Need help with Smitfraud-C infection

[Woody_74]

My son picked up an issue on my computer earlier today using Firefox.

After clicking on a pop-up to instal a flash driver Firefox will no longer open or if able to open it will abruptly close shortly thereafter.

I've run CA Anti-Spyware and CA Anti-Virus after updating and fixed all found problems. I've also run Spybot Search&Destroy (SB hereafter) and it it would find the Smitfraud-C issue. After fixing the problem it would re-appear on a subsequent scan. After browsing these forums I re-ran SB after restarting in Safe Mode and after fixing the problem it would re-appear on the subsequent scan.

I've read the "BEFORE you POST" thread and downloaded HJT, below is the log. Please Help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:30 AM, on 10/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>;*.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://www.help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbxcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 7920 bytes

 

[katana]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

Step 1


Disable Teatimer
First step:

• Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
• If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
• If you have Version 1.4, Click on Exit Spybot S&D Resident

Second step, For Either Version :

• Open Spybot S&D
• Click Mode, choose Advanced Mode
• Go To the bottom of the Vertical Panel on the Left, Click Tools
• then, also in left panel, click Resident shows a red/white shield.
• If your firewall raises a question, say OK
• In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
• OK any prompts.
• Use File, Exit to terminate Spybot
• Reboot your machine for the changes to take effect.

----------------------------------------------------------- -----------------------------------------------------------
Step 2


Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis


----------------------------------------------------------- -----------------------------------------------------------
Step 3


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------- -----------------------------------------------------------
Step 4


Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

----------------------------------------------------------- -----------------------------------------------------------
Step 5



Logs/Information to Post in Reply
Please post the following logs/Information in your reply

• MalwareBytes Log
• RSIT Logs
• How are things running now ?

 

[Woody_74]

Logs

Below are the requested logs. I will update on performance once I restart. Thank you so much.

Malwarebytes' Anti-Malware 1.28
Database version: 1268
Windows 5.1.2600 Service Pack 3

10/14/2008 12:00:46 PM
mbam-log-2008-10-14 (12-00-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 165121
Time elapsed: 46 minute(s), 22 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Tasks\SysFile.brk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.


Logfile of random's system information tool 1.04 (written by random/random)
Run by Big Stan at 2008-10-14 12:06:40
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 7 GB (10%) free of 71 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:58 PM, on 10/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAPPActiveProtection.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Big Stan\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Big Stan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://www.help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbxcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 7725 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Big Stan at 11 46 AM.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"=C:\WINDOWS\System32\nvraidservice.exe [2004-11-03 84480]
"CAVRID"=C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe [2007-08-20 230664]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2007-08-16 177416]
"QOELOADER"=C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe [2008-05-16 14088]
"cafwc"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [2008-07-31 1193200]
"capfasem"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2008-07-31 173296]
""= []
"capfupgrade"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe [2008-07-31 259312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-09-11 8491008]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VETMSGNT"=2
"vsmon"=2
"usnjsvc"=3

C:\Documents and Settings\Big Stan\Start Menu\Programs\Startup
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\WINDOWS\system32\UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft"
"C:\Program Files\AvRack\rtlrack.exe"="C:\Program Files\AvRack\rtlrack.exe:*:Enabled:AvRack"
"C:\Program Files\twc\medicsp2\bin\sprtsvc.exe"="C:\Program Files\twc\medicsp2\bin\sprtsvc.exe:*:Enabled:sprtsvc.exe"
"C:\Program Files\HERACTSTG\smartaccess\bcont.exe"="C:\Program Files\HERACTSTG\smartaccess\bcont.exe:*:Enabled:bcont.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Maxis\SimCity 3000 Unlimited\Apps\Updater\UPDATER.EXE"="C:\Program Files\Maxis\SimCity 3000 Unlimited\Apps\Updater\UPDATER.EXE:*isabled:SC3UpdaterMFC"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Minions of Mirth\bin\MinionsOfMirth.exe"="C:\Program Files\Minions of Mirth\bin\MinionsOfMirth.exe:*:Enabled:MinionsOfMirth"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\Minions of Mirth\bin\MinionsOfMirth.exe"="C:\Program Files\Minions of Mirth\bin\MinionsOfMirth.exe:*:Enabled:MinionsOfMirth"

======List of files/folders created in the last 3 months======

2008-10-14 12:06:40 ----D---- C:\rsit
2008-10-14 11:10:06 ----D---- C:\Documents and Settings\Big Stan\Application Data\Malwarebytes
2008-10-14 11:10:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-14 11:10:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-14 02:39:47 ----D---- C:\Program Files\ProcessExplorer
2008-10-14 01:30:04 ----D---- C:\Program Files\Trend Micro
2008-10-13 22:44:06 ----A---- C:\WINDOWS\svchost.exe
2008-10-13 20:34:02 ----A---- C:\WINDOWS\1.ini
2008-10-13 16:59:19 ----A---- C:\WINDOWS\wininit.ini
2008-10-13 16:07:19 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-13 16:07:19 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-13 14:24:32 ----D---- C:\Documents and Settings\Big Stan\Application Data\MSN6
2008-10-13 14:11:07 ----A---- C:\WINDOWS\system32\atlcom829_127.dll
2008-10-01 18:04:46 ----D---- C:\Program Files\Common Files\Skype
2008-09-17 08:47:18 ----D---- C:\Program Files\iPod
2008-09-17 08:47:17 ----D---- C:\Program Files\iTunes
2008-09-17 08:47:17 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-17 08:42:34 ----D---- C:\Program Files\Bonjour
2008-09-17 08:41:59 ----D---- C:\Program Files\QuickTime
2008-09-15 14:30:03 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt
2008-09-15 03:05:10 ----D---- C:\Program Files\World of Warcraft Public Test
2008-09-14 17:24:54 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-09-13 17:06:19 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-13 14:06:01 ----D---- C:\WINDOWS\system32\Adobe
2008-09-10 05:06:35 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-08-29 10:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll
2008-08-21 10:57:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-20 17:54:16 ----D---- C:\WINDOWS\Prefetch
2008-08-20 17:51:33 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-20 17:50:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-20 17:49:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-20 17:48:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-20 17:47:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-20 17:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-20 17:45:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-20 17:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-20 17:43:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-20 17:42:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-20 17:41:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-08-20 17:40:46 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-20 17:38:23 ----A---- C:\WINDOWS\setuplog.txt
2008-08-20 17:37:11 ----D---- C:\WINDOWS\system32\en-us
2008-08-20 17:37:09 ----D---- C:\WINDOWS\system32\scripting
2008-08-20 17:37:08 ----D---- C:\WINDOWS\l2schemas
2008-08-20 17:37:07 ----D---- C:\WINDOWS\system32\en
2008-08-20 17:31:28 ----D---- C:\WINDOWS\network diagnostic
2008-08-19 13:37:41 ----D---- C:\Program Files\MSXML 6.0
2008-08-19 13:36:24 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-08-19 13:36:22 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-19 13:36:20 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-19 13:36:18 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-19 13:36:18 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-19 13:36:11 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-19 13:36:11 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-19 13:36:02 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-19 13:35:58 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-19 13:35:57 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-19 13:35:56 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-19 13:35:55 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-19 13:35:55 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-19 13:35:55 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-19 13:35:54 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-19 13:35:51 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-19 13:35:44 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-19 13:35:44 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-19 13:35:44 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-19 13:35:41 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-19 13:35:41 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-19 13:35:33 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-19 13:35:33 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-19 13:35:33 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-19 13:35:32 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-19 13:35:27 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-19 13:35:26 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-19 13:35:26 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-19 13:35:26 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-19 13:35:26 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-19 13:35:25 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-19 13:35:16 ----A---- C:\WINDOWS\005459_.tmp
2008-08-19 13:35:15 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-19 13:35:15 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-19 13:35:15 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-19 13:35:15 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-19 13:35:15 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-19 13:35:15 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-19 13:35:15 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-19 13:35:15 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-19 13:35:13 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-19 13:35:13 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-19 13:35:13 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-19 13:35:13 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-19 13:35:13 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-19 13:35:13 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-19 13:35:13 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-19 13:35:12 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-19 13:35:12 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-19 13:35:11 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-19 13:35:10 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-19 13:35:07 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-19 13:35:06 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-19 13:35:00 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-18 09:28:09 ----D---- C:\Documents and Settings\Big Stan\Application Data\OpenOffice.org2
2008-08-18 09:21:51 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-08-18 09:21:33 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-18 09:21:33 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-18 09:21:33 ----A---- C:\WINDOWS\system32\java.exe
2008-08-14 06:38:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-14 06:38:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-14 06:38:02 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 06:37:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-14 06:36:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 06:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-14 06:36:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-14 06:35:43 ----HDC---- C:\WINDOWS\$NtUninstallKB953838_0$
2008-08-04 12:40:46 ----D---- C:\Program Files\Wrath of the Lich King Beta
2008-08-04 03:43:38 ----A---- C:\WINDOWS\MegaManager.INI
2008-07-17 21:47:29 ----D---- C:\Documents and Settings\Big Stan\Application Data\Uniblue

