Occasional re-direct virus

Posted 8/23/2009 2:23 AM
#76387
User avatar

RickB Member

Date Joined Nov 2016
Total Posts: 8
First off, I want to say I think what you guys are doing is just amazing, extremely helpful, I am very thankful for any help you can offer. <br/> <br/> <br/>So the symptons i'm noticing from what I recently got on my computer are weird. <br/> <br/> <br/> <br/>It takes a good 1-2 minutes after having turned on my computer before the internet will work. (before, instantly) <br/> <br/> <br/> <br/>Occasionaly when using yahoo to search, clicking a link, it will re-direct me to something which I did not click. <br/> <br/> <br/> <br/>and sometimes my computer will pop up with this message the procedure entry point _resetskoflw could not be located in the dynamic link library msvcrt.dll. I do not know the trigger, I can't really duplicate it. <br/> <br/> <br/> <br/>I know exactly where I was when it happened, I still know link I clicked that caused this. <br/> <br/> <br/> <br/>My computer performance is still fine, all my usual applications run fine, etc. I can't run free online virus scans, I tried malwarebytes, but it won't start, combofix blue screens and reboots me as soon as it says "it will take about 10 minutes" to scan. *With malwarebytes, I got it from clicking a link posted by a mod in another thread, I wasn't sure if it was supposed to come with FIX, mine didn't. Maybe I'm doing something stupid here. <br/> <br/> <br/> <br/>I was able to get a hijack this log. I read what looked like a similar issue to this on these forums, but alas, the directions to what looked like replacing the msvcrt.dll might of been too complex for me. <br/> <br/> <br/> <br/> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 7:09:38 PM, on 8/22/2009 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v7.00 (7.00.6000.16876) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe <br/>C:\Program Files\TortoiseSVN\bin\TSVNCache.exe <br/>C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe <br/>C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe <br/>C:\Program Files\Java\jre6\bin\jusched.exe <br/>C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe <br/>C:\WINDOWS\system32\RUNDLL32.EXE <br/>C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe <br/>C:\Program Files\iTunes\iTunesHelper.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>C:\Program Files\Bonjour\mDNSResponder.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\WINDOWS\system32\PnkBstrA.exe <br/>C:\WINDOWS\system32\PnkBstrB.exe <br/>C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe <br/>C:\Program Files\Viewpoint\Common\ViewpointService.exe <br/>C:\Program Files\iPod\bin\iPodService.exe <br/>C:\WINDOWS\system32\wscntfy.exe <br/>C:\Program Files\Internet Explorer\IEXPLORE.EXE <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Documents and Settings\Administrator\Desktop\FIX\HijackThis.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local <br/>R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll <br/>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll <br/>O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll <br/>O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll <br/>O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll <br/>O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd <br/>O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume <br/>O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files\EVGA Precision\EVGAPrecision.exe" /s <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" <br/>O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" <br/>O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent <br/>O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html <br/>O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll <br/>O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe <br/>O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab <br/>O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab <br/>O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab <br/>O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB <br/>O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab <br/>O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab <br/>O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{075716F7-550A-4724-9009-F11A9400E018}: NameServer = 85.255.112.124,85.255.112.233 <br/>O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.124,85.255.112.233 <br/>O17 - HKLM\System\CS1\Services\Tcpip\..\{075716F7-550A-4724-9009-F11A9400E018}: NameServer = 85.255.112.124,85.255.112.233 <br/>O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.124,85.255.112.233 <br/>O17 - HKLM\System\CS3\Services\Tcpip\..\{075716F7-550A-4724-9009-F11A9400E018}: NameServer = 85.255.112.124,85.255.112.233 <br/>O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.124,85.255.112.233 <br/>O17 - HKLM\System\CS4\Services\Tcpip\..\{075716F7-550A-4724-9009-F11A9400E018}: NameServer = 85.255.112.124,85.255.112.233 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.124,85.255.112.233 <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe <br/>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe <br/>O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe <br/>O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe <br/>O23 - Service: Windows MSI - Unknown owner - <a target="_blank" href="file://\\?\globalrootC:\WINDOWS\system32\msihost.exe" target=_blank>\\?\globalrootC:\WINDOWS\system32\msihost.exe</A> (file missing) <br/> <br/>-- <br/>End of file - 8748 bytes
Posted 8/23/2009 3:48 AM
#76389
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello RickB :smile: <br/> <br/> <br/> <br/> <br/>We´ll try combofix again, slightly different. <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Please download combofix here -><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">http://download.bleepingcomputer.com/sUBs/ComboFix.exe <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Before Saving it to Desktop, please rename it to alg.exe to stop malware from disabling it.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Now, please make sure no other programs are running, close all other windows.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/>Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. <br/>Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. <br/>It may take a while to complete scanning and this is normal. <br/> <br/>You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after <br/>scanning has completed. <br/> <br/>Combofix will create a logfile and display it after your computer has rebooted. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Usually located in c:\combofix.txt, please post it to your next reply<SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 12pt; COLOR: #333333; FONT-FAMILY: 'Times New Roman'; mso-ansi-language: EN; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA">[2]The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.[/2] <br/> <br/><SPAN lang=EN style="FONT-SIZE: 12pt; COLOR: #333333; FONT-FAMILY: 'Times New Roman'; mso-ansi-language: EN; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA">[2]Nb. It is possible you´ll have to run combofis from safe mode[/2] <br/> <br/><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break">

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/23/2009 4:02 AM
#76392
User avatar

RickB Member

Date Joined Nov 2016
Total Posts: 8
Thank you for the reply! When I tried it, the same thing happened, only for a brief second it looked like it said "unknown hard error" right before it blue screened me. <br/> <br/>Booted it into safe mode, renamed it to alg, then tried it again, and it just re-strated, I didn't even see a blue screen. <br/> <br/>Right as it looks like it's about to scan, it just reboots.
Posted 8/23/2009 4:43 AM
#76395
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok. We´ll try this scanner then -> <br/> <br/> <br/> <br/> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt">Please download DDS: http://download.bleepingcomputer.com/sUBs/dds.scr <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> to your Desktop and doubleclick on DDs.scr to run it. If your security software includes script blocking features, please disable these before you run this utility. <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt">When the scan has finished, two logs will open. <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt">Copy and paste both reports in this topic. <o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA; mso-bidi-font-family: 'Times New Roman'">The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. <br/><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break">

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/23/2009 4:58 AM
#76398
User avatar

