1431538750
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1437906075
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1439585230
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1441227985
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1446956437
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1448940889
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1459459535
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1461888728
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1462031774
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-148874948
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1489267361
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1491765481
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1493973838
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1501349697
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1521878321
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1538646538
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1544005461
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1562524314
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1563796858
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1575239009
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1576109159
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1583032425
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1584173021
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-158875058
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1593453218
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1615408026
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1620321915
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1641654911
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1651555569
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1652481249
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-165625301
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1662317639
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-167306823
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1685149715
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1686888394
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1689177533
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1694257176
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1697062526
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1702059463
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1721984637
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1724161267
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1725287354
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1725736594
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1733887781
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1734376874
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1735783957
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1737059440
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1741543971
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1743435758
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1746498033
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1747183554
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1770915574
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1789225417
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1820140926
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1826962434
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-182966523
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1842273647
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1851178675
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1859260092
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1864999597
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1894116645
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1901104621
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1901547935
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-190838896
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1908688329
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1917617648
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1927751817
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1928060932
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1931154693
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1932257995
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1952848954
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1961781518
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1966743370
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1969384403
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1974905692
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1979295417
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-199267354
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1993653257
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-199759653
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-1998669583
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2011001230
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-201107384
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2030620571
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2043781476
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-204519751
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2050204378
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2053191666
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2053522331
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2057285069
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2059534154
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2060374113
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2061271424
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2066223077
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2067721645
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2081289837
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2082296435
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2096908191
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2099132985
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2102715642
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2110289455
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2110597543
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2150162123
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2150565823
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2152687669
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2155888586
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-216160201
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2162567265
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2181859842
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2185219840
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2188453508
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2191238990
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2199393980
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2201048240
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-220283029
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2204710948
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2205295873
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2205954639
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2214185805
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2214485075
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2225376763
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2234220488
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2239164684
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2254412808
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2273594922
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2281081202
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-228424605
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2285387426
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2286279018
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2291096262
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2292410906
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2296680483
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2309909396
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2325767330
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2330656067
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-233847819
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2351091779
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2353161200
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2354100090
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2359697984
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2360347703
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2372078671
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2373157683
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-23757558
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2378809292
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2379373605
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2384564650
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2387256511
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2405342984
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2407759402
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2408414143
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2412236168
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2413876903
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2420624122
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-242323989
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2426463997
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2446783604
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2447179908
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2449922669
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2451825685
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2454400783
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2465399116
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2486354018
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2491347288
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2506064545
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2506967990
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2529547488
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2540691500
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2541069116
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2542675972
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2544192560
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2548668480
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2552575029
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2554499316
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2556170079
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2564024930
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2564535776
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2580189973
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2580349979
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2581732874
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2588226043
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2599724527
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2605254030
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2609941924
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-261436519
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2622589330
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2625519436
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2634595668
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2640241600
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2651842473
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2655325963
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2674292378
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2677287443
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2684976596
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2686413160
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2699758182
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-270050678
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2706385384
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2737120955
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2749516296
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2752362458
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-275769735
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2759107201
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2761242566
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-276156221
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2772820865
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2781181147
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-282096800
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2827341720
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2833943876
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2846025056
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-285557847
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-285604523
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2860610287
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2861594983
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2863280215
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2869056688
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2871125932
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2873088910
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2890765696
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2914852335
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2918130070
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2926649100
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2933639795
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2949554187
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2955047856
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2955686927
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2960098509
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2962745395
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2963460344
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2966186106
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2968946333
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2981657240
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2987079286
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2988946685
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2989698935
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-2990806542
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3011332393
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3017131164
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3019030379
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3027369389
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3030738241
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3036818385
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3039670830
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3043694654
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-305022454
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-306889450
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3075252018
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3076729724
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3077147303
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3089060238
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3094150437
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3100231435
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-31060849
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-310623460
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3110418269
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3111867955
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-311563097
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3116277390
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3129596649
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3130761518
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3131932252
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3134869259
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3137085177
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3140753398
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3167226433
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3173515878
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3180794346
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-318387118