======List of files/folders modified in the last 3 months======

2008-10-14 12:00:48 ----D---- C:\WINDOWS
2008-10-14 12:00:46 ----SD---- C:\WINDOWS\Tasks
2008-10-14 11:56:11 ----D---- C:\WINDOWS\CAVTemp
2008-10-14 11:46:56 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-14 11:11:04 ----D---- C:\WINDOWS\system32\drivers
2008-10-14 11:10:02 ----D---- C:\Program Files
2008-10-14 11:08:23 ----D---- C:\WINDOWS\system32
2008-10-14 11:05:34 ----D---- C:\WINDOWS\Temp
2008-10-14 04:50:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-13 22:27:03 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-13 16:11:56 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-13 16:11:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-13 16:05:30 ----D---- C:\Documents and Settings\Big Stan\Application Data\Mozilla
2008-10-13 15:54:39 ----D---- C:\Program Files\NoAdware4
2008-10-13 15:42:13 ----D---- C:\Program Files\Mozilla Firefox
2008-10-13 15:01:15 ----HD---- C:\WINDOWS\inf
2008-10-13 15:00:56 ----SHD---- C:\WINDOWS\Installer
2008-10-13 14:59:30 ----D---- C:\Documents and Settings\Big Stan\Application Data\Apple Computer
2008-10-13 14:15:04 ----D---- C:\Program Files\Full Tilt Poker
2008-10-11 12:15:20 ----D---- C:\Program Files\World of Warcraft
2008-10-10 05:41:04 ----D---- C:\Documents and Settings\Big Stan\Application Data\Skype
2008-10-09 21:07:45 ----D---- C:\Documents and Settings\Big Stan\Application Data\skypePM
2008-10-09 17:27:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-09 14:12:34 ----D---- C:\Program Files\Warcraft III
2008-10-09 11:34:14 ----D---- C:\WINDOWS\system32\Macromed
2008-10-09 10:18:48 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-01 18:04:46 ----D---- C:\Program Files\Common Files
2008-09-20 00:07:41 ----D---- C:\Documents and Settings\Big Stan\Application Data\Adobe
2008-09-20 00:07:40 ----D---- C:\Program Files\Adobe
2008-09-17 08:47:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-17 08:42:02 ----D---- C:\Program Files\Common Files\Apple
2008-09-15 03:23:17 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-09-13 17:06:24 ----SHD---- C:\RECYCLER
2008-09-10 05:06:35 ----D---- C:\WINDOWS\WinSxS
2008-09-05 16:26:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-04 21:15:20 ----D---- C:\WINDOWS\Help
2008-08-26 13:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-21 10:58:00 ----A---- C:\WINDOWS\imsins.BAK
2008-08-21 10:19:59 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-20 23:11:23 ----D---- C:\Program Files\Apple Software Update
2008-08-20 17:56:19 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-08-20 17:55:24 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-08-20 17:53:54 ----D---- C:\WINDOWS\system32\Setup
2008-08-20 17:53:53 ----RSD---- C:\WINDOWS\Fonts
2008-08-20 17:53:53 ----D---- C:\WINDOWS\system32\wbem
2008-08-20 17:53:53 ----D---- C:\WINDOWS\AppPatch
2008-08-20 17:51:47 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-20 17:41:00 ----D---- C:\Program Files\Messenger
2008-08-20 17:40:17 ----D---- C:\WINDOWS\security
2008-08-20 17:37:28 ----D---- C:\WINDOWS\ime
2008-08-20 17:37:10 ----D---- C:\WINDOWS\system32\usmt
2008-08-20 17:37:08 ----D---- C:\Program Files\Internet Explorer
2008-08-20 17:37:06 ----D---- C:\WINDOWS\system32\bits
2008-08-20 17:37:06 ----D---- C:\WINDOWS\peernet
2008-08-20 17:37:06 ----D---- C:\Program Files\Movie Maker
2008-08-20 17:33:47 ----D---- C:\WINDOWS\system32\Restore
2008-08-20 17:33:46 ----D---- C:\WINDOWS\system32\npp
2008-08-20 17:33:44 ----D---- C:\WINDOWS\msagent
2008-08-20 17:33:42 ----D---- C:\WINDOWS\srchasst
2008-08-20 17:33:39 ----D---- C:\Program Files\NetMeeting
2008-08-20 17:33:37 ----D---- C:\WINDOWS\system32\Com
2008-08-20 17:33:35 ----D---- C:\Program Files\Windows Media Player
2008-08-20 17:33:34 ----D---- C:\Program Files\Windows NT
2008-08-20 17:33:34 ----D---- C:\Program Files\Outlook Express
2008-08-20 17:33:31 ----D---- C:\Program Files\Common Files\System
2008-08-20 17:33:11 ----D---- C:\WINDOWS\system32\oobe
2008-08-20 17:33:09 ----D---- C:\WINDOWS\system
2008-08-20 17:30:28 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-20 17:30:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-20 17:28:20 ----D---- C:\WINDOWS\EHome
2008-08-19 13:17:04 ----D---- C:\WINDOWS\Debug
2008-08-18 09:22:25 ----RSD---- C:\WINDOWS\assembly
2008-08-18 09:21:33 ----D---- C:\Program Files\Java
2008-08-01 12:34:36 ----A---- C:\caisslog.txt
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-16 23:26:01 ----D---- C:\Documents and Settings\Big Stan\Application Data\BitTorrent
2008-07-16 05:53:45 ----D---- C:\Documents and Settings\Big Stan\Application Data\DivX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KmxAgent;KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile; C:\WINDOWS\System32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw; C:\WINDOWS\System32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-06-04 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2007-08-20 21512]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2007-08-20 26376]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2007-08-20 32264]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2007-08-20 21128]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 KmxCF;KmxCF; C:\WINDOWS\System32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx; C:\WINDOWS\System32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-10-28 17024]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2004-10-28 30299]
R3 btwhid;btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [2004-10-28 44003]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 KmxCfg;KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-09-11 6852864]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2004-11-10 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2004-11-10 12928]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-04-28 47360]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-06-04 108368]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\System32\DRIVERS\vsb.sys [2004-09-03 18167]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2007-09-20 265856]
S3 BRIDGE;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-10-28 54488]
S3 iviudf;iviudf; C:\WINDOWS\system32\drivers\IviUdf.sys [2005-01-12 116224]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys []
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2004-09-03 47104]
S4 atapi;atapi; C:\WINDOWS\system32\drivers\atapi.sys [2008-04-13 96512]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 CAISafe;CAISafe; C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe [2007-08-20 144960]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-01-04 280080]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-09-11 155716]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2003-03-31 19456]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2); C:\Program Files\twc\medicsp2\bin\sprtsvc.exe [2007-03-07 202280]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2007-10-18 145936]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe [2007-08-20 242952]
R2 wowsystemcode;Remote TCP/IPv6; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2007-08-16 214280]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe [2007-08-16 189704]
S1 udffsrec;udffsrec; C:\WINDOWS\system32\drivers\udffsrec.sys [2004-12-19 5248]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S3 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2004-10-28 163840]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 lxbx_device;lxbx_device; C:\WINDOWS\System32\lxbxcoms.exe [2005-01-06 462848]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2008-07-15 394608]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-10-14 12:07:00

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
-->"C:\Program Files\InstallShield Installation Information\{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}\setup.exe" --u:{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}
-->"C:\Program Files\InstallShield Installation Information\{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}\setup.exe" --u:{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40602E2C-AB5C-4887-8093-3BFE5B8B95B3}\setup.exe" REMOVEALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CA Internet Security Suite-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
Combined Community Codec Pack 2006-12-15-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
ConvertXtoDVD 2.1.18.242-->"C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Fung Wan Online-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{334098FE-8BD9-4B60-B0C3-07D39EE0F870}\Setup.exe" -l0x9
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AEEE6D6-C95D-465A-B8D3-B7AE2FA7B8B4}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lexmark 7100 Series-->C:\WINDOWS\System32\spool\drivers\w32x86\3\lxbxUNST.EXE -NOLICENSE
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
MediaLife -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{362BFFCD-8274-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Mozilla Firefox (3.0.3)-->C:\Documents and Settings\Big Stan\Desktop\Mozilla Firefox\uninstall\helper.exe
MS Access 97 SP2-->C:\Program Files\Microsoft Office\setup\setup.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Road Runner Medic 6.1-->"C:\Program Files\twc\medicsp2\unins000.exe"
RoadRunner-->MsiExec.exe /I{A73EFA95-4872-4AE3-8EE9-10D2E2D713CF}
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
TWC Customer Controls-->MsiExec.exe /I{F8722041-B63A-47FB-82A8-5F0977E1CF45}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
ViewSonic Monitor Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Warcraft II BNE-->C:\WINDOWS\W2BNEUnin.exe C:\WINDOWS\W2BNEUnin.dat
WIDCOMM Bluetooth Software-->MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
World of Warcraft Public Test-->C:\Program Files\Common Files\Blizzard Entertainment\Burning Crusade-PTR\Uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Wrath of the Lich King Beta-->C:\Program Files\Common Files\Blizzard Entertainment\Wrath of the Lich King\Uninstall.exe

=====HijackThis Backups=====

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: CA Anti-Virus
FW: CA Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

 

[katana]

Information

Note about poker games:

You appear to be a fan of games. but I think it's important to note that often these kind of programs are installed with other unwanted software, namely spyware or adware. If you did not install these programs yourself, or you do not use them any more, I would definitely recommend that you uninstall them from your computer, even if it is simply a precautionary measure. The amount of different poker software which arises on the internet means it is impossible to keep track of which ones are infected and which ones are not. If you do use the software, and wish to continue doing so, please ignore this. If you do decide to go ahead and remove the poker software, you should be able uninstall them via add/remove which can be found in the control panel. Let me know if you have any problems whilst doing so.
Here are links to some poker sites regarded as safe for your reference.

• http://www.pokerstars.net/ - This is a free to use/play site.
• http://www.pokerstars.com - This is the paid for version.

----------------------------------------------------------- -----------------------------------------------------------

Step 1


Remove Programs

Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,
click on the program to highlight it, and click on remove.

• Full Tilt Poker << Adware related
• J2SE Runtime Environment 5.0 Update 6
  Java(TM) 6 Update 4
  Java(TM) 6 Update 6

Now close the Control Panel.


----------------------------------------------------------- -----------------------------------------------------------
Step 2



Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


----------------------------------------------------------- -----------------------------------------------------------
Step 3


Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


----------------------------------------------------------- -----------------------------------------------------------
Step 4


Logs/Information to Post in Reply
Please post the following logs/Information in your reply

• ComboFix Log
• Kaspersky Log

 

[Woody_74]

Completed Step 2 below are the combofix and HijackThis logs, posting Kaspersky log upon completion of step 3 shortly.

ComboFix 08-10-14.03 - Big Stan 2008-10-14 14:07:32.1 - NTFSx86
Running from: C:\Documents and Settings\Big Stan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Big Stan\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Big Stan\Application Data\inst.exe
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\d.txt
C:\WINDOWS\system32\windows.txt

.
((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.