RickB Member

Date Joined Nov 2016
Total Posts: 8
Here is the DDS log <br/> <br/> <br/>DDS (Ver_09-07-30.01) - NTFSx86 <br/>Run by Administrator at 21:56:43.01 on Sat 08/22/2009 <br/>Internet Explorer: 7.0.5730.13 <br/>Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2899 [GMT -7:00] <br/> <br/>AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} <br/>FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} <br/> <br/>============== Running Processes =============== <br/> <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\WINDOWS\system32\svchost -k DcomLaunch <br/>svchost.exe <br/>C:\WINDOWS\System32\svchost.exe -k netsvcs <br/>svchost.exe <br/>svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe <br/>C:\Program Files\TortoiseSVN\bin\TSVNCache.exe <br/>C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe <br/>C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe <br/>C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe <br/>C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe <br/>C:\Program Files\Java\jre6\bin\jusched.exe <br/>C:\WINDOWS\system32\RUNDLL32.EXE <br/>C:\Program Files\iTunes\iTunesHelper.exe <br/>svchost.exe <br/>C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>C:\Program Files\Bonjour\mDNSResponder.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\WINDOWS\system32\PnkBstrA.exe <br/>C:\WINDOWS\system32\PnkBstrB.exe <br/>C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe <br/>C:\Program Files\Viewpoint\Common\ViewpointService.exe <br/>C:\Program Files\iPod\bin\iPodService.exe <br/>C:\WINDOWS\system32\wscntfy.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\WINDOWS\System32\svchost.exe -k HTTPFilter <br/>C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Documents and Settings\Administrator\Desktop\dds.scr <br/> <br/>============== Pseudo HJT Report =============== <br/> <br/>uStart Page = hxxp://www.yahoo.com/ <br/>uInternet Connection Wizard,ShellNext = iexplore <br/>uInternet Settings,ProxyOverride = *.local <br/>uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll <br/>mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll <br/>BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll <br/>BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll <br/>BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll <br/>BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll <br/>BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll <br/>BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll <br/>TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll <br/>uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe <br/>mRun: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd <br/>mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe" <br/>mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" <br/>mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume <br/>mRun: [EVGAPrecision] "c:\program files\evga precision\EVGAPrecision.exe" /s <br/>mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" <br/>mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install <br/>mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup <br/>mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit <br/>mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime <br/>mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" <br/>IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html <br/>IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe <br/>IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe <br/>IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe <br/>IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll <br/>DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab <br/>DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab <br/>DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab <br/>DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab <br/>DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB <br/>DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab <br/>DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab <br/>DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab <br/>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab <br/>DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab <br/>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab <br/>DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab <br/>TCP: NameServer = 85.255.112.124,85.255.112.233 <br/>TCP: {075716F7-550A-4724-9009-F11A9400E018} = 85.255.112.124,85.255.112.233 <br/>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll <br/> <br/>============= SERVICES / DRIVERS =============== <br/> <br/>R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656] <br/>R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-26 24652] <br/>R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2008-4-18 1310720] <br/>S2 Windows MSI;Windows MSI;\\?\globalroot\systemroot\system32\msihost.exe [2009-8-21 84992] <br/>S3 cpuz130;cpuz130;\??\c:\docume~1\admini~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz130\cpuz_x32.sys [?] <br/> <br/>=============== Created Last 30 ================ <br/> <br/>2009-08-22 21:08 389,120 a------- c:\windows\system32\CF21916.exe <br/>2009-08-22 21:08 <DIR> --ds---- C:\ComboFix <br/>2009-08-22 20:57 389,120 a------- c:\windows\system32\CF19767.exe <br/>2009-08-22 20:54 389,120 a------- c:\windows\system32\CF19310.exe <br/>2009-08-22 20:02 168,448 a------- c:\windows\system32\unrar.dll <br/>2009-08-22 20:02 <DIR> --d----- c:\program files\K-Lite Codec Pack <br/>2009-08-22 19:04 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2009-08-22 19:04 19,096 a------- c:\windows\system32\drivers\mbam.sys <br/>2009-08-22 19:04 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware <br/>2009-08-22 19:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes <br/>2009-08-22 18:55 389,120 a------- c:\windows\system32\CF28752.exe <br/>2009-08-22 18:51 <DIR> --d----- c:\program files\CCleaner <br/>2009-08-22 18:21 0 a------- c:\windows\MEMORY.DMP <br/>2009-08-22 18:09 <DIR> --dshr-- C:\cmdcons <br/>2009-08-22 18:09 <DIR> --d----- c:\windows\setup.pss <br/>2009-08-22 18:00 <DIR> --d----- c:\windows\system32\NtmsData <br/>2009-08-22 17:47 389,120 a------- c:\windows\system32\CF15425.exe <br/>2009-08-22 17:47 <DIR> --ds---- C:\321 <br/>2009-08-22 17:39 389,120 a------- c:\windows\system32\CF13779.exe <br/>2009-08-22 17:37 <DIR> --d-h--- c:\windows\PIF <br/>2009-08-22 17:33 389,120 a------- c:\windows\system32\CF12662.exe <br/>2009-08-22 17:28 229,376 a------- c:\windows\PEV.exe <br/>2009-08-22 17:28 161,792 a------- c:\windows\SWREG.exe <br/>2009-08-22 17:28 98,816 a------- c:\windows\sed.exe <br/>2009-08-22 17:28 389,120 a------- c:\windows\system32\CF11663.exe <br/>2009-08-22 17:22 <DIR> --d----- c:\docume~1\admini~1\applic~1\BitDefender <br/>2009-08-22 01:44 132 a------- c:\windows\system32\rezumatenoi.dat <br/>2009-08-21 20:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton <br/>2009-08-21 20:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec <br/>2009-08-21 20:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller <br/>2009-08-21 20:30 <DIR> --d----- c:\documents and settings\administrator\.housecall6.6 <br/>2009-08-21 20:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender <br/>2009-08-21 20:24 <DIR> --d----- c:\program files\common files\BitDefender <br/>2009-08-21 19:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files <br/>2009-08-21 19:15 <DIR> --d----- C:\54b047081621ee4cb988526948 <br/>2009-08-21 18:38 3,532 a------- C:\drmHeader.bin <br/>2009-08-21 18:12 84,992 a------- c:\windows\system32\msihost.exe <br/>2009-08-19 19:48 <DIR> --d----- c:\program files\iPod <br/>2009-08-19 19:48 <DIR> --d----- c:\program files\iTunes <br/>2009-08-19 19:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} <br/>2009-08-19 16:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment <br/>2009-08-13 16:32 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx <br/>2009-08-13 16:32 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll <br/>2009-08-08 15:13 <DIR> --d----- c:\program files\NVIDIA Corporation <br/>2009-08-08 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation <br/>2009-08-08 15:12 1,706,528 a------- c:\windows\system32\nvcuvenc.dll <br/>2009-08-08 15:12 1,597,690 a------- c:\windows\system32\nvdata.bin <br/>2009-08-05 02:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll <br/> <br/>==================== Find3M ==================== <br/> <br/>2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll <br/>2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll <br/>2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll <br/>2009-07-14 13:35 2,173,472 a------- c:\windows\system32\nvcplui.exe <br/>2009-07-14 13:35 81,920 a------- c:\windows\system32\nvwddi.dll <br/>2009-07-14 13:35 4,026,368 a------- c:\windows\system32\nvvitvs.dll <br/>2009-07-14 13:35 3,170,304 a------- c:\windows\system32\nvwss.dll <br/>2009-07-14 13:34 13,877,248 a------- c:\windows\system32\nvcpl.dll <br/>2009-07-14 13:34 4,923,392 a------- c:\windows\system32\nvdisps.dll <br/>2009-07-14 13:34 3,547,136 a------- c:\windows\system32\nvgames.dll <br/>2009-07-14 13:34 1,286,144 a------- c:\windows\system32\nvmobls.dll <br/>2009-07-14 13:34 188,416 a------- c:\windows\system32\nvmccss.dll <br/>2009-07-14 13:34 168,004 a------- c:\windows\system32\nvsvc32.exe <br/>2009-07-14 13:34 143,360 a------- c:\windows\system32\nvcolor.exe <br/>2009-07-14 13:34 86,016 a------- c:\windows\system32\nvmctray.dll <br/>2009-07-14 13:34 229,376 a------- c:\windows\system32\nvmccs.dll <br/>2009-07-14 11:54 10,457,088 a------- c:\windows\system32\nvoglnt.dll <br/>2009-07-14 11:54 7,741,664 a------- c:\windows\system32\drivers\nv4_mini.sys <br/>2009-07-14 11:54 5,842,816 a------- c:\windows\system32\nv4_disp.dll <br/>2009-07-14 11:54 2,189,856 a------- c:\windows\system32\nvcuvid.dll <br/>2009-07-14 11:54 2,002,944 a------- c:\windows\system32\nvcuda.dll <br/>2009-07-14 11:54 868,352 a------- c:\windows\system32\nvapi.dll <br/>2009-07-14 11:54 485,920 a------- c:\windows\system32\nvudisp.exe <br/>2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcodins.dll <br/>2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcod.dll <br/>2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll <br/>2009-07-10 07:01 485,920 a------- c:\windows\system32\NVUNINST.EXE <br/>2009-06-29 09:12 827,392 a------- c:\windows\system32\wininet.dll <br/>2009-06-29 09:12 78,336 a------- c:\windows\system32\ieencode.dll <br/>2009-06-29 09:12 17,408 -------- c:\windows\system32\corpol.dll <br/>2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll <br/>2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll <br/>2009-06-12 05:31 80,896 a------- c:\windows\system32\tlntsess.exe <br/>2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe <br/>2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll <br/>2009-06-10 07:13 84,992 a------- c:\windows\system32\avifil32.dll <br/>2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc.dll <br/>2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll <br/>2009-01-11 14:44 22,328 a------- c:\docume~1\admini~1\applic~1\PnkBstrK.sys <br/> <br/>============= FINISH: 21:56:59.04 =============== <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/>Here is the Attach log <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/>UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. <br/>IF REQUESTED, ZIP IT UP & ATTACH IT <br/> <br/>DDS (Ver_09-07-30.01) <br/> <br/>Microsoft Windows XP Professional <br/>Boot Device: \Device\HarddiskVolume1 <br/>Install Date: 4/18/2008 10:33:50 AM <br/>System Uptime: 8/22/2009 9:09:09 PM (0 hours ago) <br/> <br/>Motherboard: ASUSTeK Computer INC. | | M2N-SLI <br/>Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ | Socket AM2 | 3116/200mhz <br/> <br/>==== Disk Partitions ========================= <br/> <br/>A: is Removable <br/>C: is FIXED (NTFS) - 466 GiB total, 320.458 GiB free. <br/>D: is CDROM () <br/>E: is CDROM () <br/>F: is CDROM () <br/> <br/>==== Disabled Device Manager Items ============= <br/> <br/>Class GUID: {50127DC3-0F36-415E-A6CC-4CB3BE910B65} <br/>Description: AMD K8 Processor <br/>Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_107\_0 <br/>Manufacturer: Advanced Micro Devices <br/>Name: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ <br/>PNP Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_107\_0 <br/>Service: AmdK8 <br/> <br/>Class GUID: {50127DC3-0F36-415E-A6CC-4CB3BE910B65} <br/>Description: AMD K8 Processor <br/>Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_107\_1 <br/>Manufacturer: Advanced Micro Devices <br/>Name: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ <br/>PNP Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_107\_1 <br/>Service: AmdK8 <br/> <br/>Class GUID: {36FC9E60-C465-11CF-8056-444553540000} <br/>Description: USB Mass Storage Device <br/>Device ID: USB\VID_058F&PID_6377\920321111113 <br/>Manufacturer: Compatible USB storage device <br/>Name: USB Mass Storage Device <br/>PNP Device ID: USB\VID_058F&PID_6377\920321111113 <br/>Service: USBSTOR <br/> <br/>Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318} <br/>Description: Microsoft Kernel DLS Synthesizer <br/>Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC <br/>Manufacturer: Microsoft <br/>Name: Microsoft Kernel DLS Synthesizer <br/>PNP Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC <br/>Service: DMusic <br/> <br/>==== System Restore Points =================== <br/> <br/>RP260: 5/26/2009 4:26:52 PM - System Checkpoint <br/>RP261: 5/28/2009 5:11:36 PM - System Checkpoint <br/>RP262: 5/31/2009 3:42:38 PM - System Checkpoint <br/>RP263: 6/2/2009 6:03:28 PM - System Checkpoint <br/>RP264: 6/2/2009 8:29:22 PM - Installed The Sims 3 <br/>RP265: 6/4/2009 4:59:07 PM - System Checkpoint <br/>RP266: 6/9/2009 5:48:03 PM - Software Distribution Service 3.0 <br/>RP267: 6/9/2009 5:58:25 PM - Installed Java(TM) 6 Update 14 <br/>RP268: 6/13/2009 2:03:22 PM - System Checkpoint <br/>RP269: 6/15/2009 7:14:54 PM - System Checkpoint <br/>RP270: 6/29/2009 8:46:21 PM - System Checkpoint <br/>RP271: 7/6/2009 5:06:05 PM - System Checkpoint <br/>RP272: 7/8/2009 4:27:09 PM - Software Distribution Service 3.0 <br/>RP273: 7/9/2009 7:14:59 PM - System Checkpoint <br/>RP274: 7/11/2009 3:40:46 AM - System Checkpoint <br/>RP275: 7/11/2009 6:54:35 PM - Installed Windows XP WgaNotify. <br/>RP276: 7/14/2009 10:47:04 PM - Software Distribution Service 3.0 <br/>RP277: 7/18/2009 1:19:02 PM - System Checkpoint <br/>RP278: 7/21/2009 5:48:40 PM - System Checkpoint <br/>RP279: 7/25/2009 8:07:27 PM - System Checkpoint <br/>RP280: 7/27/2009 8:12:22 PM - System Checkpoint <br/>RP281: 7/28/2009 8:12:53 PM - System Checkpoint <br/>RP282: 7/28/2009 11:00:21 PM - Software Distribution Service 3.0 <br/>RP283: 7/31/2009 5:23:16 PM - System Checkpoint <br/>RP284: 8/4/2009 7:56:57 PM - Installed Java(TM) 6 Update 15 <br/>RP285: 8/5/2009 9:38:22 PM - System Checkpoint <br/>RP286: 8/8/2009 3:16:45 PM - Removed Athlon 64 Processor Driver <br/>RP287: 8/13/2009 10:11:43 PM - Software Distribution Service 3.0 <br/>RP288: 8/21/2009 5:11:52 PM - System Checkpoint <br/>RP289: 8/21/2009 7:13:21 PM - Software Distribution Service 3.0 <br/>RP290: 8/21/2009 7:30:21 PM - Printer Driver Microsoft XPS Document Writer Installed <br/>RP291: 8/21/2009 7:41:23 PM - Restore Operation <br/>RP292: 8/21/2009 9:00:32 PM - Removed BitDefender Total Security 2010 <br/> <br/>==== Installed Programs ====================== <br/> <br/>3DMark06 <br/>Adobe Anchor Service CS3 <br/>Adobe Asset Services CS3 <br/>Adobe Bridge CS3 <br/>Adobe Bridge Start Meeting <br/>Adobe Camera Raw 4.0 <br/>Adobe CMaps <br/>Adobe Color - Photoshop Specific <br/>Adobe Color Common Settings <br/>Adobe Color EU Extra Settings <br/>Adobe Color JA Extra Settings <br/>Adobe Color NA Recommended Settings <br/>Adobe Default Language CS3 <br/>Adobe Device Central CS3 <br/>Adobe ExtendScript Toolkit 2 <br/>Adobe Flash Player 10 ActiveX <br/>Adobe Flash Player 10 Plugin <br/>Adobe Fonts All <br/>Adobe Help Viewer CS3 <br/>Adobe Linguistics CS3 <br/>Adobe PDF Library Files <br/>Adobe Photoshop CS3 <br/>Adobe Reader 8.1.3 <br/>Adobe Setup <br/>Adobe Stock Photos CS3 <br/>Adobe Type Support <br/>Adobe Update Manager CS3 <br/>Adobe Version Cue CS3 Client <br/>Adobe WinSoft Linguistics Plugin <br/>Adobe XMP Panels CS3 <br/>AIM 6 <br/>AIM Toolbar <br/>Apple Mobile Device Support <br/>Apple Software Update <br/>ASUSUpdate <br/>AutoUpdate <br/>C-Media 6501 Sound <br/>CCleaner (remove only) <br/>Command & Conquer™ Red Alert™ 3 <br/>Counter-Strike: Source <br/>Crysis WARHEAD(R) <br/>Crysis(R) <br/>Crysis(R) SP Demo <br/>DivX Codec <br/>DivX Version Checker <br/>DivX Web Player <br/>DNA <br/>Driver Sweeper 1.0 <br/>EVGA Precision 1.0.2 <br/>Far Cry <br/>Far Cry (Patch 1.4) <br/>Fraps (remove only) <br/>Full Tilt Poker <br/>GameSpy Comrade <br/>Google Chrome <br/>Half-Life <br/>Half-Life 2 <br/>HijackThis 2.0.2 <br/>Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) <br/>Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) <br/>Hotfix for Windows Internet Explorer 7 (KB947864) <br/>Hotfix for Windows XP (KB954550-v5) <br/>InstallMgr <br/>iTunes <br/>Java(TM) 6 Update 15 <br/>K-Lite Codec Pack 5.0.5 (Basic) <br/>Logitech GamePanel Software 2.02 <br/>Malwarebytes' Anti-Malware <br/>Microsoft .NET Framework 1.1 <br/>Microsoft .NET Framework 1.1 Hotfix (KB928366) <br/>Microsoft .NET Framework 2.0 Service Pack 2 <br/>Microsoft .NET Framework 3.0 Service Pack 2 <br/>Microsoft .NET Framework 3.5 SP1 <br/>Microsoft Compression Client Pack 1.0 for Windows XP <br/>Microsoft Default Manager <br/>Microsoft Games for Windows - LIVE Redistributable <br/>Microsoft Internationalized Domain Names Mitigation APIs <br/>Microsoft National Language Support Downlevel APIs <br/>Microsoft Search Enhancement Pack <br/>Microsoft Silverlight <br/>Microsoft User-Mode Driver Framework Feature Pack 1.0 <br/>Microsoft VC9 runtime libraries <br/>Microsoft Visual C++ 2005 Redistributable <br/>Microsoft WSE 3.0 Runtime <br/>MSN Toolbar <br/>MSXML 6.0 Parser (KB933579) <br/>NVIDIA Drivers <br/>NVIDIA nView Desktop Manager <br/>NVIDIA PhysX <br/>PDF Settings <br/>PunkBuster Services <br/>QuickTime <br/>Rhapsody <br/>RivaTuner v2.09 <br/>Security Update for Windows Internet Explorer 7 (KB938127) <br/>Security Update for Windows Internet Explorer 7 (KB944533) <br/>Security Update for Windows Internet Explorer 7 (KB950759) <br/>Security Update for Windows Internet Explorer 7 (KB953838) <br/>Security Update for Windows Internet Explorer 7 (KB956390) <br/>Security Update for Windows Internet Explorer 7 (KB958215) <br/>Security Update for Windows Internet Explorer 7 (KB960714) <br/>Security Update for Windows Internet Explorer 7 (KB961260) <br/>Security Update for Windows Internet Explorer 7 (KB963027) <br/>Security Update for Windows Internet Explorer 7 (KB969897) <br/>Security Update for Windows Internet Explorer 7 (KB972260) <br/>Security Update for Windows Media Player (KB911564) <br/>Security Update for Windows Media Player 6.4 (KB925398) <br/>Security Update for Windows Media Player 9 (KB936782) <br/>Security Update for Windows XP (KB923689) <br/>Sony Vegas Pro 8.0 <br/>Source SDK Base <br/>Steam <br/>Sven Co-op 3.0 <br/>System Requirements Lab <br/>The Sims™ 3 <br/>TortoiseSVN 1.5.5.14361 (32 bit) <br/>VC80CRTRedist - 8.0.50727.762 <br/>Ventrilo Client <br/>Viewpoint Media Player <br/>WebFldrs XP <br/>Winamp <br/>Windows Genuine Advantage Notifications (KB905474) <br/>Windows Imaging Component <br/>Windows Internet Explorer 7 <br/>Windows Media Format 11 runtime <br/>Windows Media Player 11 <br/>Windows Presentation Foundation <br/>Windows Vista Upgrade Advisor <br/>Windows XP Service Pack 3 <br/>WinRAR archiver <br/>WinZip 11.2 <br/>World of Warcraft <br/>World of Warcraft Public Test <br/>XML Paper Specification Shared Components Pack 1.0 <br/>Yahoo! Messenger <br/> <br/>==== Event Viewer Messages From Past Week ======== <br/> <br/>8/22/2009 6:02:37 PM, error: Removable Storage Service [15] - RSM cannot manage library CdRom1. The database is corrupt. <br/>8/22/2009 6:02:34 PM, error: Removable Storage Service [15] - RSM cannot manage library CdRom2. The database is corrupt. <br/>8/22/2009 5:42:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} <br/>8/22/2009 5:33:10 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found. <br/>8/21/2009 9:02:48 PM, error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 1 time(s). <br/>8/21/2009 8:29:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips <br/>8/21/2009 8:13:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} <br/>8/21/2009 8:13:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} <br/>8/21/2009 7:11:19 PM, error: Service Control Manager [7034] - The Windows MSI service terminated unexpectedly. It has done this 1 time(s). <br/>8/21/2009 7:09:56 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified. <br/>8/21/2009 6:19:54 PM, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s). <br/>8/21/2009 6:19:54 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s). <br/> <br/>==== End Of File ===========================
Posted 8/23/2009 5:19 AM
#76401
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Go to add/remove programs in controlpanel, and remove: <br/>DNA <br/>Viewpoint Media Player <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Please download<SPAN style="mso-spacerun: yes"> http://swandog46.geekstogo.com/avenger2/download.php<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"><SPAN style="mso-spacerun: yes"> by Swandog46 to your Desktop.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Click on Avenger.zip to open the file <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Extract avenger2.exe to your desktop<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Start Avenger<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Quote-><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">-------------------------------------<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"><SPAN style="mso-spacerun: yes"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Files to delete: <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">c:\windows\MEMORY.DMP<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">c:\windows\system32\rezumatenoi.dat<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">C:\windows\system32\msihost.exe<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN"><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><SPAN lang=EN-GB style="mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">------------------------------------------------------<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Copy/Paste all the text<SPAN style="mso-spacerun: yes"> in the above quote box into the main window <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Click Execute <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">The Avenger will automatically do the following: <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">It will Restart your computer. <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">On reboot, it will briefly open a black command window on your desktop, this is normal.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">After the restart, it creates a log file that should open with the results of Avenger’s actions. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">This log file will be located at<SPAN style="mso-spacerun: yes"> C:\avenger.txt<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Post C:\avenger.txt in next reply. <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">If you run malwarebyte now, please post that as well. <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB">Before you run it, rename it to smss.exe