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-319133429
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-320018882
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3207038249
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3216274667
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3226381483
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3228468867
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3236100887
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3245963412
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3248272610
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-327085526
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3274892597
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-327678169
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3280392286
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3300526740
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3306920359
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3310301330
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-331184746
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3319181509
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3328675813
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3330747621
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3332791461
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3336394452
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3342127682
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3348341351
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3354089905
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3354701668
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3368341605
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3377871534
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-337805897
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3380045564
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3382842967
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3386322804
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3391204678
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3391341662
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3395476417
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3407811491
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3410209574
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3415905548
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3429831159
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3436502305
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3437309289
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3441192635
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3444688398
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3445933213
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3460886701
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3461455034
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3463693176
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3477909278
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3484934115
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3502374744
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3506269807
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-350712714
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3526269301
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3529860633
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3543757820
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3543775312
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3547327881
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3547607731
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3556163511
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3562903701
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3577054424
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3580301688
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3591624547
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3594609833
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-359705746
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3612151628
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3616632737
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3626133910
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3627726866
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3629724295
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3634024342
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3637045813
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3637573200
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3645174950
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3655693787
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3655784105
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3663555135
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3668631406
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3671380183
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3681990737
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3682237643
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3682427972
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3684134496
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-368537914
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-369685187
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3700897977
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3702933020
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-371436666
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3716797649
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3732952827
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3734688239
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-374237089
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3748202408
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3750135145
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3750718266
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3762001097
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3767648601
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3776561642
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-378095123
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3796940749
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3803299755
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3810974510
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-381722689
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3822137630
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3833945195
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3841725387
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3849257213
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-385530457
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3861469669
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3875894905
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3878620802
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3882184651
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3889636367
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3906813855
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3917607437
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-391912411
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3919210303
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3922489029
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3925667727
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3925937963
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3934268092
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3942236102
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3950280689
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3950688909
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3951045611
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3952150042
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3967795762
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3974269005
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3984508232
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-3999173391
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4012877141
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4013740577
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4017826125
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4035748381
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4038902099
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4046912510
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4052801029
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4058891697
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4061176880
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-406293405
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4064955114
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4068285849
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4076346126
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4081635886
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4083179140
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4093751140
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-410114909
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4108652538
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4109217573
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-410936687
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4109698690
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4109729802
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4110162257
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4122391651
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4132244572
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4137791795
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4139082663
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4140972557
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4148002516
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4150437657
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4156131814
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4158405888
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4159812349
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4163349640
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4167869694
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4172615332
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4180292607
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4186775316
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4188537135
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4190712294
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-419672572
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4200411546
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4203222629
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4240526128
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4262138510
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-4290070753
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-432100091
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-434763492
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-456070227
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-461170707
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-470410001
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-480955784
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-48232051
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-49182314
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-492098740
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-502090456
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-512536034
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-534009456
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-53867383
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-539140423
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-539348384
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-550880310
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-556676759
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-559626144
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-560249086
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-560847035
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-567926291
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-582837748
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-587488
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-592014819
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-613109807
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-6183918
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-619973924
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-6576247
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-670741959
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-671412306
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-68429132
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-684580309
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-684712968
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-696968374
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-703038272
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-703324398
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-706806800
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-714352921
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-731001419
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-731698898
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-734399077
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-742426635
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-74474347
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-744870683
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-745140370
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-749043030
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-750872152
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-766257607
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-777947315
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-781231839
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-782624094
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-783773563
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-796242759
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-796573628
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-808661523
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-813443996
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-813900043
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-815651195
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-816649013
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-838948611
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-845306783
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-845940733
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-851765430
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-852075691
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-854983034
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-857462146
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-858447156
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-862976271
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-86690204
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-875117187
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-877487550
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-879354172
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-879480528
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-88043409
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-890915000
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-897881852
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-901583279
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-908472545
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-915135750
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-922297738
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-928105257
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-933136717
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-934858459
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-945565964
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-961641038
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-966718776
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-970389764
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-975213975
C:\Documents and Settings\pirate\Local Settings\Temporary Internet Files\mpcache-991830595
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\msxml71.dll
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\x