2008-10-14 12:06 . 2008-10-14 12:07 <DIR> d-------- C:\rsit
2008-10-14 11:10 . 2008-10-14 11:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-14 11:10 . 2008-10-14 11:10 <DIR> d-------- C:\Documents and Settings\Big Stan\Application Data\Malwarebytes
2008-10-14 11:10 . 2008-10-14 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-14 11:10 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-14 11:10 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-14 02:39 . 2008-10-14 02:40 <DIR> d-------- C:\Program Files\ProcessExplorer
2008-10-14 01:30 . 2008-10-14 01:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-13 22:26 . 2008-10-13 22:26 <DIR> d-------- C:\Documents and Settings\Administrator.GAMINGCOMPUTER.000\Application Data\Ventrilo
2008-10-13 20:34 . 2008-10-13 22:46 0 --a------ C:\WINDOWS\1.ini
2008-10-13 16:59 . 2008-10-13 16:59 81 --a------ C:\WINDOWS\wininit.ini
2008-10-13 16:07 . 2008-10-13 16:07 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-13 16:07 . 2008-10-13 16:07 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-13 14:24 . 2008-10-13 14:24 <DIR> d-------- C:\Documents and Settings\Big Stan\Application Data\MSN6
2008-10-13 14:11 . 2008-10-13 15:30 102,400 --a------ C:\WINDOWS\system32\atlcom829_127.dll
2008-10-13 14:11 . 2008-10-13 14:11 20 --a------ C:\WINDOWS\syscheck
2008-10-01 18:05 . 2008-10-01 18:05 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-01 18:04 . 2008-10-01 18:04 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-17 08:47 . 2008-09-17 08:47 <DIR> d-------- C:\Program Files\iTunes
2008-09-17 08:47 . 2008-09-17 08:47 <DIR> d-------- C:\Program Files\iPod
2008-09-17 08:47 . 2008-09-17 08:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-17 08:42 . 2008-09-17 08:42 <DIR> d-------- C:\Program Files\Bonjour
2008-09-17 08:41 . 2008-09-17 08:42 <DIR> d-------- C:\Program Files\QuickTime
2008-09-15 03:05 . 2008-09-18 17:41 <DIR> d-------- C:\Program Files\World of Warcraft Public Test
2008-09-14 17:24 . 2008-09-14 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Blizzard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 21:12 --------- d-----w C:\Documents and Settings\Big Stan\Application Data\OpenOffice.org2
2008-10-14 21:10 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-10-14 21:10 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-10-14 21:10 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-10-14 21:10 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-10-14 21:10 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-10-14 21:10 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-10-14 21:10 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-10-14 21:10 231,244 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-10-14 20:38 --------- d-----w C:\Program Files\Java
2008-10-14 20:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-14 20:36 --------- d-----w C:\Program Files\Full Tilt Poker
2008-10-13 23:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-13 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-13 22:54 --------- d-----w C:\Program Files\NoAdware4
2008-10-13 21:59 --------- d-----w C:\Documents and Settings\Big Stan\Application Data\Apple Computer
2008-10-11 19:15 --------- d-----w C:\Program Files\World of Warcraft
2008-10-10 12:41 --------- d-----w C:\Documents and Settings\Big Stan\Application Data\Skype
2008-10-10 04:07 --------- d-----w C:\Documents and Settings\Big Stan\Application Data\skypePM
2008-10-10 03:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-09 21:55 --------- d-----w C:\Program Files\Wrath of the Lich King Beta
2008-10-09 21:12 --------- d-----w C:\Program Files\Warcraft III
2008-09-17 15:42 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-15 10:23 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-09-02 15:22 --------- d-----w C:\Documents and Settings\Stand\Application Data\InstallShield Installation Information
2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-21 06:11 --------- d-----w C:\Program Files\Apple Software Update
2008-08-19 20:37 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-18 23:02 --------- d-----w C:\Documents and Settings\Big Stan\Application Data\Uniblue
2008-08-18 16:21 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-01-11 01:26 7,028,144 ----a-w C:\Documents and Settings\Big Stan\medic6.exe
2007-12-06 19:42 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-04-28 09:29 47,360 ----a-w C:\Documents and Settings\Big Stan\Application Data\pcouffin.sys
2005-10-02 09:05 65 -c--a-w C:\Program Files\Common Files\appop.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\System32\nvraidservice.exe" [2004-11-03 84480]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2007-08-20 230664]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 177416]
"QOELOADER"="C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-05-16 14088]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-11 8491008]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

C:\Documents and Settings\Big Stan\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 13:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VETMSGNT"=2 (0x2)
"vsmon"=2 (0x2)
"usnjsvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"Easy Messaging"=C:\Program Files\Logitech\Easy Messaging\MobilePhoneSuite.exe --nogui
"medicsp2"=C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\AvRack\\rtlrack.exe"=
"C:\\Program Files\\twc\\medicsp2\\bin\\sprtsvc.exe"=
"C:\\Program Files\\HERACTSTG\\smartaccess\\bcont.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDPeer Name Resolution Protocol (PNRP)
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017
"27712:TCP"= 27712:TCP:BitCometLite 27712 TCP
"27712:UDP"= 27712:UDP:BitCometLite 27712 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 38784]
R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2008-06-24 93712]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);C:\Program Files\twc\medicsp2\bin\sprtsvc.exe [2007-03-07 202280]
R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 wowsystemcode;Remote TCP/IPv6;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe [2007-08-16 189704]
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-01-12 116224]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wowsystemcode
.
Contents of the 'Scheduled Tasks' folder

2008-09-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-13 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Big Stan at 11 46 AM.job
- C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAAntiSpyware.exe [2007-08-16 21:10]

2008-09-27 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-07-18 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Zone Labs Client - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Big Stan\Application Data\Mozilla\Firefox\Profiles\mdagrifq.default\
FF -: plugin - C:\Documents and Settings\Big Stan\Application Data\Mozilla\plugins\npoctoshape.dll
FF -: plugin - C:\Documents and Settings\Big Stan\Desktop\Mozilla Firefox\plugins\npnul32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Octoshape Streaming Services\Big Stan\octoprogram-L03-NMS0806260_SUA_000\npoctoshape.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 14:12:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vetmsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAPPActiveProtection.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-10-14 14:15:42 - machine was rebooted [Big Stan]
ComboFix-quarantined-files.txt 2008-10-14 21:15:15

Pre-Run: 7,579,693,056 bytes free
Post-Run: 9,249,841,152 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

255 --- E O F --- 2008-09-10 12:07:50


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:30 PM, on 10/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAPPActiveProtection.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://www.help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbxcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 7619 bytes

 

[katana]

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
C:\WINDOWS\svchost.exe
Click Submit/Send File
Please post back, to let me know the results.


If Virustotal is too busy please try Jotti



----------------------------------------------------------- -----------------------------------------------------------


Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.

@echo off
if exist C:\kresults.txt del /q C:\kresults.txt
Echo Searching ..... Please Wait
FOR %%G IN (
C:\WINDOWS\1.ini
C:\WINDOWS\wininit.ini
) DO (
echo %%G >> C:\kresults.txt
Type "%%G" >> C:\kresults.txt
echo. >> C:\kresults.txt
echo. >> C:\kresults.txt
)
Echo Finished
start notepad C:\kresults.txt
del /q %0
exit

Double click on look.bat
Please be patient, as this will search the entire disc

Notepad will open, please copy/paste the results here.

 

[Woody_74]

Blow is Kaspersly log, proceeding with file analysis and Batch File

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, October 14, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, October 14, 2008 21:42:12
Records in database: 1311959
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 68432
Threat name: 3
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 01:01:06


File name / Threat name / Threats count
c:\windows\system32\atlcom829_127.dll/c:\windows\system32\atlcom829_127.dll Infected: Trojan-GameThief.Win32.WOW.ceu 1
svchost.exe\svchost.exe/svchost.exe\svchost.exe Infected: Trojan-GameThief.Win32.WOW.cev 1
C:\WINDOWS\svchost.exe/C:\WINDOWS\svchost.exe Infected: Trojan-GameThief.Win32.WOW.cev 1
C:\Qoobox\Quarantine\C\WINDOWS\svchost.exe.vir Infected: Trojan-GameThief.Win32.WOW.cev 1
C:\Qoobox\Quarantine\catchme2008-10-14_140928.53.zip Infected: Trojan-GameThief.Win32.WOW.cev 1
C:\WINDOWS\svchost.exe Infected: Trojan-GameThief.Win32.WOW.cev 1
C:\WINDOWS\system32\atlcom829_127.dll Infected: Trojan-GameThief.Win32.WOW.ceu 1
C:\WINDOWS\system32\WolDown.exe Infected: Backdoor.Win32.Delf.agh 1

The selected area was scanned.

 

[Woody_74]

VirusTotal results:

File svchost.exe received on 10.15.2008 01:14:13 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.10.15.0 2008.10.14 -
AntiVir 7.8.1.34 2008.10.14 TR/PSW.O.juki.33056
Authentium 5.1.0.4 2008.10.14 -
Avast 4.8.1248.0 2008.10.14 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.10.14 -
BitDefender 7.2 2008.10.15 -
CAT-QuickHeal 9.50 2008.10.14 TrojanGameThief.WOW.cep
ClamAV 0.93.1 2008.10.15 -
DrWeb 4.44.0.09170 2008.10.15 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6148 2008.10.14 -
Ewido 4.0 2008.10.14 -
F-Prot 4.4.4.56 2008.10.14 -
F-Secure 8.0.14332.0 2008.10.15 Trojan-GameThief.Win32.WOW.cev
Fortinet 3.113.0.0 2008.10.14 PossibleThreat
GData 19 2008.10.15 Win32:Trojan-gen {Other}
Ikarus T3.1.1.34.0 2008.10.14 -
K7AntiVirus 7.10.493 2008.10.14 -
Kaspersky 7.0.0.125 2008.10.15 Trojan-GameThief.Win32.WOW.cev
McAfee 5405 2008.10.14 -
Microsoft 1.4005 2008.10.15 -
NOD32 3522 2008.10.14 Win32/PSW.WOW.NES
Norman 5.80.02 2008.10.14 -
Panda 9.0.0.4 2008.10.14 -
PCTools 4.4.2.0 2008.10.14 -
Prevx1 V2 2008.10.15 Cloaked Malware
Rising 20.66.12.00 2008.10.14 Trojan.PSW.Win32.WoWar.auz
SecureWeb-Gateway 6.7.6 2008.10.15 Trojan.PSW.O.juki.33056
Sophos 4.34.0 2008.10.15 -
Sunbelt 3.1.1722.1 2008.10.14 -
Symantec 10 2008.10.15 -
TheHacker 6.3.1.0.110 2008.10.14 -
TrendMicro 8.700.0.1004 2008.10.14 PAK_Generic.001
VBA32 3.12.8.6 2008.10.14 -
ViRobot 2008.10.14.1419 2008.10.14 -
VirusBuster 4.5.11.0 2008.10.14 -