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/23/2009 9:36 AM
#76411
User avatar

RickB Member

Date Joined Nov 2016
Total Posts: 8
I was able to do it. Here is Avenger. <br/> <br/> <br/>Logfile of The Avenger Version 2.0, (c) by Swandog46 <br/>http://swandog46.geekstogo.com <br/> <br/>Platform: Windows XP <br/> <br/>******************* <br/> <br/>Script file opened successfully. <br/>Script file read successfully. <br/> <br/>Backups directory opened successfully at C:\Avenger <br/> <br/>******************* <br/> <br/>Beginning to process script file: <br/> <br/>Rootkit scan active. <br/> <br/>Hidden driver "ams4otpf" found! <br/>Start Type: 3 (Manual) <br/> <br/>Rootkit scan completed. <br/> <br/>File "c:\windows\MEMORY.DMP" deleted successfully. <br/>File "c:\windows\system32\rezumatenoi.dat" deleted successfully. <br/>File "C:\windows\system32\msihost.exe" deleted successfully. <br/> <br/>Completed script processing. <br/> <br/>******************* <br/> <br/>Finished! Terminate. <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/>Malwarebytes <br/> <br/> <br/> <br/>Malwarebytes' Anti-Malware 1.40 <br/>Database version: 2551 <br/>Windows 5.1.2600 Service Pack 3 <br/> <br/>8/23/2009 2:35:06 AM <br/>mbam-log-2009-08-23 (02-35-06).txt <br/> <br/>Scan type: Full Scan (C:\|) <br/>Objects scanned: 201602 <br/>Time elapsed: 24 minute(s), 6 second(s) <br/> <br/>Memory Processes Infected: 0 <br/>Memory Modules Infected: 0 <br/>Registry Keys Infected: 0 <br/>Registry Values Infected: 0 <br/>Registry Data Items Infected: 8 <br/>Folders Infected: 0 <br/>Files Infected: 3 <br/> <br/>Memory Processes Infected: <br/>(No malicious items detected) <br/> <br/>Memory Modules Infected: <br/>(No malicious items detected) <br/> <br/>Registry Keys Infected: <br/>(No malicious items detected) <br/> <br/>Registry Values Infected: <br/>(No malicious items detected) <br/> <br/>Registry Data Items Infected: <br/>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{075716f7-550a-4724-9009-f11a9400e018}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{075716f7-550a-4724-9009-f11a9400e018}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{075716f7-550a-4724-9009-f11a9400e018}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{075716f7-550a-4724-9009-f11a9400e018}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully. <br/> <br/>Folders Infected: <br/>(No malicious items detected) <br/> <br/>Files Infected: <br/>C:\WINDOWS\Temp\tempo-809125.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\Temp\tempo-6245921.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Posted 8/23/2009 11:32 AM
#76412
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Great :smile: <br/> <br/> <br/> <br/> <br/>If you can run combofix now, please post a combofix log.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/23/2009 5:52 PM
#76422
User avatar