----- BITS: Possible infected sites -----

hxxp://78.157.143.198
hxxp://78.157.142.26

 

[abowlofsoda]

.
((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.

2008-10-12 07:57 . 2008-10-12 07:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-11 19:28 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-11 19:25 . 2008-10-11 19:26 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-10-11 17:45 . 2008-10-11 17:45 <DIR> d-------- C:\VundoFix Backups
2008-10-11 15:31 . 2008-10-11 16:08 <DIR> d-------- C:\Program Files\Rapid Antivirus
2008-10-11 15:31 . 2008-10-11 15:36 <DIR> d-------- C:\Documents and Settings\pirate\Application Data\sp2
2008-10-11 15:31 . 2008-10-11 15:31 <DIR> d-------- C:\Documents and Settings\pirate\Application Data\0000005738
2008-10-11 15:31 . 2008-10-11 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\dknqhiho
2008-10-11 15:31 . 2008-10-11 15:31 86,016 --a------ C:\WINDOWS\system32\ngfsbmhe.exe
2008-10-10 08:22 . 2008-10-11 16:09 <DIR> d-------- C:\Program Files\eMule
2008-10-06 09:59 . 2008-10-06 09:59 <DIR> d-------- C:\Documents and Settings\pirate\Application Data\Livestation
2008-10-06 09:58 . 2008-10-06 09:58 <DIR> d-------- C:\Program Files\OpenAL
2008-10-06 09:58 . 2008-10-06 09:58 <DIR> d-------- C:\Program Files\Livestation
2008-10-06 09:58 . 2008-10-06 09:58 <DIR> d-------- C:\Documents and Settings\pirate\Livestation
2008-10-06 09:58 . 2008-10-06 09:58 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-10-06 09:58 . 2008-10-06 09:58 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-10-04 15:40 . 2008-10-04 15:40 <DIR> d-------- C:\Documents and Settings\pirate\Application Data\Kaspersky_Key_Finder_(KKF
2008-10-04 15:39 . 2008-10-04 15:39 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-10-04 15:39 . 2008-10-11 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-04 15:39 . 2008-10-12 11:16 1,361,952 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-04 15:39 . 2008-10-12 11:16 270,368 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-04 15:39 . 2008-10-04 15:50 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-10-04 15:39 . 2008-10-04 15:50 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-10-04 15:39 . 2008-10-12 11:16 12,768 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-04 15:39 . 2008-10-12 11:16 2,004 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-04 15:37 . 2008-10-04 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-04 13:02 . 2008-10-04 13:03 <DIR> d-------- C:\Program Files\iTunes
2008-10-04 13:02 . 2008-10-04 13:02 <DIR> d-------- C:\Program Files\iPod
2008-10-04 13:02 . 2008-10-04 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-01 22:23 . 2008-10-06 10:57 <DIR> d-------- C:\Documents and Settings\pirate\Application Data\XBMC
2008-10-01 22:22 . 2008-10-01 22:23 <DIR> d-------- C:\Program Files\XBMC
2008-10-01 10:41 . 2008-10-01 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DeskSoft
2008-09-30 15:34 . 2008-10-11 15:30 <DIR> d-------- C:\Program Files\BWMeter
2008-09-30 15:34 . 2008-09-30 15:34 <DIR> d-------- C:\Documents and Settings\pirate\Application Data\DeskSoft
2008-09-30 15:34 . 2008-09-30 15:34 26,920 --a------ C:\WINDOWS\system32\drivers\dsnpfd.sys
2008-09-30 14:29 . 2008-09-30 14:29 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-30 14:29 . 2008-09-30 14:29 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-30 14:29 . 2008-09-30 14:29 <DIR> d-------- C:\Program Files\MSBuild
2008-09-30 14:28 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-25 12:59 . 2008-09-25 12:59 <DIR> d-------- C:\Documents and Settings\pirate\Application Data\vlc
2008-09-14 19:26 . 2008-09-15 14:22 <DIR> d-------- C:\Documents and Settings\pirate\Application Data\Apple Computer
2008-09-14 19:26 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-09-14 19:26 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-14 19:25 . 2008-10-04 13:02 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-14 19:25 . 2008-09-14 19:25 <DIR> d-------- C:\Program Files\QuickTime
2008-09-14 19:25 . 2008-09-14 19:25 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-14 19:25 . 2008-09-14 19:25 <DIR> d-------- C:\Program Files\Bonjour
2008-09-14 19:25 . 2008-09-14 19:25 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-14 19:25 . 2008-09-26 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-14 19:25 . 2008-09-14 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-12 11:40 . 2008-09-12 11:41 <DIR> d-------- C:\Documents and Settings\pirate\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 18:13 --------- d-----w C:\Program Files\PeerGuardian2
2008-10-12 17:46 --------- d-----w C:\Program Files\uTorrent
2008-10-12 17:45 --------- d-----w C:\Documents and Settings\pirate\Application Data\uTorrent
2008-10-12 02:30 2,790 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-12 00:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-10 15:58 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-10-10 15:58 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe

 

[abowlofsoda]

I dont have a printer so I couldn't write down the directions on the recovery console...and I'm prepared for a format/reinstall if need be (but I'd rather not go that route). This is a mediaPC in the living room.
So I opted out of the recovery install.

My apologies if I offended you for not following directions. Please continue, I beg!

 

[Shaba]

That is ok, you can do it in next run.

Please post next rest of combofix log and a fresh HijackThis log.

 

[abowlofsoda]

2008-10-06 18:31 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-04 22:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-01 22:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-09-11 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-09 06:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-07 06:49 --------- d-----w C:\Documents and Settings\pirate\Application Data\LimeWire
2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-26 16:25 --------- d-----w C:\Program Files\Haali
2008-08-26 16:24 --------- d-----w C:\Program Files\CoreCodec
2008-08-18 19:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"Livestation"="C:\Program Files\Livestation\Livestation.exe" [2008-10-02 1789952]
"AppSrvUtil"="C:\WINDOWS\system32\ngfsbmhe.exe" [2008-10-11 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 C:\WINDOWS\soundman.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
--a------ 2007-09-10 11:08 258134 C:\Program Files\BlueSoleil\BtTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
--a------ 2005-09-18 18:40 1421824 C:\Program Files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\Program Files\\BlueSoleil\\BlueSoleilCS.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R2 BlueSoleilCS;BlueSoleilCS;C:\Program Files\BlueSoleil\BlueSoleilCS.exe [2007-09-14 1155180]
R3 BsHelpCS;BsHelpCS;C:\Program Files\BlueSoleil\BsHelpCS.exe [2007-08-17 57447]
R3 dsnpfd;DeskSoft Service;C:\WINDOWS\system32\DRIVERS\dsnpfd.sys [2008-09-30 26920]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\WINDOWS\system32\drivers\hcw18bda.sys [2008-01-28 384896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2008-10-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-uTorrent - C:\Program Files\uTorrent\uTorrent.exe
HKCU-Run-\YURB.exe - C:\Windows\system32\YURB.exe
HKCU-Run-\YURC.exe - C:\Windows\system32\YURC.exe
HKCU-Run-\YURD.exe - C:\Windows\system32\YURD.exe
HKCU-Run-\YURE.exe - C:\Windows\system32\YURE.exe
HKCU-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
HKLM-Run-\YURB.exe - C:\Windows\system32\YURB.exe
HKLM-Run-\YURC.exe - C:\Windows\system32\YURC.exe
HKLM-Run-\YURD.exe - C:\Windows\system32\YURD.exe
HKLM-Run-\YURE.exe - C:\Windows\system32\YURE.exe
HKLM-Run-\YUR1.exe - C:\Windows\system32\YUR1.exe
MSConfigStartUp-Joystick 2 Mouse - C:\Program Files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe
MSConfigStartUp-Pinnacle Game Profiler - C:\Program Files\Pinnacle Game Profiler\pinnacle.exe
MSConfigStartUp-SageTV - C:\Program Files\SageTV\SageTV\SageTV.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\pirate\Application Data\Mozilla\Firefox\Profiles\vjnjlerq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 11:17:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BWMeter\BWMeter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-10-12 11:21:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-12 18:21:45

Pre-Run: 34,062,577,664 bytes free
Post-Run: 34,308,440,064 bytes free

 

[abowlofsoda]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:59, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Livestation\Livestation.exe
C:\WINDOWS\system32\ngfsbmhe.exe
C:\Program Files\BWMeter\BWMeter.exe
C:\Program Files\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ngfsbmhe.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Livestation] C:\Program Files\Livestation\Livestation.exe -startup
O4 - HKCU\..\Run: [AppSrvUtil] C:\WINDOWS\system32\ngfsbmhe.exe
O4 - Startup: BWMeter.lnk = C:\Program Files\BWMeter\BWMeter.exe
O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\BlueSoleil\BsHelpCS.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 5691 bytes

 

[Shaba]

It appears that your Kaspersky Antivirus is not legit.

So you will need to next uninstall it.

After that, please download and install one of the free antiviruses from below.

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Post a fresh hijackthis log afterwards, please.

 

[abowlofsoda]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:36, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Livestation\Livestation.exe
C:\WINDOWS\system32\ngfsbmhe.exe
C:\Program Files\BWMeter\BWMeter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ngfsbmhe.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Livestation] C:\Program Files\Livestation\Livestation.exe -startup
O4 - HKCU\..\Run: [AppSrvUtil] C:\WINDOWS\system32\ngfsbmhe.exe
O4 - Startup: BWMeter.lnk = C:\Program Files\BWMeter\BWMeter.exe
O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\BlueSoleil\BsHelpCS.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 5724 bytes

 

[abowlofsoda]

I installed the free AVG antivirus. I didn't run a scan with it yet tho.
The fake Windows Security Alert popups are still returning after reboot.

 

[abowlofsoda]

I completed a full AVG scan. It found 4 files (all the same name) and a registry entry that pertained to the same file.

I cleaned them off and rebooted. The fake security popups didnt return on reb oot

 

[abowlofsoda]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38:58, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Livestation\Livestation.exe
C:\Program Files\BWMeter\BWMeter.exe
C:\Program Files\BlueSoleil\BsHelpCS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Livestation] C:\Program Files\Livestation\Livestation.exe -startup
O4 - Startup: BWMeter.lnk = C:\Program Files\BWMeter\BWMeter.exe
O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\BlueSoleil\BsHelpCS.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 5599 bytes