Additional information
File size: 22528 bytes
MD5...: fdf7b70e6394f29cecf01ee96ce710a1
SHA1..: 2e0497d112199d5f91630f96578e8c88af31df4b
SHA256: fde97e502b5c8ed579df4deb6efb29c9f0e3aa9f00bf0b1e41c47f9ee0e09e71
SHA512: 752b05ece8d2c3f2dcca70e8412a2bb42d33a08c50f7499ae0a43ee2ddc39e30<BR>e5c11418e242204b03653746f1ca7e2a33cc1fa3bb75c372ee646ec8c9ec9314
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x403e31<BR>timedatestamp.....: 0x48ede3ea (Thu Oct 09 10:58:50 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 2 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x500c 0x5200 4.64 14045f16c25cf8526be1ee58a8fadf2a<BR>.CRT 0x7000 0x4 0x200 0.06 e946fab0c98db4bd30595cbfd5737bac<BR><BR>( 7 imports ) <BR>> KERNEL32.dll: Process32Next, Process32First, CreateToolhelp32Snapshot, CloseHandle, OpenProcess, GetProcAddress, LoadLibraryA, GetLastError, Sleep, SetUnhandledExceptionFilter, ReleaseMutex, CreateMutexA, GetCurrentProcess, GetCurrentThreadId, lstrlenW, CreateThread, WideCharToMultiByte, GetModuleHandleA<BR>> USER32.dll: GetMessageA, PostThreadMessageA, GetInputState, wsprintfA<BR>> ADVAPI32.dll: OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges<BR>> ole32.dll: CoCreateInstance, CoInitialize<BR>> OLEAUT32.dll: -, -<BR>> WININET.dll: InternetConnectA, HttpOpenRequestA, HttpSendRequestA, InternetCloseHandle, InternetOpenA<BR>> MSVCRT.dll: _strlwr, memset, memcpy, __3@YAXPAX@Z, __CxxFrameHandler, _stricmp, _onexit, __2@YAPAXI@Z, strlen, __dllonexit<BR><BR>( 0 exports ) <BR>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=112D1A82009AD5BA588300240F8CA6003DBC1198


Kresults:

C:\WINDOWS\1.ini


C:\WINDOWS\wininit.ini
[rename]
c:\tempjunk41.tmp=C:\WINDOWS\svchost.exe_old
nul=c:\tempjunk41.tmp

 

[katana]

Custom CFScript

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  Rootkit::
  C:\WINDOWS\svchost.exe
  
  File::
  C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
  C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
  C:\WINDOWS\1.ini
  C:\WINDOWS\wininit.ini
  C:\WINDOWS\system32\atlcom829_127.dll
  C:\WINDOWS\syscheck
  C:\WINDOWS\system32\WolDown.exe
  c:\tempjunk41.tmp
  C:\WINDOWS\svchost.exe_old
  Folder::
  C:\Program Files\Full Tilt Poker
  C:\Program Files\NoAdware4
  C:\Program Files\Java\jre1.5.0_06
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SunJavaUpdateSched"=-
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  "SunJavaUpdateSched"=-

• Save this as CFScript.txt and place it on your desktop.
  
  
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Logs/Information to Post in Reply
Please post the following logs/Information in your reply

• ComboFix Log
• A Fresh HJT Log
• How are things running now ?

 

[Woody_74]