RickB Member

Date Joined Nov 2016
Total Posts: 8
Combofix is doing the same thing, blue screening, i tried again in safe mode and it just rebooted me. <br/> <br/>Although when my desktop loaded I did notice I was able to access the internet without that 2-3 minute delay. <br/> <br/> <br/>Also appears to sometimes be freezing right as i'm about to click my windows logon to go to my desktop. <br/> <br/> <br/> <br/>The re-directs appear to still be happening, also was just browsing around on youtube and I got some really random ad pop ups. :( <br/> <br/> <br/> <br/>Heres another thing I noticed, when I start windows and I get to my desktop, it takes about 15-20 seconds after having reached my desktop before I can see my start bar, at which point I hear the little windows-started music thing, and can do anything I need to. I hope any of this helps. <br/> <br/> <br/> <br/>OKAYYYY, so I'm !!!!, I re-downloaded combofix and tried it again and it worked. I probably screwed up the original verison somehow. So far everything seems to be looking good, haven't got any re-directs and I haven't seen what looks like the previous symptons, I await your response! <br/> <br/> <br/> <br/>ComboFix 09-08-22.06 - Administrator 08/23/2009 16:54.1.2 - NTFSx86 <br/>Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2966 [GMT -7:00] <br/>Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe <br/>AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} <br/>FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>c:\windows\Installer\844a89.msi <br/> <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>-------\Legacy_ESQULserv.sys <br/>-------\Service_ESQULserv.sys <br/> <br/> <br/>((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2009-08-23 17:53 . 2009-08-23 23:38 -------- d-s---w- C:\321 <br/>2009-08-23 05:27 . 2009-08-23 05:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes <br/>2009-08-23 03:02 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll <br/>2009-08-23 03:02 . 2009-08-23 03:02 -------- d-----w- c:\program files\K-Lite Codec Pack <br/>2009-08-23 02:04 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2009-08-23 02:04 . 2009-08-23 05:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2009-08-23 02:04 . 2009-08-23 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes <br/>2009-08-23 02:04 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2009-08-23 01:51 . 2009-08-23 01:51 -------- d-----w- c:\program files\CCleaner <br/>2009-08-23 01:00 . 2009-08-23 01:00 -------- d-----w- c:\windows\system32\NtmsData <br/>2009-08-23 00:37 . 2009-08-23 00:37 -------- d--h--w- c:\windows\PIF <br/>2009-08-23 00:22 . 2009-08-23 00:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitDefender <br/>2009-08-22 03:42 . 2009-08-22 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton <br/>2009-08-22 03:42 . 2009-08-22 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec <br/>2009-08-22 03:42 . 2009-08-22 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller <br/>2009-08-22 03:30 . 2009-08-22 03:41 -------- d-----w- c:\documents and settings\Administrator\.housecall6.6 <br/>2009-08-22 03:24 . 2009-08-23 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender <br/>2009-08-22 03:24 . 2009-08-22 03:24 -------- d-----w- c:\program files\Common Files\BitDefender <br/>2009-08-22 02:51 . 2009-08-22 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files <br/>2009-08-22 02:15 . 2009-08-22 02:15 -------- d-----w- C:\54b047081621ee4cb988526948 <br/>2009-08-22 01:57 . 2009-08-22 03:18 -------- d-----w- c:\windows\BDOSCAN8 <br/>2009-08-22 01:38 . 2009-08-22 01:38 3532 ----a-w- C:\drmHeader.bin <br/>2009-08-20 02:48 . 2009-08-20 02:48 -------- d-----w- c:\program files\iPod <br/>2009-08-20 02:48 . 2009-08-20 02:48 -------- d-----w- c:\program files\iTunes <br/>2009-08-20 02:48 . 2009-08-20 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} <br/>2009-08-20 02:47 . 2009-08-20 02:47 -------- d-----w- c:\program files\QuickTime <br/>2009-08-20 02:45 . 2009-08-20 02:45 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe <br/>2009-08-19 23:27 . 2009-08-19 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment <br/>2009-08-13 23:32 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll <br/>2009-08-08 22:13 . 2009-08-08 22:13 -------- d-----w- c:\program files\NVIDIA Corporation <br/>2009-08-08 22:13 . 2009-08-08 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation <br/>2009-08-08 22:12 . 2009-07-14 18:54 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll <br/>2009-08-08 22:12 . 2009-07-14 18:54 1597690 ----a-w- c:\windows\system32\nvdata.bin <br/>2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll <br/>2009-08-05 02:56 . 2009-08-05 02:56 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2009-08-23 23:42 . 2008-04-23 02:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP <br/>2009-08-23 05:21 . 2008-04-26 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint <br/>2009-08-22 03:29 . 2008-05-26 18:27 664 ----a-w- c:\windows\system32\d3d9caps.dat <br/>2009-08-22 02:32 . 2008-04-18 17:58 21104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT <br/>2009-08-22 02:00 . 2008-09-10 23:48 -------- d-----w- c:\program files\Bonjour <br/>2009-08-22 01:19 . 2009-07-11 05:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\IGN_DLM <br/>2009-08-22 01:13 . 2009-02-07 09:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire <br/>2009-08-21 04:49 . 2008-04-23 03:15 -------- d-----w- c:\program files\Fraps <br/>2009-08-20 02:48 . 2009-02-06 00:46 -------- d-----w- c:\program files\Common Files\Apple <br/>2009-08-20 01:02 . 2009-02-07 18:12 -------- d-----w- c:\program files\Rhapsody <br/>2009-08-19 23:28 . 2008-04-23 02:55 -------- d-----w- c:\program files\World of Warcraft <br/>2009-08-08 22:17 . 2008-04-18 21:35 -------- d--h--w- c:\program files\InstallShield Installation Information <br/>2009-08-08 22:13 . 2008-10-25 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard <br/>2009-08-08 22:13 . 2008-10-25 23:19 -------- d-----w- c:\program files\AGEIA Technologies <br/>2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll <br/>2009-08-05 02:57 . 2009-03-10 23:42 -------- d-----w- c:\program files\Java <br/>2009-07-25 12:23 . 2009-02-07 09:23 411368 ----a-w- c:\windows\system32\deploytk.dll <br/>2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll <br/>2009-07-17 02:26 . 2009-07-11 02:23 -------- d-----w- c:\program files\Warcraft III <br/>2009-07-14 20:35 . 2009-07-14 20:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe <br/>2009-07-14 20:35 . 2009-07-14 20:35 81920 ----a-w- c:\windows\system32\nvwddi.dll <br/>2009-07-14 20:35 . 2009-07-14 20:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll <br/>2009-07-14 20:35 . 2009-07-14 20:35 3170304 ----a-w- c:\windows\system32\nvwss.dll <br/>2009-07-14 20:34 . 2009-07-14 20:34 86016 ----a-w- c:\windows\system32\nvmctray.dll <br/>2009-07-14 20:34 . 2009-07-14 20:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll <br/>2009-07-14 20:34 . 2009-07-14 20:34 3547136 ----a-w- c:\windows\system32\nvgames.dll <br/>2009-07-14 20:34 . 2009-07-14 20:34 188416 ----a-w- c:\windows\system32\nvmccss.dll <br/>2009-07-14 20:34 . 2009-07-14 20:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe <br/>2009-07-14 20:34 . 2009-07-14 20:34 143360 ----a-w- c:\windows\system32\nvcolor.exe <br/>2009-07-14 20:34 . 2009-07-14 20:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll <br/>2009-07-14 20:34 . 2009-07-14 20:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll <br/>2009-07-14 20:34 . 2009-07-14 20:34 229376 ----a-w- c:\windows\system32\nvmccs.dll <br/>2009-07-14 18:54 . 2009-04-16 01:16 485920 ----a-w- c:\windows\system32\nvudisp.exe <br/>2009-07-14 18:54 . 2009-03-27 17:03 2189856 ----a-w- c:\windows\system32\nvcuvid.dll <br/>2009-07-14 18:54 . 2009-03-27 17:03 151552 ----a-w- c:\windows\system32\nvcodins.dll <br/>2009-07-14 18:54 . 2009-03-27 17:03 151552 ----a-w- c:\windows\system32\nvcod.dll <br/>2009-07-14 18:54 . 2009-03-27 17:03 10457088 ----a-w- c:\windows\system32\nvoglnt.dll <br/>2009-07-14 18:54 . 2008-11-12 22:54 868352 ----a-w- c:\windows\system32\nvapi.dll <br/>2009-07-14 18:54 . 2008-11-12 22:54 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys <br/>2009-07-14 18:54 . 2008-11-12 22:54 5842816 ----a-w- c:\windows\system32\nv4_disp.dll <br/>2009-07-14 18:54 . 2008-11-12 22:54 2002944 ----a-w- c:\windows\system32\nvcuda.dll <br/>2009-07-14 06:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll <br/>2009-07-11 05:28 . 2008-05-14 00:49 -------- d-----w- c:\program files\Steam <br/>2009-07-10 14:01 . 2009-04-16 01:15 485920 ----a-w- c:\windows\system32\NVUNINST.EXE <br/>2009-07-09 15:52 . 2009-07-09 15:52 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.463\English\setup.exe <br/>2009-06-29 16:12 . 2006-02-28 12:00 827392 ----a-w- c:\windows\system32\wininet.dll <br/>2009-06-29 16:12 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll <br/>2009-06-29 16:12 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll <br/>2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll <br/>2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll <br/>2009-06-12 12:31 . 2006-02-28 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe <br/>2009-06-12 12:31 . 2006-02-28 12:00 76288 ----a-w- c:\windows\system32\telnet.exe <br/>2009-06-10 16:19 . 2008-04-18 17:27 2066432 ----a-w- c:\windows\system32\mstscax.dll <br/>2009-06-10 14:13 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll <br/>2009-06-10 06:14 . 2006-02-28 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll <br/>2009-06-10 00:58 . 2009-06-10 00:58 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll <br/>2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll <br/>2009-06-03 03:34 . 2009-06-03 03:34 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] <br/>@="{C5994560-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] <br/>@="{C5994561-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] <br/>@="{C5994562-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] <br/>@="{C5994563-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] <br/>@="{C5994564-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] <br/>@="{C5994565-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] <br/>@="{C5994566-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] <br/>@="{C5994567-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] <br/>@="{C5994568-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-14 2051096] <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] <br/>"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304] <br/>"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2008-05-07 142352] <br/>"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] <br/>"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376] <br/>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248] <br/>"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016] <br/>"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696] <br/>"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\WINDOWS\\system32\\PnkBstrA.exe"= <br/>"c:\\WINDOWS\\system32\\PnkBstrB.exe"= <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= <br/>"c:\\Program Files\\AIM6\\aim6.exe"= <br/>"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= <br/>"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= <br/>"c:\\Program Files\\Messenger\\msmsgs.exe"= <br/>"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= <br/>"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.1.game"= <br/>"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"= <br/>"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.3.game"= <br/>"c:\\Program Files\\Ventrilo\\Ventrilo.exe"= <br/>"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= <br/>"c:\\Program Files\\Bonjour\\mDNSResponder.exe"= <br/>"c:\\Program Files\\iTunes\\iTunes.exe"= <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] <br/>"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 <br/> <br/>R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [4/18/2008 10:55 AM 1310720] <br/>S2 Windows MSI;Windows MSI;\\?\c:\windows\system32\msihost.exe --> http://www.gmer.net <br/>Rootkit scan 2009-08-23 17:03 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/> <br/>[HKEY_USERS\S-1-5-21-1343024091-2052111302-725345543-500\Software\SecuROM\License information*] <br/>"datasecu"=hex:46,8f,d6,c1,c5,06,6c,e1,e4,83,4c,3d,cb,e2,a3,ba,c0,aa,f6,4f,cd, <br/> 60,77,cc,05,9a,bc,bb,dc,5a,cd,6e,2d,10,1f,af,56,ca,cb,fe,98,22,e4,f4,ac,d3,\ <br/>"rkeysecu"=hex:c8,cc,33,d6,d5,cd,f8,70,8f,4d,b1,dc,ca,5d,7b,d0 <br/> <br/>[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap] <br/>@DACL=(02 0000) <br/>@="bootstrap.application.1" <br/> <br/>[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap] <br/>@DACL=(02 0000) <br/>@="bootstrap.xaml.1" <br/> <br/>[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap] <br/>@DACL=(02 0000) <br/>@="bootstrap.xbap.1" <br/> <br/>[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap] <br/>@DACL=(02 0000) <br/>@="bootstrap.xps.1" <br/>. <br/>--------------------- DLLs Loaded Under Running Processes --------------------- <br/> <br/>- - - - - - - > 'explorer.exe'(3736) <br/>c:\windows\system32\WININET.dll <br/>c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/>c:\program files\TortoiseSVN\bin\TortoiseStub.dll <br/>c:\program files\TortoiseSVN\bin\TortoiseSVN.dll <br/>c:\program files\TortoiseSVN\bin\intl3_tsvn.dll <br/>c:\windows\system32\ieframe.dll <br/>c:\windows\system32\WPDShServiceObj.dll <br/>c:\windows\system32\PortableDeviceTypes.dll <br/>c:\windows\system32\PortableDeviceApi.dll <br/>. <br/>------------------------ Other Running Processes ------------------------ <br/>. <br/>c:\windows\system32\nvsvc32.exe <br/>c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>c:\program files\Bonjour\mDNSResponder.exe <br/>c:\program files\Java\jre6\bin\jqs.exe <br/>c:\windows\system32\PnkBstrA.exe <br/>c:\windows\system32\PnkBstrB.exe <br/>c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe <br/>c:\windows\system32\wscntfy.exe <br/>c:\program files\TortoiseSVN\bin\TSVNCache.exe <br/>c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe <br/>c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe <br/>c:\windows\system32\rundll32.exe <br/>c:\program files\iPod\bin\iPodService.exe <br/>c:\windows\system32\imapi.exe <br/>. <br/>************************************************************************** <br/>. <br/>Completion time: 2009-08-24 17:05 - machine was rebooted <br/>ComboFix-quarantined-files.txt 2009-08-24 00:05 <br/> <br/>Pre-Run: 343,919,452,160 bytes free <br/>Post-Run: 350,331,957,248 bytes free <br/> <br/>Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 <br/>272 --- E O F --- 2009-08-22 02:18
Posted 8/24/2009 2:36 AM
#76433
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Sounds good :smile: <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Open notepad and copy/paste the bold text in the codebox below into it:<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Name the file as CFScript <br/>and Save it on the desktop<o:p></o:p> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 7.5pt; COLOR: silver; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/>Code: <br/> <br/><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">Killall::<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">Snapshot::<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">File:: <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; mso-ansi-language: EN-GB">c:\windows\system32\msihost.exe<SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="COLOR: #333333; mso-ansi-language: EN-GB">Folder::<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; mso-ansi-language: EN-GB">c:\documents and settings\All Users\Application Data\Viewpoint<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; mso-ansi-language: EN-GB">c:\documents and settings\Administrator\Application Data\LimeWire<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="COLOR: #333333; mso-ansi-language: EN-GB">Driver::<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; mso-ansi-language: EN-GB">Windows MSI<SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">User image <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply<o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/24/2009 2:46 AM
#76435
User avatar

RickB Member

Date Joined Nov 2016
Total Posts: 8
Here you go! <br/> <br/> <br/> <br/> <br/>ComboFix 09-08-22.06 - Administrator 08/23/2009 19:39.2.2 - NTFSx86 <br/>Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2887 [GMT -7:00] <br/>Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe <br/>Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt <br/>AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} <br/>FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} <br/> <br/>FILE :: <br/>"c:\windows\system32\msihost.exe" <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>c:\documents and settings\Administrator\Application Data\LimeWire <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\auth.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\caps.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\composer.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\directory.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\editor.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\find.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\intl.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\jar.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\locale.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\oji.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\pippki.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\places.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\pref.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\profile.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\storage.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\update.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\widget.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\crashreporter.exe <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\crashreporter.ini <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\dependentlibs.list <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\freebl3.chk <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\freebl3.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\all.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\js3250.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\LICENSE <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\modules\debug.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\modules\utils.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\mozctl.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\mozctlx.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\msvcr71.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\nspr4.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\nss3.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\nssckbi.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\nssutil3.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\platform.ini <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\plc4.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\plds4.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\README.txt <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\arrow.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\designmode.css <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\forms.css <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\grabber.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\html.css <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\html\folder.png <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\language.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\mathml.css <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\quirk.css <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\svg.css <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\ua.css <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\viewsource.css <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\smime3.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\softokn3.chk <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\softokn3.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\sqlite3.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\ssl3.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\updater.exe <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\version.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xpcom.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xpcshell.exe <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xpidl.exe <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xpt_link.exe <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xul.dll <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe <br/>c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner.exe <br/>c:\documents and settings\Administrator\Application Data\LimeWire\certificate\limewire.keystore <br/>c:\documents and settings\Administrator\Application Data\LimeWire\createtimes.cache <br/>c:\documents and settings\Administrator\Application Data\LimeWire\downloads.dat <br/>c:\documents and settings\Administrator\Application Data\LimeWire\fileurns.cache <br/>c:\documents and settings\Administrator\Application Data\LimeWire\gnutella.net <br/>c:\documents and settings\Administrator\Application Data\LimeWire\installation.props <br/>c:\documents and settings\Administrator\Application Data\LimeWire\library.dat <br/>c:\documents and settings\Administrator\Application Data\LimeWire\library5.dat <br/>c:\documents and settings\Administrator\Application Data\LimeWire\limewire.props <br/>c:\documents and settings\Administrator\Application Data\LimeWire\lock <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mojito.props <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\.autoreg <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_ <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_ <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_ <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_ <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\30B5DE57d01 <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\4C4B6535d01 <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01 <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01 <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFBd01 <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\B7E8F4C3d01 <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A8Ed01 <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\D5267890d01 <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\cert8.db <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\compreg.dat <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\cookies.sqlite <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\downloads.sqlite <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\extensions.cache <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\extensions.ini <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\history.dat <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\key3.db <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\localstore.rdf <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\permissions.sqlite <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\places.sqlite-journal <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\places.sqlite <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\pluginreg.dat <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\prefs.js <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\secmod.db <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\XPC.mfl <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\xpti.dat <br/>c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\XUL.mfl <br/>c:\documents and settings\Administrator\Application Data\LimeWire\player.props <br/>c:\documents and settings\Administrator\Application Data\LimeWire\promotion\promodb.backup <br/>c:\documents and settings\Administrator\Application Data\LimeWire\promotion\promodb.data <br/>c:\documents and settings\Administrator\Application Data\LimeWire\promotion\promodb.log <br/>c:\documents and settings\Administrator\Application Data\LimeWire\promotion\promodb.properties <br/>c:\documents and settings\Administrator\Application Data\LimeWire\promotion\promodb.script <br/>c:\documents and settings\Administrator\Application Data\LimeWire\questions.props <br/>c:\documents and settings\Administrator\Application Data\LimeWire\responses.cache <br/>c:\documents and settings\Administrator\Application Data\LimeWire\simpp.xml <br/>c:\documents and settings\Administrator\Application Data\LimeWire\spam.dat <br/>c:\documents and settings\Administrator\Application Data\LimeWire\tables.props <br/>c:\documents and settings\Administrator\Application Data\LimeWire\ttdata.cache <br/>c:\documents and settings\Administrator\Application Data\LimeWire\ttrees.cache <br/>c:\documents and settings\Administrator\Application Data\LimeWire\ttroot.cache <br/>c:\documents and settings\Administrator\Application Data\LimeWire\version.xml <br/>c:\documents and settings\Administrator\Application Data\LimeWire\versions.props <br/>c:\documents and settings\Administrator\Application Data\LimeWire\xml\data\audio.sxml3 <br/>c:\documents and settings\All Users\Application Data\Viewpoint <br/> <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>-------\Legacy_WINDOWS_MSI <br/>-------\Service_Windows MSI <br/> <br/> <br/>((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2009-08-23 17:53 . 2009-08-23 23:38 -------- d-s---w- C:\321 <br/>2009-08-23 05:27 . 2009-08-23 05:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes <br/>2009-08-23 03:02 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll <br/>2009-08-23 03:02 . 2009-08-23 03:02 -------- d-----w- c:\program files\K-Lite Codec Pack <br/>2009-08-23 02:04 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2009-08-23 02:04 . 2009-08-23 05:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2009-08-23 02:04 . 2009-08-23 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes <br/>2009-08-23 02:04 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2009-08-23 01:51 . 2009-08-23 01:51 -------- d-----w- c:\program files\CCleaner <br/>2009-08-23 01:00 . 2009-08-23 01:00 -------- d-----w- c:\windows\system32\NtmsData <br/>2009-08-23 00:37 . 2009-08-23 00:37 -------- d--h--w- c:\windows\PIF <br/>2009-08-23 00:22 . 2009-08-23 00:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitDefender <br/>2009-08-22 03:42 . 2009-08-22 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton <br/>2009-08-22 03:42 . 2009-08-22 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec <br/>2009-08-22 03:42 . 2009-08-22 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller <br/>2009-08-22 03:30 . 2009-08-22 03:41 -------- d-----w- c:\documents and settings\Administrator\.housecall6.6 <br/>2009-08-22 03:24 . 2009-08-23 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender <br/>2009-08-22 03:24 . 2009-08-22 03:24 -------- d-----w- c:\program files\Common Files\BitDefender <br/>2009-08-22 02:51 . 2009-08-22 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files <br/>2009-08-22 02:15 . 2009-08-22 02:15 -------- d-----w- C:\54b047081621ee4cb988526948 <br/>2009-08-22 01:57 . 2009-08-22 03:18 -------- d-----w- c:\windows\BDOSCAN8 <br/>2009-08-22 01:38 . 2009-08-22 01:38 3532 ----a-w- C:\drmHeader.bin <br/>2009-08-20 02:48 . 2009-08-20 02:48 -------- d-----w- c:\program files\iPod <br/>2009-08-20 02:48 . 2009-08-20 02:48 -------- d-----w- c:\program files\iTunes <br/>2009-08-20 02:48 . 2009-08-20 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} <br/>2009-08-20 02:47 . 2009-08-20 02:47 -------- d-----w- c:\program files\QuickTime <br/>2009-08-20 02:45 . 2009-08-20 02:45 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe <br/>2009-08-19 23:27 . 