ComboFix Log Part1

ComboFix 08-10-14.07 - Big Stan 2008-10-15 3:06:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1429 [GMT -7:00]
Running from: C:\Documents and Settings\Big Stan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Big Stan\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\tempjunk41.tmp
C:\WINDOWS\1.ini
C:\WINDOWS\svchost.exe_old
C:\WINDOWS\syscheck
C:\WINDOWS\system32\atlcom829_127.dll
C:\WINDOWS\system32\WolDown.exe
C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
C:\WINDOWS\wininit.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Full Tilt Poker
C:\Program Files\Full Tilt Poker\Cache\42D4EB830001.dc
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080608 250 Play Money Sit & Go - (51329865) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080608 250 Play Money Sit & Go - (51329940) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080608 250 Play Money Sit & Go (51329865), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080608 250 Play Money Sit & Go (51329940), Table 1 - 50-100 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080608 250 Play Money Sit & Go (51329940), Table 2 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 2,000 Play Money Sit & Go - (51497625) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 2,000 Play Money Sit & Go (51497625), Table 2 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go - (51488843) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go - (51488866) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go - (51488961) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go - (51489544) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go - (51489731) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go - (51490075) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go - (51491473) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go - (51496877) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go - (51497544) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51488843), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51488866), Table 6 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51488866), Table 7 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51488961), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51488961), Table 2 - 20-40 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51489544), Table 3 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51489544), Table 8 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51489731), Table 10 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51489731), Table 3 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51489731), Table 8 - 20-40 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51489731), Table 9 - 100-200 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51490075), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51491473), Table 1 - 30-60 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51491473), Table 2 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51496877), Table 3 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51497544), Table 10 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51497544), Table 2 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080610 250 Play Money Sit & Go (51497544), Table 6 - 25-50 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go - (52331102) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go - (52331111) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go - (52331538) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go - (52331614) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go - (52333213) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go - (52334430) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go - (52334988) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go - (52335242) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go (52331102), Table 2 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go (52331111), Table 4 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go (52331538), Table 1 - 20-40 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go (52331538), Table 6 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go (52331538), Table 7 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go (52331614), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go (52331614), Table 4 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go (52333213), Table 2 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go (52333213), Table 6 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go (52333213), Table 8 - 120-240 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go (52333213), Table 9 - 50-100 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go (52334430), Table 5 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go (52334430), Table 9 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go (52334988), Table 3 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go (52335242), Table 2 - 120-240 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080619 250 Play Money Sit & Go (52335242), Table 8 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080620 250 Play Money Sit & Go - (52422511) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080620 250 Play Money Sit & Go - (52422549) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080620 250 Play Money Sit & Go - (52422692) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080620 250 Play Money Sit & Go (52422511), Table 3 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080620 250 Play Money Sit & Go (52422511), Table 4 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080620 250 Play Money Sit & Go (52422549), Table 3 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080620 250 Play Money Sit & Go (52422692), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080620 250 Play Money Sit & Go (52422692), Table 3 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080620 250 Play Money Sit & Go (52422692), Table 6 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080620 Play Chip 1 - 5-10 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080620 Play Chip 1617 - 25-50 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080620 Play Chip 1628 - 25-50 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080621 Play Chip 2099 - 25-50 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080621 Play Chip 2387 - 25-50 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080622 $2 + $0.25 Sit & Go (Turbo) - (52672583) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080622 $2 + $0.25 Sit & Go (Turbo) (52672583), Table 2 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080622 $3 + $0.30 KO Sit & Go - (52622690) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080622 $3 + $0.30 KO Sit & Go (52622690), Table 8 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080622 Mabel (6 max) - $0.05-$0.10 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080622 Miner (6 max) - $0.05-$0.10 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080622 Windsor (6 max) - $0.05-$0.10 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080623 $3 + $0.30 KO Sit & Go - (52722637) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080623 $3 + $0.30 KO Sit & Go - (52723571) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080623 $3 + $0.30 KO Sit & Go (52722637), Table 8 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080623 $3 + $0.30 KO Sit & Go (52723571), Table 9 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080623 Dark (deep 6) - $0.05-$0.10 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080623 Dusk (6 max) - $0.05-$0.10 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080623 Railbirds.com - $0.05-$0.10 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080626 $3 + $0.30 KO Sit & Go - (53057997) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080626 $3 + $0.30 KO Sit & Go - (53059206) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080626 $3 + $0.30 KO Sit & Go (53057997), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080626 $3 + $0.30 KO Sit & Go (53059206), Table 5 - 20-40 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080626 $3 + $0.30 KO Sit & Go (53059206), Table 6 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080629 Akin (deep) - $0.05-$0.10 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080704 Play Chip 163 - 10-20 Ante 2 - Limit Stud H-L.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080706 50 FTP Sat to $750K satellite (54122029), Table 3 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080707 $1 Rebuy - (54017576) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080707 $1 Rebuy (54017576), Table 12 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080707 50 FTP Sat to $750K satellite - (54122029) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080707 50 FTP Sat to $750K satellite (54122029), Table 3 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080707 50 FTP Sat to $750K satellite (54122029), Table 4 - 50-100 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080707 Play Chip 113 - 5-10 - No Limit Omaha H-L.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080707 Play Chip 163 - 10-20 Ante 2 - Limit Stud H-L.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080710 Play Chip 2141 - 500-1000 Ante 100 - Limit Stud H-L.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080710 Play Chip 963 - 100-200 Ante 20 - Limit Stud H-L.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080710 Play Chip 964 - 100-200 Ante 20 - Limit Stud H-L.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080711 Play Chip 121 - 100-200 - No Limit Omaha H-L.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080711 Play Chip 2141 - 500-1000 Ante 100 - Limit Stud H-L.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080711 Play Chip 963 - 100-200 Ante 20 - Limit Stud H-L.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080714 $3 + $0.30 KO Sit & Go - (54859066) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080714 $3 + $0.30 KO Sit & Go - (54859877) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080714 $3 + $0.30 KO Sit & Go (54859066), Table 7 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080714 $3 + $0.30 KO Sit & Go (54859877), Table 3 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080714 $3 + $0.30 KO Sit & Go (54859877), Table 7 - 30-60 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080714 10,000 Play Money Sit & Go - (54856329) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080714 10,000 Play Money Sit & Go - (54862609) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080714 10,000 Play Money Sit & Go (54856329), Table 1 - 30-60 - Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080714 10,000 Play Money Sit & Go (54862609), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080714 2,000 Play Money Sit & Go - (54860066) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080714 2,000 Play Money Sit & Go (54860066), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080714 250 Play Money Sit & Go - (54862367) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080714 250 Play Money Sit & Go - (54864557) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080714 250 Play Money Sit & Go (54862367), Table 1 - 30-60 - Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080714 250 Play Money Sit & Go (54864557), Table 1 - 15-30 - Pot Limit Omaha H-L.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 2,000 Play Money Sit & Go - (55385178) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 2,000 Play Money Sit & Go - (55386546) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 2,000 Play Money Sit & Go - (55387610) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 2,000 Play Money Sit & Go - (55387617) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 2,000 Play Money Sit & Go - (55387726) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 2,000 Play Money Sit & Go (55385178), Table 3 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 2,000 Play Money Sit & Go (55386546), Table 2 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 2,000 Play Money Sit & Go (55387610), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 2,000 Play Money Sit & Go (55387610), Table 5 - 300-600 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 2,000 Play Money Sit & Go (55387617), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 2,000 Play Money Sit & Go (55387726), Table 1 - 50-100 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 2,000 Play Money Sit & Go (55387726), Table 2 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 250 Play Chip Tournament - (55278700) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 250 Play Chip Tournament (55278700), Table 13 - 50-100 Ante 10 - Limit Stud H-L.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 250 Play Chip Tournament (55278700), Table 4 - 30-60 Ante 5 - Limit Stud H-L.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 250 Play Chip Tournament (55278700), Table 5 - 100-200 Ante 15 - Limit Stud H-L.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 Play Chip 1140.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20080719 Play Chip 1145.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 $1 + $0.25 Sit & Go - (64217809) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 $1 + $0.25 Sit & Go (64217809), Table 9 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 10,000 Play Money Sit & Go - (64224214) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 10,000 Play Money Sit & Go - (64230587) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 10,000 Play Money Sit & Go (64224214), Table 10 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 10,000 Play Money Sit & Go (64224214), Table 3 - 25-50 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 10,000 Play Money Sit & Go (64224214), Table 5 - 50-100 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 10,000 Play Money Sit & Go (64224214), Table 6 - 250-500 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 10,000 Play Money Sit & Go (64224214), Table 8 - 120-240 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 10,000 Play Money Sit & Go (64230587), Table 5 - 20-40 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 10,000 Play Money Sit & Go (64230587), Table 8 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 2,000 Play Money Sit & Go - (64222393) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 2,000 Play Money Sit & Go - (64224484) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 2,000 Play Money Sit & Go - (64224679) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 2,000 Play Money Sit & Go - (64224811) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 2,000 Play Money Sit & Go - (64233537) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 2,000 Play Money Sit & Go (64222393), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 2,000 Play Money Sit & Go (64224484), Table 2 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 2,000 Play Money Sit & Go (64224679), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 2,000 Play Money Sit & Go (64224811), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 2,000 Play Money Sit & Go (64233537), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 250 Play Money Sit & Go - (64222240) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 250 Play Money Sit & Go - (64222361) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 250 Play Money Sit & Go - (64223430) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 250 Play Money Sit & Go - (64223601) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 250 Play Money Sit & Go - (64224063) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 250 Play Money Sit & Go - (64224671) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 250 Play Money Sit & Go (64222240), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 250 Play Money Sit & Go (64222361), Table 2 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 250 Play Money Sit & Go (64223430), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 250 Play Money Sit & Go (64223601), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 250 Play Money Sit & Go (64224063), Table 8 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 250 Play Money Sit & Go (64224671), Table 6 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081011 Play Chip 1938 - 50-100 - Limit Omaha H-L.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 $100 Freeroll - (64300493) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 $100 Freeroll - (64305862) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 $100 Freeroll (64300493), Table 100 - 50-100 Ante 10 - Limit Razz.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 $100 Freeroll (64300493), Table 181 - 300-600 Ante 50 - Limit Razz.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 $100 Freeroll (64300493), Table 90 - 30-60 Ante 5 - Limit Razz.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 $100 Freeroll (64305862), Table 103 - 20-40 - Pot Limit Omaha Hi.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 $100 Freeroll (64305862), Table 153 - 20-40 - Pot Limit Omaha Hi.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 $100 Freeroll (64305862), Table 184 - 15-30 - Pot Limit Omaha Hi.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 10,000 Play Money Sit & Go - (64332947) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 10,000 Play Money Sit & Go - (64335144) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 10,000 Play Money Sit & Go - (64335491) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 10,000 Play Money Sit & Go - (64397199) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 10,000 Play Money Sit & Go - (64398728) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 10,000 Play Money Sit & Go (64332947), Table 3 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 10,000 Play Money Sit & Go (64335144), Table 1 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 10,000 Play Money Sit & Go (64335491), Table 4 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 10,000 Play Money Sit & Go (64335491), Table 5 - 300-600 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 10,000 Play Money Sit & Go (64397199), Table 6 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 10,000 Play Money Sit & Go (64398728), Table 7 - 15-30 - No Limit Hold'em.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 2,000 Play Money Sit & Go - (64337088) - Summary.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 2,000 Play Money Sit & Go (64337088), Table 1 - 15-30 - Pot Limit Omaha H-L.txt
C:\Program Files\Full Tilt Poker\HandHistory\Stuunty\FT20081012 Play Chip 2028 - 1000-2000 - Pot Limit Omaha H-L.txt
C:\Program Files\Full Tilt Poker\Stuunty.dat
C:\Program Files\Java\jre1.5.0_06
C:\Program Files\Java\jre1.5.0_06\bin\awt.dll
C:\Program Files\Java\jre1.5.0_06\bin\axbridge.dll
C:\Program Files\Java\jre1.5.0_06\bin\client\classes.jsa
C:\Program Files\Java\jre1.5.0_06\bin\client\jvm.dll
C:\Program Files\Java\jre1.5.0_06\bin\client\Xusage.txt
C:\Program Files\Java\jre1.5.0_06\bin\cmm.dll
C:\Program Files\Java\jre1.5.0_06\bin\dcpr.dll
C:\Program Files\Java\jre1.5.0_06\bin\deploy.dll
C:\Program Files\Java\jre1.5.0_06\bin\dt_shmem.dll
C:\Program Files\Java\jre1.5.0_06\bin\dt_socket.dll
C:\Program Files\Java\jre1.5.0_06\bin\fontmanager.dll
C:\Program Files\Java\jre1.5.0_06\bin\hpi.dll
C:\Program Files\Java\jre1.5.0_06\bin\hprof.dll
C:\Program Files\Java\jre1.5.0_06\bin\instrument.dll
C:\Program Files\Java\jre1.5.0_06\bin\ioser12.dll
C:\Program Files\Java\jre1.5.0_06\bin\j2pkcs11.dll
C:\Program Files\Java\jre1.5.0_06\bin\jaas_nt.dll
C:\Program Files\Java\jre1.5.0_06\bin\java.dll
C:\Program Files\Java\jre1.5.0_06\bin\java.exe
C:\Program Files\Java\jre1.5.0_06\bin\java_crw_demo.dll
C:\Program Files\Java\jre1.5.0_06\bin\javacpl.exe
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe
C:\Program Files\Java\jre1.5.0_06\bin\JavaWebStart.dll
C:\Program Files\Java\jre1.5.0_06\bin\javaws.exe
C:\Program Files\Java\jre1.5.0_06\bin\jawt.dll
C:\Program Files\Java\jre1.5.0_06\bin\JdbcOdbc.dll
C:\Program Files\Java\jre1.5.0_06\bin\jdriver.dll
C:\Program Files\Java\jre1.5.0_06\bin\jDRM0302.dll
C:\Program Files\Java\jre1.5.0_06\bin\jdwp.dll
C:\Program Files\Java\jre1.5.0_06\bin\jpeg.dll
C:\Program Files\Java\jre1.5.0_06\bin\jpicom32.dll
C:\Program Files\Java\jre1.5.0_06\bin\jpicpl32.cpl
C:\Program Files\Java\jre1.5.0_06\bin\jpiexp32.dll
C:\Program Files\Java\jre1.5.0_06\bin\jpinscp.dll
C:\Program Files\Java\jre1.5.0_06\bin\jpioji.dll
C:\Program Files\Java\jre1.5.0_06\bin\jpishare.dll
C:\Program Files\Java\jre1.5.0_06\bin\jsound.dll
C:\Program Files\Java\jre1.5.0_06\bin\jsoundds.dll
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_06\bin\keytool.exe
C:\Program Files\Java\jre1.5.0_06\bin\kinit.exe
C:\Program Files\Java\jre1.5.0_06\bin\klist.exe
C:\Program Files\Java\jre1.5.0_06\bin\ktab.exe
C:\Program Files\Java\jre1.5.0_06\bin\management.dll
C:\Program Files\Java\jre1.5.0_06\bin\net.dll
C:\Program Files\Java\jre1.5.0_06\bin\nio.dll
C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
C:\Program Files\Java\jre1.5.0_06\bin\orbd.exe
C:\Program Files\Java\jre1.5.0_06\bin\pack200.exe
C:\Program Files\Java\jre1.5.0_06\bin\policytool.exe
C:\Program Files\Java\jre1.5.0_06\bin\RegUtils.dll
C:\Program Files\Java\jre1.5.0_06\bin\rmi.dll
C:\Program Files\Java\jre1.5.0_06\bin\rmid.exe
C:\Program Files\Java\jre1.5.0_06\bin\rmiregistry.exe
C:\Program Files\Java\jre1.5.0_06\bin\servertool.exe
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
C:\Program Files\Java\jre1.5.0_06\bin\tnameserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\unicows.dll
C:\Program Files\Java\jre1.5.0_06\bin\unpack.dll
C:\Program Files\Java\jre1.5.0_06\bin\unpack200.exe
C:\Program Files\Java\jre1.5.0_06\bin\verify.dll
C:\Program Files\Java\jre1.5.0_06\bin\w2k_lsa_auth.dll
C:\Program Files\Java\jre1.5.0_06\bin\wtdmmp.dll
C:\Program Files\Java\jre1.5.0_06\bin\wtdmmpv.dll
C:\Program Files\Java\jre1.5.0_06\bin\zip.dll
C:\Program Files\Java\jre1.5.0_06\CHANGES
C:\Program Files\Java\jre1.5.0_06\COPYRIGHT
C:\Program Files\Java\jre1.5.0_06\lib\applet\WMPNS.jar
C:\Program Files\Java\jre1.5.0_06\lib\classlist
C:\Program Files\Java\jre1.5.0_06\lib\cmm\CIEXYZ.pf
C:\Program Files\Java\jre1.5.0_06\lib\cmm\GRAY.pf
C:\Program Files\Java\jre1.5.0_06\lib\cmm\LINEAR_RGB.pf
C:\Program Files\Java\jre1.5.0_06\lib\cmm\sRGB.pf
C:\Program Files\Java\jre1.5.0_06\lib\content-types.properties
C:\Program Files\Java\jre1.5.0_06\lib\deploy.jar
C:\Program Files\Java\jre1.5.0_06\lib\ext\dnsns.jar
C:\Program Files\Java\jre1.5.0_06\lib\ext\DRM0302java.jar
C:\Program Files\Java\jre1.5.0_06\lib\ext\sunjce_provider.jar
C:\Program Files\Java\jre1.5.0_06\lib\ext\sunpkcs11.jar
C:\Program Files\Java\jre1.5.0_06\lib\ext\wildtangent.jar
C:\Program Files\Java\jre1.5.0_06\lib\ext\wtdmmpi.jar
C:\Program Files\Java\jre1.5.0_06\lib\flavormap.properties
C:\Program Files\Java\jre1.5.0_06\lib\fontconfig.98.bfc
C:\Program Files\Java\jre1.5.0_06\lib\fontconfig.98.properties.src
C:\Program Files\Java\jre1.5.0_06\lib\fontconfig.bfc
C:\Program Files\Java\jre1.5.0_06\lib\fontconfig.Me.bfc
C:\Program Files\Java\jre1.5.0_06\lib\fontconfig.Me.properties.src
C:\Program Files\Java\jre1.5.0_06\lib\fontconfig.properties.src
C:\Program Files\Java\jre1.5.0_06\lib\fonts\LucidaSansRegular.ttf
C:\Program Files\Java\jre1.5.0_06\lib\i386\jvm.cfg
C:\Program Files\Java\jre1.5.0_06\lib\im\indicim.jar
C:\Program Files\Java\jre1.5.0_06\lib\im\thaiim.jar
C:\Program Files\Java\jre1.5.0_06\lib\images\cursors\cursors.properties
C:\Program Files\Java\jre1.5.0_06\lib\images\cursors\invalid32x32.gif
C:\Program Files\Java\jre1.5.0_06\lib\images\cursors\win32_CopyDrop32x32.gif
C:\Program Files\Java\jre1.5.0_06\lib\images\cursors\win32_CopyNoDrop32x32.gif
C:\Program Files\Java\jre1.5.0_06\lib\images\cursors\win32_LinkDrop32x32.gif
C:\Program Files\Java\jre1.5.0_06\lib\images\cursors\win32_LinkNoDrop32x32.gif
C:\Program Files\Java\jre1.5.0_06\lib\images\cursors\win32_MoveDrop32x32.gif
C:\Program Files\Java\jre1.5.0_06\lib\images\cursors\win32_MoveNoDrop32x32.gif
C:\Program Files\Java\jre1.5.0_06\lib\javaws.jar
C:\Program Files\Java\jre1.5.0_06\lib\javaws\messages.properties
C:\Program Files\Java\jre1.5.0_06\lib\javaws\messages_de.properties
C:\Program Files\Java\jre1.5.0_06\lib\javaws\messages_es.properties
C:\Program Files\Java\jre1.5.0_06\lib\javaws\messages_fr.properties
C:\Program Files\Java\jre1.5.0_06\lib\javaws\messages_it.properties
C:\Program Files\Java\jre1.5.0_06\lib\javaws\messages_ja.properties
C:\Program Files\Java\jre1.5.0_06\lib\javaws\messages_ko.properties
C:\Program Files\Java\jre1.5.0_06\lib\javaws\messages_sv.properties
C:\Program Files\Java\jre1.5.0_06\lib\javaws\messages_zh_CN.properties
C:\Program Files\Java\jre1.5.0_06\lib\javaws\messages_zh_HK.properties
C:\Program Files\Java\jre1.5.0_06\lib\javaws\messages_zh_TW.properties
C:\Program Files\Java\jre1.5.0_06\lib\javaws\miniSplash.jpg
C:\Program Files\Java\jre1.5.0_06\lib\jce.jar
C:\Program Files\Java\jre1.5.0_06\lib\jsse.jar
C:\Program Files\Java\jre1.5.0_06\lib\jvm.hprof.txt
C:\Program Files\Java\jre1.5.0_06\lib\logging.properties
C:\Program Files\Java\jre1.5.0_06\lib\management\jmxremote.access
C:\Program Files\Java\jre1.5.0_06\lib\management\jmxremote.password.template
C:\Program Files\Java\jre1.5.0_06\lib\management\management.properties
C:\Program Files\Java\jre1.5.0_06\lib\management\snmp.acl.template
C:\Program Files\Java\jre1.5.0_06\lib\net.properties
C:\Program Files\Java\jre1.5.0_06\lib\plugin.jar
C:\Program Files\Java\jre1.5.0_06\lib\psfont.properties.ja
C:\Program Files\Java\jre1.5.0_06\lib\psfontj2d.properties
C:\Program Files\Java\jre1.5.0_06\lib\rt.jar
C:\Program Files\Java\jre1.5.0_06\lib\security\cacerts
C:\Program Files\Java\jre1.5.0_06\lib\security\java.policy
C:\Program Files\Java\jre1.5.0_06\lib\security\java.security
C:\Program Files\Java\jre1.5.0_06\lib\security\javaws.policy
C:\Program Files\Java\jre1.5.0_06\lib\security\local_policy.jar
C:\Program Files\Java\jre1.5.0_06\lib\security\US_export_policy.jar
C:\Program Files\Java\jre1.5.0_06\lib\sound.properties
C:\Program Files\Java\jre1.5.0_06\lib\tzmappings
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Abidjan
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Accra
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Addis_Ababa
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Algiers
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Asmera
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Bamako
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Bangui
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Banjul
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Bissau
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Blantyre
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Brazzaville
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Bujumbura
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Cairo
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Casablanca
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Ceuta
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Conakry
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Dakar
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Dar_es_Salaam
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Djibouti
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Douala
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\El_Aaiun
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Freetown
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Gaborone
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Harare
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Johannesburg