2009-08-19 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment <br/>2009-08-13 23:32 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll <br/>2009-08-08 22:13 . 2009-08-08 22:13 -------- d-----w- c:\program files\NVIDIA Corporation <br/>2009-08-08 22:13 . 2009-08-08 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation <br/>2009-08-08 22:12 . 2009-07-14 18:54 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll <br/>2009-08-08 22:12 . 2009-07-14 18:54 1597690 ----a-w- c:\windows\system32\nvdata.bin <br/>2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll <br/>2009-08-05 02:56 . 2009-08-05 02:56 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2009-08-24 01:25 . 2008-04-23 02:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP <br/>2009-08-22 03:29 . 2008-05-26 18:27 664 ----a-w- c:\windows\system32\d3d9caps.dat <br/>2009-08-22 02:32 . 2008-04-18 17:58 21104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT <br/>2009-08-22 02:00 . 2008-09-10 23:48 -------- d-----w- c:\program files\Bonjour <br/>2009-08-22 01:19 . 2009-07-11 05:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\IGN_DLM <br/>2009-08-21 04:49 . 2008-04-23 03:15 -------- d-----w- c:\program files\Fraps <br/>2009-08-20 02:48 . 2009-02-06 00:46 -------- d-----w- c:\program files\Common Files\Apple <br/>2009-08-20 01:02 . 2009-02-07 18:12 -------- d-----w- c:\program files\Rhapsody <br/>2009-08-19 23:28 . 2008-04-23 02:55 -------- d-----w- c:\program files\World of Warcraft <br/>2009-08-08 22:17 . 2008-04-18 21:35 -------- d--h--w- c:\program files\InstallShield Installation Information <br/>2009-08-08 22:13 . 2008-10-25 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard <br/>2009-08-08 22:13 . 2008-10-25 23:19 -------- d-----w- c:\program files\AGEIA Technologies <br/>2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll <br/>2009-08-05 02:57 . 2009-03-10 23:42 -------- d-----w- c:\program files\Java <br/>2009-07-25 12:23 . 2009-02-07 09:23 411368 ----a-w- c:\windows\system32\deploytk.dll <br/>2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll <br/>2009-07-17 02:26 . 2009-07-11 02:23 -------- d-----w- c:\program files\Warcraft III <br/>2009-07-14 20:35 . 2009-07-14 20:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe <br/>2009-07-14 20:35 . 2009-07-14 20:35 81920 ----a-w- c:\windows\system32\nvwddi.dll <br/>2009-07-14 20:35 . 2009-07-14 20:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll <br/>2009-07-14 20:35 . 2009-07-14 20:35 3170304 ----a-w- c:\windows\system32\nvwss.dll <br/>2009-07-14 20:34 . 2009-07-14 20:34 86016 ----a-w- c:\windows\system32\nvmctray.dll <br/>2009-07-14 20:34 . 2009-07-14 20:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll <br/>2009-07-14 20:34 . 2009-07-14 20:34 3547136 ----a-w- c:\windows\system32\nvgames.dll <br/>2009-07-14 20:34 . 2009-07-14 20:34 188416 ----a-w- c:\windows\system32\nvmccss.dll <br/>2009-07-14 20:34 . 2009-07-14 20:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe <br/>2009-07-14 20:34 . 2009-07-14 20:34 143360 ----a-w- c:\windows\system32\nvcolor.exe <br/>2009-07-14 20:34 . 2009-07-14 20:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll <br/>2009-07-14 20:34 . 2009-07-14 20:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll <br/>2009-07-14 20:34 . 2009-07-14 20:34 229376 ----a-w- c:\windows\system32\nvmccs.dll <br/>2009-07-14 18:54 . 2009-04-16 01:16 485920 ----a-w- c:\windows\system32\nvudisp.exe <br/>2009-07-14 18:54 . 2009-03-27 17:03 2189856 ----a-w- c:\windows\system32\nvcuvid.dll <br/>2009-07-14 18:54 . 2009-03-27 17:03 151552 ----a-w- c:\windows\system32\nvcodins.dll <br/>2009-07-14 18:54 . 2009-03-27 17:03 151552 ----a-w- c:\windows\system32\nvcod.dll <br/>2009-07-14 18:54 . 2009-03-27 17:03 10457088 ----a-w- c:\windows\system32\nvoglnt.dll <br/>2009-07-14 18:54 . 2008-11-12 22:54 868352 ----a-w- c:\windows\system32\nvapi.dll <br/>2009-07-14 18:54 . 2008-11-12 22:54 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys <br/>2009-07-14 18:54 . 2008-11-12 22:54 5842816 ----a-w- c:\windows\system32\nv4_disp.dll <br/>2009-07-14 18:54 . 2008-11-12 22:54 2002944 ----a-w- c:\windows\system32\nvcuda.dll <br/>2009-07-14 06:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll <br/>2009-07-11 05:28 . 2008-05-14 00:49 -------- d-----w- c:\program files\Steam <br/>2009-07-10 14:01 . 2009-04-16 01:15 485920 ----a-w- c:\windows\system32\NVUNINST.EXE <br/>2009-07-09 15:52 . 2009-07-09 15:52 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.463\English\setup.exe <br/>2009-06-29 16:12 . 2006-02-28 12:00 827392 ------w- c:\windows\system32\wininet.dll <br/>2009-06-29 16:12 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll <br/>2009-06-29 16:12 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll <br/>2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll <br/>2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll <br/>2009-06-12 12:31 . 2006-02-28 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe <br/>2009-06-12 12:31 . 2006-02-28 12:00 76288 ----a-w- c:\windows\system32\telnet.exe <br/>2009-06-10 16:19 . 2008-04-18 17:27 2066432 ----a-w- c:\windows\system32\mstscax.dll <br/>2009-06-10 14:13 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll <br/>2009-06-10 06:14 . 2006-02-28 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll <br/>2009-06-10 00:58 . 2009-06-10 00:58 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll <br/>2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll <br/>2009-06-03 03:34 . 2009-06-03 03:34 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] <br/>@="{C5994560-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] <br/>@="{C5994561-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] <br/>@="{C5994562-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] <br/>@="{C5994563-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] <br/>@="{C5994564-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] <br/>@="{C5994565-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] <br/>@="{C5994566-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] <br/>@="{C5994567-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] <br/>@="{C5994568-53D9-4125-87C9-F193FC689CB2}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] <br/>2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-14 2051096] <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] <br/>"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304] <br/>"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2008-05-07 142352] <br/>"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] <br/>"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376] <br/>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248] <br/>"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016] <br/>"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696] <br/>"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\WINDOWS\\system32\\PnkBstrA.exe"= <br/>"c:\\WINDOWS\\system32\\PnkBstrB.exe"= <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= <br/>"c:\\Program Files\\AIM6\\aim6.exe"= <br/>"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= <br/>"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= <br/>"c:\\Program Files\\Messenger\\msmsgs.exe"= <br/>"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= <br/>"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.1.game"= <br/>"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"= <br/>"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.3.game"= <br/>"c:\\Program Files\\Ventrilo\\Ventrilo.exe"= <br/>"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= <br/>"c:\\Program Files\\Bonjour\\mDNSResponder.exe"= <br/>"c:\\Program Files\\iTunes\\iTunes.exe"= <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] <br/>"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 <br/> <br/>R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [4/18/2008 10:55 AM 1310720] <br/>S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] <br/> <br/>--- Other Services/Drivers In Memory --- <br/> <br/>*NewlyCreated* - RTCORE32 <br/>*Deregistered* - RTCore32 <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/> <br/>2009-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-2052111302-725345543-500Core.job <br/>- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-18 01:43] <br/> <br/>2009-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-2052111302-725345543-500UA.job <br/>- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-18 01:43] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uStart Page = hxxp://www.yahoo.com/ <br/>uInternet Connection Wizard,ShellNext = iexplore <br/>uInternet Settings,ProxyOverride = *.local <br/>IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html <br/>DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB <br/>. <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2009-08-23 19:43 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/> <br/>[HKEY_USERS\S-1-5-21-1343024091-2052111302-725345543-500\Software\SecuROM\License information*] <br/>"datasecu"=hex:46,8f,d6,c1,c5,06,6c,e1,e4,83,4c,3d,cb,e2,a3,ba,c0,aa,f6,4f,cd, <br/> 60,77,cc,05,9a,bc,bb,dc,5a,cd,6e,2d,10,1f,af,56,ca,cb,fe,98,22,e4,f4,ac,d3,\ <br/>"rkeysecu"=hex:c8,cc,33,d6,d5,cd,f8,70,8f,4d,b1,dc,ca,5d,7b,d0 <br/> <br/>[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap] <br/>@DACL=(02 0000) <br/>@="bootstrap.application.1" <br/> <br/>[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap] <br/>@DACL=(02 0000) <br/>@="bootstrap.xaml.1" <br/> <br/>[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap] <br/>@DACL=(02 0000) <br/>@="bootstrap.xbap.1" <br/> <br/>[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap] <br/>@DACL=(02 0000) <br/>@="bootstrap.xps.1" <br/>. <br/>--------------------- DLLs Loaded Under Running Processes --------------------- <br/> <br/>- - - - - - - > 'explorer.exe'(3768) <br/>c:\windows\system32\WININET.dll <br/>c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll <br/>c:\program files\TortoiseSVN\bin\TortoiseStub.dll <br/>c:\program files\TortoiseSVN\bin\TortoiseSVN.dll <br/>c:\program files\TortoiseSVN\bin\intl3_tsvn.dll <br/>c:\windows\system32\ieframe.dll <br/>c:\windows\system32\WPDShServiceObj.dll <br/>c:\windows\system32\PortableDeviceTypes.dll <br/>c:\windows\system32\PortableDeviceApi.dll <br/>. <br/>------------------------ Other Running Processes ------------------------ <br/>. <br/>c:\windows\system32\nvsvc32.exe <br/>c:\program files\TortoiseSVN\bin\TSVNCache.exe <br/>c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe <br/>c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe <br/>c:\windows\system32\rundll32.exe <br/>c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>c:\program files\Bonjour\mDNSResponder.exe <br/>c:\program files\Java\jre6\bin\jqs.exe <br/>c:\windows\system32\PnkBstrA.exe <br/>c:\windows\system32\PnkBstrB.exe <br/>c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe <br/>c:\program files\iPod\bin\iPodService.exe <br/>c:\windows\system32\wscntfy.exe <br/>c:\windows\system32\imapi.exe <br/>. <br/>************************************************************************** <br/>. <br/>Completion time: 2009-08-24 19:45 - machine was rebooted <br/>ComboFix-quarantined-files.txt 2009-08-24 02:45 <br/>ComboFix2.txt 2009-08-24 00:05 <br/> <br/>Pre-Run: 350,201,262,080 bytes free <br/>Post-Run: 350,196,862,976 bytes free <br/> <br/>Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 <br/>637 --- E O F --- 2009-08-22 02:18
Posted 8/24/2009 2:49 AM
#76437
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Looking good. Please post new hijackthis log.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/24/2009 2:51 AM
#76438
User avatar

RickB Member

Date Joined Nov 2016
Total Posts: 8
Okay! <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 7:51:16 PM, on 8/23/2009 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v7.00 (7.00.6000.16876) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe <br/>C:\Program Files\TortoiseSVN\bin\TSVNCache.exe <br/>C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe <br/>C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe <br/>C:\Program Files\Java\jre6\bin\jusched.exe <br/>C:\WINDOWS\system32\RUNDLL32.EXE <br/>C:\Program Files\iTunes\iTunesHelper.exe <br/>C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>C:\Program Files\Bonjour\mDNSResponder.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\WINDOWS\system32\PnkBstrA.exe <br/>C:\WINDOWS\system32\PnkBstrB.exe <br/>C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe <br/>C:\Program Files\iPod\bin\iPodService.exe <br/>C:\WINDOWS\system32\wscntfy.exe <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\WINDOWS\explorer.exe <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Winamp\winamp.exe <br/>C:\Documents and Settings\Administrator\Desktop\FIX\HijackThis.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local <br/>R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll <br/>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll <br/>O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll <br/>O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll <br/>O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll <br/>O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume <br/>O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files\EVGA Precision\EVGAPrecision.exe" /s <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" <br/>O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html <br/>O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll <br/>O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe <br/>O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab <br/>O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab <br/>O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab <br/>O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB <br/>O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab <br/>O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab <br/>O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe <br/>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe <br/>O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe <br/> <br/>-- <br/>End of file - 7349 bytes
Posted 8/24/2009 3:25 AM
#76444
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Looks clean - good job :smile: <br/> <br/> <br/> <br/> <br/> <br/><SPAN class=spnmessagetext><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt">Now your computer problems are solved, it is time for the clean-up procedure.<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: blue; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.0pt"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">You should Create a New Restore Point to prevent possible reinfection from an old one. <br/>The easiest and safest way to do this is:<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial">Go to Start > All Programs > Accessories > System Tools > System Restore <br/>Select Create a restore point, and Ok it. <br/>Next, go to Start > Run and type in cleanmgr <br/>Select the More options tab <br/>Choose the option to clean up system restore and OK it. <br/> <br/>This will remove all restore points except the new one you just created.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Click START then RUN <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Now type Combofix /u in the runbox and click OK. <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Note the space between the X and the U, it needs to be there. <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">The above procedure will: <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Delete the following: <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">ComboFix and its associated files and folders. <br/><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt">Reset the clock settings. <br/>Hide file extensions, if required. <br/>Hide System/Hidden files, if required. <br/> <br/><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt"> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial">To learn more about how to protect yourself while on the internet, please read Tony Klein´s<SPAN style="mso-spacerun: yes"> guide: <br/>[color=#222222>How] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial"> <br/><o:p><FONT color=#000000> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial">I notice that you do not seem to be running antivirus software.This is somewhat suicidal in today's digital world.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial">Avast makes an excellent free antivirus client<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial"><SPAN style="mso-spacerun: yes"> <SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial"><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">http://www.avast.com/eng/avast_4_home.html<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial">As does Avira:<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial"><SPAN style="mso-spacerun: yes"> <SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial"><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">http://www.avira.com/en/download/<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA; mso-bidi-font-family: Arial"><SPAN style="mso-spacerun: yes"> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA; mso-bidi-font-family: Tahoma">An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA; mso-bidi-font-family: 'Times New Roman'">Be sure to only have one of these installed at any one time though - more than that and they will conflict with each other and actually reduce your system's security.<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA; mso-bidi-font-family: 'Times New Roman'">Feel free to post back, if you have any questions or comments. <br/>[/color]</o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/24/2009 3:34 AM
#76446
User avatar

RickB Member

Date Joined Nov 2016
Total Posts: 8
I know you get this a lot but I REALLY appreciate your help. Your knowledge about this stuff is very impressive. <br/> <br/>To not only be willing to lend a helping hand, but for free, quickly, and efficiently, is just unbelievable. <br/> <br/>Thank you so much!
Posted 8/24/2009 3:45 AM
#76447
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
I know you get this a lot but I REALLY appreciate your help. Your knowledge about this stuff is very impressive. <br/> <br/>[/quote] <br/>I admit I do, but it is much appreciated every time, as it is keep me going :smile: <br/> <br/> <br/>I´ll lock this topic. If you need our help again, just make a new topic. <br/> <br/> <br/> <br/>And keep safe :yeah:

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, December 7, 2016, 5:35 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 37,967 registered members. Please welcome our newest member, ConcepcionJAbbate.
There are currently no users on-line.