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Kampala
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Khartoum
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Kigali
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Kinshasa
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Lagos
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Libreville
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Lome
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Luanda
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Lubumbashi
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Lusaka
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Malabo
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Maputo
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Maseru
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Mbabane
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Mogadishu
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Monrovia
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Nairobi
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Ndjamena
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Niamey
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Nouakchott
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Ouagadougou
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Porto-Novo
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Sao_Tome
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Tripoli
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Tunis
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa\Windhoek
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Adak
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Anchorage
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Anguilla
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Antigua
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Araguaina
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Argentina\Buenos_Aires
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Argentina\Catamarca
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Argentina\Cordoba
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Argentina\Jujuy
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Argentina\La_Rioja
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Argentina\Mendoza
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Argentina\Rio_Gallegos
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Argentina\San_Juan
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Argentina\Tucuman
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Argentina\Ushuaia
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Aruba
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Asuncion
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Bahia
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Barbados
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Belem
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Belize
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Boa_Vista
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Bogota
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Boise
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Cambridge_Bay
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Campo_Grande
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Cancun
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Caracas
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Cayenne
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Cayman
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Chicago
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Chihuahua
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Coral_Harbour
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Costa_Rica
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Cuiaba
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Curacao
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Danmarkshavn
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Dawson
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Dawson_Creek
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Denver
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Detroit
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Dominica
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Edmonton
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Eirunepe
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\El_Salvador
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Fortaleza
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Glace_Bay
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Godthab
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Goose_Bay
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Grand_Turk
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Grenada
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Guadeloupe
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Guatemala
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Guayaquil
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Guyana
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Halifax
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Havana
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Hermosillo
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Indiana\Indianapolis
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Indiana\Knox
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Indiana\Marengo
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Indiana\Vevay
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Inuvik
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Iqaluit
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Jamaica
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Juneau
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Kentucky\Louisville
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Kentucky\Monticello
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\La_Paz
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Lima
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Los_Angeles
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Maceio
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Managua
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Manaus
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Martinique
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Mazatlan
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Menominee
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Merida
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Mexico_City
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Miquelon
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Monterrey
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Montevideo
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Montreal
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Montserrat
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Nassau
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\New_York
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Nipigon
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Nome
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Noronha
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\North_Dakota\Center
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Panama
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Pangnirtung
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Paramaribo
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Phoenix
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Port-au-Prince
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Port_of_Spain
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Porto_Velho
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Puerto_Rico
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Rainy_River
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Rankin_Inlet
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Recife
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Regina
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Rio_Branco
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Santiago
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Santo_Domingo
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Sao_Paulo
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Scoresbysund
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\St_Johns
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\St_Kitts
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\St_Lucia
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\St_Thomas
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\St_Vincent
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Swift_Current
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Tegucigalpa
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Thule
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Thunder_Bay
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Tijuana
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Toronto
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Tortola
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Vancouver
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Whitehorse
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Winnipeg
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Yakutat
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Yellowknife
C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\Casey
C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\Davis
C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\DumontDUrville
C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\Mawson
C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\McMurdo
C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\Palmer
C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\Rothera
C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\Syowa
C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica\Vostok
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Aden
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Almaty
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Amman
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Anadyr
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Aqtau
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Aqtobe
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Ashgabat
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Baghdad
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Bahrain
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Baku
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Bangkok
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Beirut
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Bishkek
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Brunei
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Calcutta
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Choibalsan
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Chongqing
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Colombo
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Damascus
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Dhaka
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Dili
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Dubai
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Dushanbe
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Gaza
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Harbin
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Hong_Kong
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Hovd
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Irkutsk
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Jakarta
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Jayapura
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Jerusalem
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Kabul
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Kamchatka
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Karachi
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Kashgar
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Katmandu
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Krasnoyarsk
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Kuala_Lumpur
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Kuching
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Kuwait
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Macau
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Magadan
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Makassar
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Manila
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Muscat
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Nicosia
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Novosibirsk
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Omsk
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Oral
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Phnom_Penh
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Pontianak
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Pyongyang
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Qatar
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Qyzylorda
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Rangoon
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Riyadh
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Riyadh87
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Riyadh88
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Riyadh89
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Saigon
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Sakhalin
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Samarkand
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Seoul
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Shanghai
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Singapore
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Taipei
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Tashkent
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Tbilisi
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Tehran
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Thimphu
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Tokyo
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Ulaanbaatar
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Urumqi
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Vientiane
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Vladivostok
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Yakutsk
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Yekaterinburg
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia\Yerevan
C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\Azores
C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\Bermuda
C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\Canary
C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\Cape_Verde
C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\Faeroe
C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\Madeira
C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\Reykjavik
C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\South_Georgia
C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\St_Helena
C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic\Stanley
C:\Program Files\Java\jre1.5.0_06\lib\zi\Australia\Adelaide
C:\Program Files\Java\jre1.5.0_06\lib\zi\Australia\Brisbane
C:\Program Files\Java\jre1.5.0_06\lib\zi\Australia\Broken_Hill
C:\Program Files\Java\jre1.5.0_06\lib\zi\Australia\Currie
C:\Program Files\Java\jre1.5.0_06\lib\zi\Australia\Darwin
C:\Program Files\Java\jre1.5.0_06\lib\zi\Australia\Hobart
C:\Program Files\Java\jre1.5.0_06\lib\zi\Australia\Lindeman
C:\Program Files\Java\jre1.5.0_06\lib\zi\Australia\Lord_Howe
C:\Program Files\Java\jre1.5.0_06\lib\zi\Australia\Melbourne
C:\Program Files\Java\jre1.5.0_06\lib\zi\Australia\Perth
C:\Program Files\Java\jre1.5.0_06\lib\zi\Australia\Sydney
C:\Program Files\Java\jre1.5.0_06\lib\zi\CET
C:\Program Files\Java\jre1.5.0_06\lib\zi\EET
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-1
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-10
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-11
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-12
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-13
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-14
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-2
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-3
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-4
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-5
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-6
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-7
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-8
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT-9
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+1
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+10
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+11
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+12
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+2
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+3
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+4
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+5
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+6
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+7
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+8
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\GMT+9
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\UCT
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc\UTC
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Amsterdam
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Andorra
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Athens
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Belgrade
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Berlin
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Brussels
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Bucharest
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Budapest
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Chisinau
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Copenhagen
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Dublin
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Gibraltar
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Helsinki
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Istanbul
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Kaliningrad
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Kiev
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Lisbon
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\London
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Luxembourg
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Madrid
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Malta
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Minsk
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Monaco
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Moscow
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Oslo
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Paris
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Prague
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Riga
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Rome
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Samara
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Simferopol
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Sofia
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Stockholm
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Tallinn
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Tirane
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Uzhgorod
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Vaduz
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Vienna
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Vilnius
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Warsaw
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Zaporozhye
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe\Zurich
C:\Program Files\Java\jre1.5.0_06\lib\zi\GMT
C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Antananarivo
C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Chagos
C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Christmas
C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Cocos
C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Comoro
C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Kerguelen
C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Mahe
C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Maldives
C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Mauritius
C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Mayotte
C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian\Reunion
C:\Program Files\Java\jre1.5.0_06\lib\zi\MET
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Apia
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Auckland
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Chatham
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Easter
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Efate
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Enderbury
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Fakaofo
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Fiji
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Funafuti
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Galapagos
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Gambier
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Guadalcanal
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Guam
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Honolulu
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Johnston
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Kiritimati
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Kosrae
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Kwajalein
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Majuro
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Marquesas
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Midway
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Nauru
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Niue
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Norfolk
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Noumea
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Pago_Pago
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Palau
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Pitcairn
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Ponape
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Port_Moresby
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Rarotonga
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Saipan
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Tahiti
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Tarawa
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Tongatapu
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Truk
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Wake
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific\Wallis
C:\Program Files\Java\jre1.5.0_06\lib\zi\WET
C:\Program Files\Java\jre1.5.0_06\lib\zi\ZoneInfoMappings
C:\Program Files\Java\jre1.5.0_06\LICENSE
C:\Program Files\Java\jre1.5.0_06\PATCH.ERR
C:\Program Files\Java\jre1.5.0_06\README.txt
C:\Program Files\Java\jre1.5.0_06\THIRDPARTYLICENSEREADME.txt
C:\Program Files\Java\jre1.5.0_06\Welcome.html
C:\Program Files\NoAdware4
C:\Program Files\NoAdware4\logs\Date(1-2-2006) Time(19-48-29).txt
C:\Program Files\NoAdware4\logs\Date(1-9-2007) Time(12-54-16).txt
C:\Program Files\NoAdware4\logs\Date(10-10-2005) Time(19-33-21).txt
C:\Program Files\NoAdware4\logs\Date(11-5-2006) Time(23-15-14).txt
C:\Program Files\NoAdware4\logs\Date(11-5-2006) Time(23-16-18).txt
C:\Program Files\NoAdware4\logs\Date(11-5-2006) Time(23-18-37).txt
C:\Program Files\NoAdware4\logs\Date(11-5-2006) Time(23-20-17).txt
C:\Program Files\NoAdware4\logs\Date(11-5-2007) Time(19-58-7).txt
C:\Program Files\NoAdware4\logs\Date(12-10-2005) Time(19-23-43).txt
C:\Program Files\NoAdware4\logs\Date(12-5-2007) Time(16-23-6).txt
C:\Program Files\NoAdware4\logs\Date(13-12-2006) Time(0-3-25).txt
C:\Program Files\NoAdware4\logs\Date(13-12-2006) Time(0-5-41).txt
C:\Program Files\NoAdware4\logs\Date(14-7-2006) Time(20-1-22).txt
C:\Program Files\NoAdware4\logs\Date(20-5-2007) Time(14-49-25).txt
C:\Program Files\NoAdware4\logs\Date(22-10-2007) Time(11-42-10).txt
C:\Program Files\NoAdware4\logs\Date(22-5-2007) Time(19-30-31).txt
C:\Program Files\NoAdware4\logs\Date(27-6-2006) Time(0-0-19).txt
C:\Program Files\NoAdware4\logs\Date(28-10-2006) Time(11-53-2).txt
C:\Program Files\NoAdware4\logs\Date(30-4-2007) Time(0-16-48).txt
C:\Program Files\NoAdware4\logs\Date(30-4-2007) Time(0-21-12).txt
C:\Program Files\NoAdware4\logs\Date(30-4-2007) Time(0-23-31).txt
C:\Program Files\NoAdware4\logs\Date(30-9-2006) Time(12-33-5).txt
C:\Program Files\NoAdware4\logs\Date(30-9-2006) Time(16-52-21).txt
C:\Program Files\NoAdware4\logs\Date(31-5-2007) Time(21-24-23).txt
C:\Program Files\NoAdware4\logs\Date(4-1-2008) Time(4-31-25).txt
C:\Program Files\NoAdware4\logs\Date(6-10-2007) Time(13-21-48).txt
C:\Program Files\NoAdware4\logs\Date(6-12-2007) Time(16-32-42).txt
C:\Program Files\NoAdware4\NoAdware4.exe
C:\Program Files\NoAdware4\noadware4_053107.na
C:\Program Files\NoAdware4\noadware4_101308.na
C:\Program Files\NoAdware4\noadware4_120607.na
C:\Program Files\NoAdware4\NoAdwareBackup\1,4,2008_4,31,23.zip
C:\Program Files\NoAdware4\NoAdwareBackup\10,10,2005_19,33,9.zip
C:\Program Files\NoAdware4\NoAdwareBackup\10,12,2005_19,23,41.zip
C:\Program Files\NoAdware4\NoAdwareBackup\10,22,2007_11,40,31.zip
C:\Program Files\NoAdware4\NoAdwareBackup\10,28,2006_11,52,59.zip
C:\Program Files\NoAdware4\NoAdwareBackup\10,6,2007_13,21,46.zip
C:\Program Files\NoAdware4\NoAdwareBackup\12,13,2006_0,3,23.zip
C:\Program Files\NoAdware4\NoAdwareBackup\12,13,2006_0,5,40.zip
C:\Program Files\NoAdware4\NoAdwareBackup\12,6,2007_16,32,39.zip
C:\Program Files\NoAdware4\NoAdwareBackup\2,1,2006_19,48,13.zip
C:\Program Files\NoAdware4\NoAdwareBackup\4,30,2007_0,16,29.zip
C:\Program Files\NoAdware4\NoAdwareBackup\4,30,2007_0,21,11.zip
C:\Program Files\NoAdware4\NoAdwareBackup\4,30,2007_0,23,30.zip
C:\Program Files\NoAdware4\NoAdwareBackup\5,11,2006_23,15,12.zip
C:\Program Files\NoAdware4\NoAdwareBackup\5,11,2006_23,16,16.zip
C:\Program Files\NoAdware4\NoAdwareBackup\5,11,2006_23,18,36.zip
C:\Program Files\NoAdware4\NoAdwareBackup\5,11,2006_23,19,47.zip
C:\Program Files\NoAdware4\NoAdwareBackup\5,11,2007_19,58,5.zip
C:\Program Files\NoAdware4\NoAdwareBackup\5,12,2007_16,23,4.zip
C:\Program Files\NoAdware4\NoAdwareBackup\5,20,2007_14,49,23.zip
C:\Program Files\NoAdware4\NoAdwareBackup\5,22,2007_19,30,28.zip
C:\Program Files\NoAdware4\NoAdwareBackup\5,31,2007_21,24,20.zip
C:\Program Files\NoAdware4\NoAdwareBackup\6,27,2006_0,0,5.zip
C:\Program Files\NoAdware4\NoAdwareBackup\7,14,2006_20,1,19.zip
C:\Program Files\NoAdware4\NoAdwareBackup\9,1,2007_12,54,14.zip
C:\Program Files\NoAdware4\NoAdwareBackup\9,30,2006_12,33,2.zip
C:\Program Files\NoAdware4\NoAdwareBackup\9,30,2006_16,52,20.zip
C:\Program Files\NoAdware4\noadwareutils.dll
C:\Program Files\NoAdware4\unins000.dat
C:\Program Files\NoAdware4\unins000.exe
C:\WINDOWS\1.ini
C:\WINDOWS\svchost.exe
C:\WINDOWS\syscheck
C:\WINDOWS\system32\atlcom829_127.dll
C:\WINDOWS\system32\WolDown.exe
C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
C:\WINDOWS\wininit.ini

.

 

[Woody_74]

ComboFix log Part 2

((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 )))))))))))))))))))))))))))))))
.

2008-10-14 19:29 . 2008-10-14 19:29 <DIR> d-------- C:\Program Files\Curse
2008-10-14 16:00 . 2008-08-14 03:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 16:00 . 2008-08-14 03:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-14 16:00 . 2008-08-14 02:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 16:00 . 2008-08-14 02:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 16:00 . 2008-09-15 05:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 16:00 . 2008-09-08 03:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 12:06 . 2008-10-14 12:07 <DIR> d-------- C:\rsit
2008-10-14 11:10 . 2008-10-14 11:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-14 11:10 . 2008-10-14 11:10 <DIR> d-------- C:\Documents and Settings\Big Stan\Application Data\Malwarebytes
2008-10-14 11:10 . 2008-10-14 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-14 11:10 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-14 11:10 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-14 02:39 . 2008-10-14 02:40 <DIR> d-------- C:\Program Files\ProcessExplorer
2008-10-14 01:30 . 2008-10-14 01:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-13 22:26 . 2008-10-13 22:26 <DIR> d-------- C:\Documents and Settings\Administrator.GAMINGCOMPUTER.000\Application Data\Ventrilo
2008-10-13 16:07 . 2008-10-13 16:07 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-13 16:07 . 2008-10-13 16:07 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-13 14:24 . 2008-10-13 14:24 <DIR> d-------- C:\Documents and Settings\Big Stan\Application Data\MSN6
2008-10-01 18:05 . 2008-10-01 18:05 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-01 18:04 . 2008-10-01 18:04 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-17 08:47 . 2008-09-17 08:47 <DIR> d-------- C:\Program Files\iTunes
2008-09-17 08:47 . 2008-09-17 08:47 <DIR> d-------- C:\Program Files\iPod
2008-09-17 08:47 . 2008-09-17 08:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-17 08:42 . 2008-09-17 08:42 <DIR> d-------- C:\Program Files\Bonjour
2008-09-17 08:41 . 2008-09-17 08:42 <DIR> d-------- C:\Program Files\QuickTime
2008-09-15 03:05 . 2008-09-18 17:41 <DIR> d-------- C:\Program Files\World of Warcraft Public Test

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 10:22 --------- d-----w C:\Documents and Settings\Big Stan\Application Data\OpenOffice.org2
2008-10-15 10:20 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-10-15 10:20 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-10-15 10:20 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-10-15 10:20 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-10-15 10:20 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-10-15 10:20 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-10-15 10:20 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-10-15 10:20 241,884 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-10-15 10:14 --------- d-----w C:\Program Files\Java
2008-10-15 00:58 --------- d-----w C:\Program Files\World of Warcraft
2008-10-14 20:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-13 23:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-13 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-13 21:59 --------- d-----w C:\Documents and Settings\Big Stan\Application Data\Apple Computer
2008-10-10 12:41 --------- d-----w C:\Documents and Settings\Big Stan\Application Data\Skype
2008-10-10 04:07 --------- d-----w C:\Documents and Settings\Big Stan\Application Data\skypePM
2008-10-10 03:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-09 21:55 --------- d-----w C:\Program Files\Wrath of the Lich King Beta
2008-10-09 21:12 --------- d-----w C:\Program Files\Warcraft III
2008-09-17 15:42 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 10:23 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-09-15 00:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Blizzard
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-02 15:22 --------- d-----w C:\Documents and Settings\Stand\Application Data\InstallShield Installation Information
2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-21 06:11 --------- d-----w C:\Program Files\Apple Software Update
2008-08-20 05:30 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-19 20:37 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-18 23:02 --------- d-----w C:\Documents and Settings\Big Stan\Application Data\Uniblue
2008-08-18 16:21 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-01-11 01:26 7,028,144 ----a-w C:\Documents and Settings\Big Stan\medic6.exe
2007-12-06 19:42 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-04-28 09:29 47,360 ----a-w C:\Documents and Settings\Big Stan\Application Data\pcouffin.sys
2005-10-02 09:05 65 -c--a-w C:\Program Files\Common Files\appop.log
.

((((((((((((((((((((((((((((( snapshot@2008-10-14_14.14.02.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-14 10:09:26 2,145,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
- 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-08-14 10:04:36 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-06-23 15:09:27 3,067,392 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-20 05:30:53 3,067,904 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-26 08:15:29 1,499,136 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-08-20 05:30:51 1,499,136 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-06-26 08:15:30 619,520 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-20 05:30:52 619,520 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-06-23 15:09:27 666,112 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-20 05:30:51 666,112 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2008-08-21 00:53:57 111,784 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-15 00:11:58 111,784 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-06-23 15:09:27 3,067,392 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-20 05:30:53 3,067,904 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-06-26 08:15:29 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-08-20 05:30:51 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-06-26 08:15:30 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-20 05:30:52 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\System32\nvraidservice.exe" [2004-11-03 84480]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2007-08-20 230664]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 177416]
"QOELOADER"="C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-05-16 14088]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-11 8491008]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

C:\Documents and Settings\Big Stan\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 13:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VETMSGNT"=2 (0x2)
"vsmon"=2 (0x2)
"usnjsvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"Easy Messaging"=C:\Program Files\Logitech\Easy Messaging\MobilePhoneSuite.exe --nogui
"medicsp2"=C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\AvRack\\rtlrack.exe"=
"C:\\Program Files\\twc\\medicsp2\\bin\\sprtsvc.exe"=
"C:\\Program Files\\HERACTSTG\\smartaccess\\bcont.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Curse\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDPeer Name Resolution Protocol (PNRP)
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017
"27712:TCP"= 27712:TCP:BitCometLite 27712 TCP
"27712:UDP"= 27712:UDP:BitCometLite 27712 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 38784]
R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2008-06-24 93712]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);C:\Program Files\twc\medicsp2\bin\sprtsvc.exe [2007-03-07 202280]
R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe [2007-08-16 189704]
S2 wowsystemcode;Remote TCP/IPv6;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-01-12 116224]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wowsystemcode
.
Contents of the 'Scheduled Tasks' folder

2008-09-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-13 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Big Stan at 11 46 AM.job
- C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAAntiSpyware.exe [2007-08-16 21:10]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 03:22:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vetmsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAPPActiveProtection.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-10-15 3:25:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-15 10:25:08
ComboFix2.txt 2008-10-14 21:15:45

Pre-Run: 14,165,340,160 bytes free
Post-Run: 14,220,443,648 bytes free

1100 --- E O F --- 2008-10-15 00:07:41

 

[Woody_74]

Fresh HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:02 AM, on 10/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAPPActiveProtection.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://www.help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbxcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 7403 bytes

 

[Woody_74]

Things seem to be running much better now and back to normal and Firefox is once again usable.

 

[katana]

I would like to do a bit of a cleanup, and then do a further scan just to make sure nothing is left.

• This will clear your System Volume Information restore points and remove all the infected files that were quarantined
• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
  • 

Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK

• Click the Scan Now button
• Follow the prompts to install the Active X if necessary
• Go and make a cup of tea/coffee/beverage of your choice and watch some TV
• When the scan is finished, a report will be generated
• Next to Scan Details click the small Save button and save the report to your desktop.
• Please post the report in your reply.

 

[Woody_74]

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-15 16:55:55
PROTECTIONS: 2
MALWARE: 47
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
CA Anti-Virus 8.4.0.28 No Yes
CA Anti-Spyware 9.1.0.22 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp1.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp2.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp3.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp4.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp5.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp6.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp7.zip
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.atdmt.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.247realmedia.com/]
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.targetnet.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.fastclick.net/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.mediaplex.com/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.centrport.net/]
00147020 Cookie/Lop TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Cookies\skye@mp3search[1].txt
00147020 Cookie/Lop TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.mp3search.ru/]
00147020 Cookie/Lop TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.mp3search.ru/]
00147020 Cookie/Lop TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.mp3search.ru/]
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.entrepreneur.com/]
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.entrepreneur.com/]
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.entrepreneur.com/]
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Cookies\skye@entrepreneur[1].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.maxserving.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.maxserving.com/]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.belnk.com/]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.belnk.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.revenue.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Cookies\skye@yadro[2].txt
00167670 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Cookies\skye@seeq[1].txt
00167670 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.seeq.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statcounter.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Cookies\skye@perf.overture[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.bs.serving-sys.com/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Cookies\skye@server.iad.liveperson[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.stat.onestat.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.ads.pointroll.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.fortunecity.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.fortunecity.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Stand\Cookies\stand@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Cookies\skye@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.realmedia.com/]
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Cookies\skye@cgi-bin[6].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Big Stan\Cookies\big stan@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.zedo.com/]
00186561 Cookie/Banner TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Cookies\skye@banner[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.bravenet.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Cookies\skye@go[1].txt
00196960 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.ath.belnk.com/]
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.valueclick.com/]
00234869 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Cookies\skye@media.fastclick[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Big Stan\Cookies\big stan@smartadserver[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Cookies\skye@cgi-bin[4].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Cookies\skye@cgi-bin[7].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\hknljp9q.default\cookies.txt[.ads.addynamix.com/]
02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\Skye\Cookies\skye@h.starware[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location -
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description -
;===================================================================================================================================================================================
;===================================================================================================================================================================================

 

[katana]

That looks fine now, just a few leftovers that Spybot has removed
I would recommend using a cookie cleaner though. I will give some details on cookies near the end of this post.

Let's remove those leftovers ...



OTMoveIt
Please download OTMoveIt3 by OldTimer and save it to your desktop

• Double-click OTMoveIt3.exe to run it.
• Copy the lines in the codebox below.

:Files
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\*.*
C:\rsit
C:\kresults.txt

• Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• Click the red Moveit! button.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


----------------------------------------------------------- -----------------------------------------------------------



Congratulations your logs look clean resent:

Let's see if I can help you keep it that way

First lets tidy up

Open OTMoveIt Click Cleanup,

When a box pops up click YES.

Delete any logs we have produced and empty your recycle bin


Enable Teatimer

• RIGHT click Link >>> HERE <<< Link and select "save as" and save it to your desktop
• Double click ResetTeaTimer.bat
• Open Spybot S&D
• Click Mode, check Advanced Mode
• Go To Left Panel, Click Tools, then also in left panel, click Resident
• If your firewall raises a question, say OK
• check the box labeled Resident Tea-Timer and OK any prompts.
• Use File, Exit to terminate Spybot
• Reboot your machine for the changes to take effect.
• You can now delete ResetTeaTimer.bat

The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

• 
  AntiSpyware is not the same thing as Antivirus.
  Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
  You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
  Most of the programs in this list have a free (for Home Users ) and paid versions,
  it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
• Spybot - Search & Destroy <<< A must have program
  • It includes host protection and registry protection
  • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
• MalwareBytes Anti-malware <<< A New and effective program
• a-squared Free <<< A good "realtime" or "on demand" scanner
• superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

• 
  These programs don't detect malware, they help stop it getting on your machine in the first place.
  Each does a different job, so you can have more than one
• Winpatrol
  • An excellent startup manager and then some !!
  • Notifies you if programs are added to startup
  • Allows delayed startup
  • A must have addition
• SpywareBlaster 4.0
  • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
• SpywareGuard 2.2
  • SpywareGuard provides real-time protection against spyware.
  • Not required if you have other "realtime" antispyware or Winpatrol
• ZonedOut
  • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
• MVPS HOSTS
  • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
  • For information on how to download and install, please read this tutorial by WinHelp2002.
  • Not required if you are using other host file protections

Internet Browsers

• 
  Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
  Using a different web browser can help stop malware getting on your machine.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
       • Change the Download signed ActiveX controls to Prompt
       • Change the Download unsigned ActiveX controls to Disable
       • Change the Initialise and script ActiveX controls not marked as safe to Disable
       • Change the Installation of desktop items to Prompt
       • Change the Launching programs and files in an IFRAME to Prompt
       • Change the Navigate sub-frames across different domains to Prompt
       • When all these settings have been made, click on the OK button.
       • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  If you are still using IE6 then either update, or get one of the following.
  • FireFox
    • With many addons available that make customization easy this is a very popular choice
    • NoScript and AdBlockPlus addons are essential
  • Opera
    • Another popular alternative
  • Netscape
    • Another popular alternative
    • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

• 
  Temporary Internet Files are mainly the files that are downloaded when you open a web page.
  Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
  It is a good idea to empty the Temporary Internet Files folder on a regular basis.
  
  Tracking Cookies are files that websites use to monitor which sites you visit and how often.
  A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
  CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
  
  Both of these can be cleaned manually, but a quicker option is to use a program
• ATF Cleaner
  • Free and very simple to use
• CCleaner
  • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again olice:


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

 

[Woody_74]

Thank You and much appreciation Katana. :bow:

Clean up complete, preventative and maintenence measures in place, comp running better than before and hopefully you won't have to help me again. :yahoo: