• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
etep513

please help me remove virus isolator

16 posts in this topic

A few days ago, my computer became infected with one of those rogue spyware programs (this one was named virus isolator). It had the traditional flashing icon in the bottom right hand corner of the screen, the constant popup ads which said that I was infected, and 3 icons on my desktop (Error Cleaner, Privacy Protector, and Spyware&Malware Protection). Also there are those constant windows security alerts (sent by the spyware which say that I am infected). Some of the icons from my desktop disappeared but the programs can still be accessed through the start menu. The thing that really shocked me with this piece of spyware is that it locked me out of the task manager. When I would click Ctlr+Alt+Delete it would say that the administrator disabled the task manager. I ran a scan with Spybot Search and Destroy and I removed all of the things that came up on that scanner. I also ran an Ad-Aware 2007 scan and removed the spyware that came up on that. After I ran the Ad-Aware 2007 scan I was able to use the task manager again. But the popups still keep coming, the flashing icon is still there, and the desktop sometime goes blank (you can see the desktop background but the icons are not there). Here is the HijackThis log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:01:23 PM, on 4/23/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

C:\Program Files\Logitech\ImageStudio\LogiTray.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PeerGuardian2\pg2.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Logitech\ImageStudio\LowLight.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing)

O3 - Toolbar: dpevflbg - {838B6BFB-94D5-4C3F-851C-EEBF6108BDA8} - C:\WINDOWS\dpevflbg.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [sBI] C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en[1].exe

O4 - HKLM\..\Run: [bc658048] rundll32.exe "C:\WINDOWS\system32\ourhpiqm.dll",b

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189374326623

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O21 - SSODL: vadokmxt - {6616AF74-AC72-4C70-B328-E1CA50E5B427} - C:\WINDOWS\vadokmxt.dll

O21 - SSODL: wdpoefan - {A1CC74BA-E142-41FD-8172-FEE7AD1B0365} - C:\WINDOWS\wdpoefan.dll

O22 - SharedTaskScheduler: asparagine - {65bbf06c-ea06-4818-92a3-f3550d0e1004} - C:\WINDOWS\system32\rkvdr.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: lxcj_device - - C:\WINDOWS\System32\lxcjcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

 

--

End of file - 8888 bytes

 

I would greatly appreciate any help. Thanks for your time.

Share this post


Link to post
Share on other sites

The spyware name might actually be virtumonde, but I'm not sure. When I ran the Ad-Aware 2007 scan one of the things that came up was virtumonde. I don't know if that helps or not, but I just thought I'd mention it.

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Please visit this webpage for instructions for downloading and running ComboFix:

 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

 

jedi

Share this post


Link to post
Share on other sites

Ok, here is the combofix log:

 

 

 

 

 

ComboFix 08-04-24.1 - Peter 2008-04-27 13:02:36.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.211 [GMT -4:00]

Running from: C:\Documents and Settings\Peter\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Peter\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url

C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

C:\WINDOWS\cookies.ini

C:\WINDOWS\system32\cIhkQqru.ini

C:\WINDOWS\system32\cIhkQqru.ini2

C:\WINDOWS\system32\IhQqYJlm.ini

C:\WINDOWS\system32\IhQqYJlm.ini2

C:\WINDOWS\system32\jSsAacdd.ini

C:\WINDOWS\system32\jSsAacdd.ini2

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mlJYqQhI.dll

C:\WINDOWS\system32\OoWvvyxx.ini

C:\WINDOWS\system32\OoWvvyxx.ini2

C:\WINDOWS\system32\qmodtqrh.ini

C:\WINDOWS\system32\reqmibiu.ini

C:\WINDOWS\system32\rkndrfbx.ini

C:\WINDOWS\system32\segauhmj.ini

C:\WINDOWS\system32\uDgfOXyb.ini

C:\WINDOWS\system32\uDgfOXyb.ini2

C:\WINDOWS\system32\winivstr.exe

C:\WINDOWS\system32\xbfrdnkr.dll

C:\WINDOWS\system32\XyaKlUtv.ini

C:\WINDOWS\system32\XyaKlUtv.ini2

 

.

((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))

.

 

2008-04-26 13:01 . 2008-04-26 13:01 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe

2008-04-26 12:37 . 2008-04-26 13:01 <DIR> d-------- C:\VundoFix Backups

2008-04-26 11:20 . 2008-04-26 14:32 95,808 --a------ C:\WINDOWS\system32\hrqtdomq.dll

2008-04-24 22:56 . 2008-04-25 15:00 1,509,306 --ahs---- C:\WINDOWS\system32\emfhuydi.ini

2008-04-24 20:43 . 2008-04-24 20:46 1,509,219 --ahs---- C:\WINDOWS\system32\slwupscy.ini

2008-04-24 19:17 . 2008-04-24 19:40 1,509,159 --ahs---- C:\WINDOWS\system32\owxsekpw.ini

2008-04-23 19:16 . 2008-04-23 19:16 1,540,617 --ahs---- C:\WINDOWS\system32\dbfqmyev.ini

2008-04-22 19:14 . 2008-04-23 19:15 1,541,089 --ahs---- C:\WINDOWS\system32\mqiphruo.ini

2008-04-21 20:42 . 2008-04-22 16:31 1,541,502 --ahs---- C:\WINDOWS\system32\hewdykmo.ini

2008-04-21 20:42 . 2008-04-21 20:42 87,616 --a------ C:\WINDOWS\system32\omkydweh.dll

2008-04-21 09:16 . 2008-04-21 18:57 414 --ahs---- C:\WINDOWS\system32\isltjfgd.ini

2008-04-20 22:20 . 2008-04-23 18:16 <DIR> d-------- C:\Documents and Settings\Peter\Application Data\TmpRecentIcons

2008-04-19 09:20 . 2008-04-20 21:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-19 09:20 . 2008-04-19 09:20 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-19 05:53 . 2008-04-27 12:38 <DIR> d-------- C:\Program Files\Lx_cats

2008-04-18 23:26 . 2008-04-27 12:40 <DIR> d-------- C:\Program Files\PeerGuardian2

2008-04-15 19:34 . 2008-04-15 19:34 <DIR> d-------- C:\Documents and Settings\Peter\Application Data\acccore

2008-04-13 12:34 . 2008-04-26 09:46 868 --a------ C:\WINDOWS\wininit.ini

2008-04-12 20:34 . 2008-04-26 09:08 <DIR> d-------- C:\WINDOWS\system32\215651

2008-03-31 17:25 . 2008-03-31 17:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll

2008-03-31 17:25 . 2008-03-31 17:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2008-03-31 17:25 . 2008-03-31 17:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2008-03-31 17:25 . 2008-03-31 17:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2008-03-31 17:25 . 2008-03-31 17:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll

2008-03-31 17:25 . 2008-03-31 17:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-03-31 13:32 . 2008-04-27 08:04 <DIR> d-------- C:\Documents and Settings\Peter\Application Data\Skype

2008-03-31 13:31 . 2008-03-31 13:31 <DIR> d-------- C:\Program Files\Skype

2008-03-31 13:31 . 2008-03-31 13:31 <DIR> d-------- C:\Program Files\Common Files\Skype

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-27 16:21 --------- d-----w C:\Documents and Settings\Peter\Application Data\SiteAdvisor

2008-04-27 12:04 --------- d-----w C:\Documents and Settings\Peter\Application Data\skypePM

2008-04-27 09:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-04-26 17:01 --------- d-----w C:\Program Files\PowerISO

2008-04-25 19:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-21 21:46 --------- d-----w C:\Program Files\Norton 360

2008-04-20 20:56 --------- d-----w C:\Documents and Settings\Peter\Application Data\uTorrent

2008-04-20 18:29 --------- d-----w C:\Program Files\DivX

2008-04-20 15:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-04-20 15:04 --------- d-----w C:\Program Files\SpywareBlaster

2008-04-19 14:09 --------- d-----w C:\Documents and Settings\Peter\Application Data\Yahoo!

2008-04-19 14:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!

2008-04-17 03:21 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-04-15 23:54 --------- d-----w C:\Program Files\Viewpoint

2008-04-15 23:54 --------- d-----w C:\Program Files\AIM6

2008-04-15 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint

2008-04-15 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL

2008-04-15 23:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads

2008-04-12 00:47 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS

2008-03-31 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2008-03-29 23:28 --------- d-----w C:\Program Files\Starcraft

2008-03-26 13:31 --------- d-----w C:\Program Files\Google

2008-03-26 13:20 --------- d-----w C:\Documents and Settings\Peter\Application Data\MSN6

2008-03-22 18:05 --------- d-----w C:\Program Files\Java

2008-03-21 18:33 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL

2008-03-21 01:56 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-21 01:56 --------- d-----w C:\Program Files\Common Files\Futuremark Shared

2008-03-19 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-03-19 16:51 --------- d-----w C:\Program Files\Yahoo!

2008-03-14 04:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-09 03:37 --------- d-----w C:\Program Files\Windows Live

2008-03-08 20:41 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition

2008-03-08 18:49 --------- d-----w C:\Program Files\QuickTime

2008-03-08 18:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-08 15:10 --------- d-----w C:\Documents and Settings\Peter\Application Data\Apple Computer

2008-03-08 15:09 --------- d-----w C:\Program Files\iTunes

2008-03-08 15:09 --------- d-----w C:\Program Files\iPod

2008-03-08 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-03-08 14:56 --------- d-----w C:\Program Files\Common Files\Apple

2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat

2008-03-02 21:01 --------- d-----w C:\Program Files\Common Files\Java

2008-03-01 20:15 --------- d-----w C:\Documents and Settings\Peter\Application Data\Gadu-Gadu

2008-03-01 20:11 --------- d-----w C:\Program Files\Gadu-Gadu

2008-02-05 16:56 46 ----a-w C:\tmp.bat

2008-02-01 16:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-01-04 02:41 439,296 ----a-w C:\Documents and Settings\Peter\GoToAssist_phone__317_en.exe

2007-12-07 03:38 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

.

 

------- Sigcheck -------

 

2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2001-08-30 06:30 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys

2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

2007-10-14 14:31 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS

2008-04-11 20:47 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\TCPIP.SYS

2008-04-11 20:47 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\TCPIP.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06EA20C2-1CDE-4BE1-A5EC-0119CBD8FD1D}]

C:\WINDOWS\system32\ddcaAsSj.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{070327C6-C492-4277-A685-60BA219ADE25}]

C:\WINDOWS\system32\vtUlKayX.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36FD7532-E225-4541-9E6A-5AF7CA363EEF}]

C:\WINDOWS\system32\urqQkhIc.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EC8A595-0CF9-4766-9C89-DB93DD304B22}]

C:\WINDOWS\system32\xxyvvWoO.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= "C:\Program Files\NetProject\wamdl.dll" [ ]

 

[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [ ]

 

[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LXCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2005-09-08 14:45 73728]

"SBI"="C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en[1].exe" [ ]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"= 1 (0x1)

"AllowUnhashedWebView"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source= file:///C:\WINDOWS\privacy_danger\index.htm

FriendlyName= Privacy Protection

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"vadokmxt"= {6616AF74-AC72-4C70-B328-E1CA50E5B427} - C:\WINDOWS\vadokmxt.dll [ ]

"wdpoefan"= {A1CC74BA-E142-41FD-8172-FEE7AD1B0365} - C:\WINDOWS\wdpoefan.dll [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"= ctwdm32.dll

"vidc.X264"= x264vfw.dll

"msacm.ac3filter"= ac3filter.acm

"vidc.mxmc"= MimicICM.DLL

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]

--a------ 2001-08-17 13:52 180224 C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bc658048]

C:\WINDOWS\system32\xbfrdnkr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]

C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-08-03 12:51 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]

C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2007-01-10 01:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]

--a------ 2001-12-20 10:42 35328 C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flircik]

--a------ 2007-07-11 12:57 1253376 C:\Program Files\Onet\Flircik\Flircik.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--a------ 2007-08-04 10:29 1056552 C:\Program Files\Nero\Nero8\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]

--a------ 2002-09-11 12:58 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]

--a------ 2002-09-11 12:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]

--a------ 2002-09-20 15:16 90112 C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]

C:\Program Files\MySpace\IM\MySpaceIM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-08-08 09:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]

--a------ 2007-01-30 00:39 1432064 C:\Program Files\PeerGuardian2\pg2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2007-04-09 08:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

--a------ 2007-08-04 10:30 2043688 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speed racer]

--a------ 1999-11-16 01:00 5632 C:\Program Files\Creative\PlayCenter\CTSRReg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--------- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-03-30 15:50 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-02-25 17:08 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

--a------ 1999-11-12 01:00 86016 C:\WINDOWS\Updreg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

--a------ 2001-12-20 02:59 204800 C:\Program Files\Logitech\iTouch\iTouch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]

S3 cpuz128;cpuz128;C:\DOCUME~1\Peter\LOCALS~1\Temp\cpuz_x32.sys []

S3 iscFlash;iscFlash;C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

 

*Newly Created Service* - COMHOST

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-27 13:11:09

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

.

**************************************************************************

.

Completion time: 2008-04-27 13:20:37 - machine was rebooted [Peter]

ComboFix-quarantined-files.txt 2008-04-27 17:20:30

 

Pre-Run: 27,801,993,216 bytes free

Post-Run: 27,749,572,608 bytes free

 

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

 

298 --- E O F --- 2008-04-17 17:16:42

 

 

 

 

 

And here is the latest hijackthis log:

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:21:52 PM, on 4/27/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {06EA20C2-1CDE-4BE1-A5EC-0119CBD8FD1D} - C:\WINDOWS\system32\ddcaAsSj.dll (file missing)

O2 - BHO: (no name) - {070327C6-C492-4277-A685-60BA219ADE25} - C:\WINDOWS\system32\vtUlKayX.dll (file missing)

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {36FD7532-E225-4541-9E6A-5AF7CA363EEF} - C:\WINDOWS\system32\urqQkhIc.dll (file missing)

O2 - BHO: (no name) - {4EC8A595-0CF9-4766-9C89-DB93DD304B22} - C:\WINDOWS\system32\xxyvvWoO.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing)

O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [sBI] C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en[1].exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189374326623

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O21 - SSODL: vadokmxt - {6616AF74-AC72-4C70-B328-E1CA50E5B427} - C:\WINDOWS\vadokmxt.dll (file missing)

O21 - SSODL: wdpoefan - {A1CC74BA-E142-41FD-8172-FEE7AD1B0365} - C:\WINDOWS\wdpoefan.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: lxcj_device - - C:\WINDOWS\System32\lxcjcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

 

--

End of file - 7946 bytes

 

 

 

Thanks for your help.

Share this post


Link to post
Share on other sites

Hi,

 

Open notepad and copy/paste the text in the quotebox below into it (do not include the word ‘Quote’)

 

File::

C:\WINDOWS\system32\hrqtdomq.dll

C:\WINDOWS\system32\emfhuydi.ini

C:\WINDOWS\system32\slwupscy.ini

C:\WINDOWS\system32\owxsekpw.ini

C:\WINDOWS\system32\dbfqmyev.ini

C:\WINDOWS\system32\mqiphruo.ini

C:\WINDOWS\system32\hewdykmo.ini

C:\WINDOWS\system32\omkydweh.dll

C:\WINDOWS\system32\isltjfgd.ini

C:\WINDOWS\system32\vtUlKayX.dll

C:\WINDOWS\system32\ddcaAsSj.dll

C:\WINDOWS\system32\urqQkhIc.dll

C:\WINDOWS\system32\xxyvvWoO.dll

C:\WINDOWS\system32\xbfrdnkr.dll

Folder::

"C:\Program Files\NetProject

Registry::

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06EA20C2-1CDE-4BE1-A5EC-0119CBD8FD1D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{070327C6-C492-4277-A685-60BA219ADE25}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36FD7532-E225-4541-9E6A-5AF7CA363EEF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EC8A595-0CF9-4766-9C89-DB93DD304B22}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{51D81DD5-55B7-497F-95DB-D356429BB54E}"=-

[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{51D81DD5-55B7-497F-95DB-D356429BB54E}"=-

[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SBI"=-

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source=

FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"vadokmxt"=-

"wdpoefan"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bc658048]

 

Save this as CFScript

 

Combo-Do.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

 

jedi

Share this post


Link to post
Share on other sites

Here is the latest combofix log:

 

 

 

 

ComboFix 08-04-24.1 - Peter 2008-04-28 19:11:47.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.215 [GMT -4:00]

Running from: C:\Documents and Settings\Peter\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Peter\Desktop\CFScript.txt

* Created a new restore point

 

FILE ::

C:\WINDOWS\system32\dbfqmyev.ini

C:\WINDOWS\system32\ddcaAsSj.dll

C:\WINDOWS\system32\emfhuydi.ini

C:\WINDOWS\system32\hewdykmo.ini

C:\WINDOWS\system32\hrqtdomq.dll

C:\WINDOWS\system32\isltjfgd.ini

C:\WINDOWS\system32\mqiphruo.ini

C:\WINDOWS\system32\omkydweh.dll

C:\WINDOWS\system32\owxsekpw.ini

C:\WINDOWS\system32\slwupscy.ini

C:\WINDOWS\system32\urqQkhIc.dll

C:\WINDOWS\system32\vtUlKayX.dll

C:\WINDOWS\system32\xbfrdnkr.dll

C:\WINDOWS\system32\xxyvvWoO.dll

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\dbfqmyev.ini

C:\WINDOWS\system32\emfhuydi.ini

C:\WINDOWS\system32\hewdykmo.ini

C:\WINDOWS\system32\hrqtdomq.dll

C:\WINDOWS\system32\isltjfgd.ini

C:\WINDOWS\system32\mqiphruo.ini

C:\WINDOWS\system32\omkydweh.dll

C:\WINDOWS\system32\owxsekpw.ini

C:\WINDOWS\system32\slwupscy.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))

.

 

2008-04-26 13:01 . 2008-04-26 13:01 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe

2008-04-26 12:37 . 2008-04-26 13:01 <DIR> d-------- C:\VundoFix Backups

2008-04-20 22:20 . 2008-04-23 18:16 <DIR> d-------- C:\Documents and Settings\Peter\Application Data\TmpRecentIcons

2008-04-19 09:20 . 2008-04-20 21:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-19 09:20 . 2008-04-19 09:20 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-19 05:53 . 2008-04-28 11:14 <DIR> d-------- C:\Program Files\Lx_cats

2008-04-18 23:26 . 2008-04-28 19:01 <DIR> d-------- C:\Program Files\PeerGuardian2

2008-04-15 19:34 . 2008-04-15 19:34 <DIR> d-------- C:\Documents and Settings\Peter\Application Data\acccore

2008-04-13 12:34 . 2008-04-26 09:46 868 --a------ C:\WINDOWS\wininit.ini

2008-04-12 20:34 . 2008-04-26 09:08 <DIR> d-------- C:\WINDOWS\system32\215651

2008-03-31 17:25 . 2008-03-31 17:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll

2008-03-31 17:25 . 2008-03-31 17:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2008-03-31 17:25 . 2008-03-31 17:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2008-03-31 17:25 . 2008-03-31 17:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2008-03-31 17:25 . 2008-03-31 17:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll

2008-03-31 17:25 . 2008-03-31 17:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-03-31 13:32 . 2008-04-28 18:13 <DIR> d-------- C:\Documents and Settings\Peter\Application Data\Skype

2008-03-31 13:31 . 2008-03-31 13:31 <DIR> d-------- C:\Program Files\Skype

2008-03-31 13:31 . 2008-03-31 13:31 <DIR> d-------- C:\Program Files\Common Files\Skype

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-28 22:54 --------- d-----w C:\Documents and Settings\Peter\Application Data\SiteAdvisor

2008-04-28 20:55 --------- d-----w C:\Documents and Settings\Peter\Application Data\skypePM

2008-04-28 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-04-28 00:17 --------- d-----w C:\Documents and Settings\Peter\Application Data\uTorrent

2008-04-26 17:01 --------- d-----w C:\Program Files\PowerISO

2008-04-25 19:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-21 21:46 --------- d-----w C:\Program Files\Norton 360

2008-04-20 18:29 --------- d-----w C:\Program Files\DivX

2008-04-20 15:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-04-20 15:04 --------- d-----w C:\Program Files\SpywareBlaster

2008-04-19 14:09 --------- d-----w C:\Documents and Settings\Peter\Application Data\Yahoo!

2008-04-19 14:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!

2008-04-17 03:21 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-04-15 23:54 --------- d-----w C:\Program Files\Viewpoint

2008-04-15 23:54 --------- d-----w C:\Program Files\AIM6

2008-04-15 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint

2008-04-15 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL

2008-04-15 23:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads

2008-04-12 00:47 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS

2008-03-31 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2008-03-29 23:28 --------- d-----w C:\Program Files\Starcraft

2008-03-26 13:31 --------- d-----w C:\Program Files\Google

2008-03-26 13:20 --------- d-----w C:\Documents and Settings\Peter\Application Data\MSN6

2008-03-24 02:48 3,362 ----a-w C:\WINDOWS\system32\tmp.reg

2008-03-22 18:05 --------- d-----w C:\Program Files\Java

2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-03-21 18:33 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL

2008-03-21 01:56 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-21 01:56 --------- d-----w C:\Program Files\Common Files\Futuremark Shared

2008-03-19 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-03-19 16:51 --------- d-----w C:\Program Files\Yahoo!

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-14 04:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-11 01:21 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2008-03-11 01:21 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2008-03-09 03:37 --------- d-----w C:\Program Files\Windows Live

2008-03-08 20:41 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition

2008-03-08 18:49 --------- d-----w C:\Program Files\QuickTime

2008-03-08 18:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-08 15:10 --------- d-----w C:\Documents and Settings\Peter\Application Data\Apple Computer

2008-03-08 15:09 --------- d-----w C:\Program Files\iTunes

2008-03-08 15:09 --------- d-----w C:\Program Files\iPod

2008-03-08 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-03-08 14:56 --------- d-----w C:\Program Files\Common Files\Apple

2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat

2008-03-02 21:01 --------- d-----w C:\Program Files\Common Files\Java

2008-03-01 20:15 --------- d-----w C:\Documents and Settings\Peter\Application Data\Gadu-Gadu

2008-03-01 20:11 --------- d-----w C:\Program Files\Gadu-Gadu

2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-25 21:08 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-18 19:03 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2008-02-05 16:56 46 ----a-w C:\tmp.bat

2008-02-04 22:09 81,984 ----a-w C:\WINDOWS\system32\bdod.bin

2008-02-01 16:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-01-04 02:41 439,296 ----a-w C:\Documents and Settings\Peter\GoToAssist_phone__317_en.exe

2007-12-07 03:38 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

.

 

------- Sigcheck -------

 

2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2001-08-30 06:30 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys

2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

2007-10-14 14:31 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS

2008-04-11 20:47 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\TCPIP.SYS

2008-04-11 20:47 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\TCPIP.SYS

.

((((((((((((((((((((((((((((( snapshot@2008-04-27_13.20.06.48 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-27 17:10:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-28 23:06:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06EA20C2-1CDE-4BE1-A5EC-0119CBD8FD1D}]

C:\WINDOWS\system32\ddcaAsSj.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{070327C6-C492-4277-A685-60BA219ADE25}]

C:\WINDOWS\system32\vtUlKayX.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36FD7532-E225-4541-9E6A-5AF7CA363EEF}]

C:\WINDOWS\system32\urqQkhIc.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EC8A595-0CF9-4766-9C89-DB93DD304B22}]

C:\WINDOWS\system32\xxyvvWoO.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"= 1 (0x1)

"AllowUnhashedWebView"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source= file:///C:\WINDOWS\privacy_danger\index.htm

FriendlyName= Privacy Protection

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"= ctwdm32.dll

"vidc.X264"= x264vfw.dll

"msacm.ac3filter"= ac3filter.acm

"vidc.mxmc"= MimicICM.DLL

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]

--a------ 2001-08-17 13:52 180224 C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]

C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-08-03 12:51 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]

C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2007-01-10 01:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]

--a------ 2001-12-20 10:42 35328 C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flircik]

--a------ 2007-07-11 12:57 1253376 C:\Program Files\Onet\Flircik\Flircik.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--a------ 2007-08-04 10:29 1056552 C:\Program Files\Nero\Nero8\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]

--a------ 2002-09-11 12:58 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]

--a------ 2002-09-11 12:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]

--a------ 2002-09-20 15:16 90112 C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCJCATS]

--a------ 2005-09-08 14:45 73728 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]

C:\Program Files\MySpace\IM\MySpaceIM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-08-08 09:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]

--a------ 2007-01-30 00:39 1432064 C:\Program Files\PeerGuardian2\pg2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2007-04-09 08:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBI]

C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en

[1].exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

--a------ 2007-08-04 10:30 2043688 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speed racer]

--a------ 1999-11-16 01:00 5632 C:\Program Files\Creative\PlayCenter\CTSRReg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--------- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-03-30 15:50 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-02-25 17:08 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

--a------ 1999-11-12 01:00 86016 C:\WINDOWS\Updreg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

--a------ 2001-12-20 02:59 204800 C:\Program Files\Logitech\iTouch\iTouch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]

S3 cpuz128;cpuz128;C:\DOCUME~1\Peter\LOCALS~1\Temp\cpuz_x32.sys []

S3 iscFlash;iscFlash;C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

 

*Newly Created Service* - CATCHME

*Newly Created Service* - COMHOST

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-28 19:16:15

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-04-28 19:19:27

ComboFix-quarantined-files.txt 2008-04-28 23:18:27

ComboFix2.txt 2008-04-27 17:20:38

 

Pre-Run: 27,533,373,440 bytes free

Post-Run: 27,590,873,088 bytes free

 

292 --- E O F --- 2008-04-17 17:16:42

 

 

 

 

 

And here is the latest hijackthis log:

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:45:58 PM, on 4/28/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

C:\Program Files\Logitech\ImageStudio\LogiTray.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

C:\Program Files\PeerGuardian2\pg2.exe

C:\Program Files\Logitech\ImageStudio\LowLight.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {06EA20C2-1CDE-4BE1-A5EC-0119CBD8FD1D} - C:\WINDOWS\system32\ddcaAsSj.dll (file missing)

O2 - BHO: (no name) - {070327C6-C492-4277-A685-60BA219ADE25} - C:\WINDOWS\system32\vtUlKayX.dll (file missing)

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {36FD7532-E225-4541-9E6A-5AF7CA363EEF} - C:\WINDOWS\system32\urqQkhIc.dll (file missing)

O2 - BHO: (no name) - {4EC8A595-0CF9-4766-9C89-DB93DD304B22} - C:\WINDOWS\system32\xxyvvWoO.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe

O4 - HKLM\..\Run: [sBI] C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en[1].exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [Flircik] C:\Program Files\Onet\Flircik\Flircik.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189374326623

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: lxcj_device - - C:\WINDOWS\System32\lxcjcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

 

--

End of file - 9751 bytes

 

Thanks for your time :)

Share this post


Link to post
Share on other sites

Hi again,

 

Scan with HiJackThis and put a check in the box next to the following items;

 

O2 - BHO: (no name) - {06EA20C2-1CDE-4BE1-A5EC-0119CBD8FD1D} - C:\WINDOWS\system32\ddcaAsSj.dll (file missing)

O2 - BHO: (no name) - {070327C6-C492-4277-A685-60BA219ADE25} - C:\WINDOWS\system32\vtUlKayX.dll (file missing)

O2 - BHO: (no name) - {36FD7532-E225-4541-9E6A-5AF7CA363EEF} - C:\WINDOWS\system32\urqQkhIc.dll (file missing)

O2 - BHO: (no name) - {4EC8A595-0CF9-4766-9C89-DB93DD304B22} - C:\WINDOWS\system32\xxyvvWoO.dll (file missing)

O4 - HKLM\..\Run: [sBI] C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en[1].exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

 

Restart.

 

Please do the following:

Run a BitDefender Online scan Here and post the results.

 

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread.

 

jedi

Share this post


Link to post
Share on other sites

What happened to the post that I already put up here? I already posted the bitdefender scan but it disappeared.

 

BitDefender Online Scanner

 

 

 

 

 

 

 

Scan report generated at: Sat, May 03, 2008 - 13:56:51

 

 

 

 

 

 

 

 

 

Scan path: A:\;C:\;E:\;F:\;G:\;

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Statistics

 

Time

 

 

01:55:16

 

Files

 

 

254046

 

Folders

 

 

7267

 

Boot Sectors

 

 

2

 

Archives

 

 

3258

 

Packed Files

 

 

9914

 

 

 

 

 

 

 

Results

 

Identified Viruses

 

 

0

 

Infected Files

 

 

0

 

Suspect Files

 

 

0

 

Warnings

 

 

0

 

Disinfected

 

 

0

 

Deleted Files

 

 

0

 

 

 

 

 

 

 

Engines Info

 

Virus Definitions

 

 

1189248

 

Engine build

 

 

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

 

Scan plugins

 

 

16

 

Archive plugins

 

 

42

 

Unpack plugins

 

 

7

 

E-mail plugins

 

 

6

 

System plugins

 

 

5

 

 

 

 

 

 

 

Scan Settings

 

First Action

 

 

Disinfect

 

Second Action

 

 

Delete

 

Heuristics

 

 

Yes

 

Enable Warnings

 

 

Yes

 

Scanned Extensions

 

 

*;

 

Exclude Extensions

 

 

 

 

Scan Emails

 

 

Yes

 

Scan Archives

 

 

Yes

 

Scan Packed

 

 

Yes

 

Scan Files

 

 

Yes

 

Scan Boot

 

 

Yes

 

 

 

 

 

Scanned File

 

 

Status

 

No virus found.

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:48:21 PM, on 5/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

C:\Program Files\Logitech\ImageStudio\LogiTray.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

C:\Program Files\Logitech\ImageStudio\LowLight.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\PeerGuardian2\pg2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe

O4 - HKLM\..\Run: [sBI] C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en[1].exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [Flircik] C:\Program Files\Onet\Flircik\Flircik.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189374326623

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: lxcj_device - - C:\WINDOWS\System32\lxcjcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

 

--

End of file - 9592 bytes

Share this post


Link to post
Share on other sites

Hi again,

 

Download: CCleaner (freeware)

http://www.majorgeeks.com/download4191.html

Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).

Once installed, run CCleaner click the Windows [tab]

The following should be selected by default, if not, please select:

CCleanerA.png

Next: click Options click the Settings tab

Uncheck: "Only delete files older than 48 hrs.", click Ok

Then click Run Cleaner (bottom right) then Exit

 

Now please post a new HiJackThis log.

 

jedi

Share this post


Link to post
Share on other sites

Here is the CCleaner log:

 

 

 

 

CLEANING COMPLETE - (96.553 secs)

------------------------------------------------------------------------------------------

167.7MB removed.

------------------------------------------------------------------------------------------

 

Details of files deleted

------------------------------------------------------------------------------------------

IE Temporary Internet Files (3872 files) 44.2MB

C:\Documents and Settings\Peter\Cookies\peter@hit.stat[1].txt 116 bytes

C:\Documents and Settings\Peter\Cookies\peter@insightexpressai[2].txt 538 bytes

C:\Documents and Settings\Peter\Cookies\peter@azjmp[2].txt 827 bytes

C:\Documents and Settings\Peter\Cookies\peter@onlinestores.metaservices.microsoft[1].txt 146 bytes

C:\Documents and Settings\Peter\Cookies\peter@iesnare[2].txt 120 bytes

C:\Documents and Settings\Peter\Cookies\peter@www.upsellit[2].txt 114 bytes

C:\Documents and Settings\Peter\Cookies\peter@dietfromthesea[2].txt 418 bytes

C:\Documents and Settings\Peter\Cookies\peter@quantserve[2].txt 199 bytes

C:\Documents and Settings\Peter\Cookies\peter@www.yahoo[1].txt 148 bytes

C:\Documents and Settings\Peter\Cookies\peter@insider.msg.yahoo[1].txt 80 bytes

C:\Documents and Settings\Peter\Cookies\peter@partners.trafficneeds[1].txt 135 bytes

C:\Documents and Settings\Peter\Cookies\peter@live365[1].txt 96 bytes

C:\Documents and Settings\Peter\Cookies\peter@direct.afilo[1].txt 610 bytes

C:\Documents and Settings\Peter\Cookies\peter@affiliate.pjntracker[1].txt 81 bytes

C:\Documents and Settings\Peter\Cookies\peter@fanbox[1].txt 212 bytes

C:\Documents and Settings\Peter\Cookies\peter@www.ecards-passion[2].txt 503 bytes

C:\Documents and Settings\Peter\Cookies\peter@stat.4u[1].txt 94 bytes

C:\Documents and Settings\Peter\Cookies\peter@www.friendlymatch[1].txt 99 bytes

C:\Documents and Settings\Peter\Cookies\peter@yahoo[2].txt 968 bytes

C:\Documents and Settings\Peter\Cookies\peter@google[1].txt 136 bytes

C:\Documents and Settings\Peter\Cookies\peter@adopt.euroclick[2].txt 715 bytes

C:\Documents and Settings\Peter\Cookies\peter@bitdefender[2].txt 135 bytes

C:\Documents and Settings\Peter\Cookies\peter@richmedia.yahoo[2].txt 119 bytes

C:\Documents and Settings\Peter\Cookies\peter@ads.lagata[1].txt 100 bytes

C:\Documents and Settings\Peter\Cookies\peter@dateamillionaire[1].txt 534 bytes

C:\Documents and Settings\Peter\Cookies\peter@www.dietfromthesea[1].txt 124 bytes

C:\Documents and Settings\Peter\Cookies\peter@hit.gemius[2].txt 222 bytes

C:\Documents and Settings\Peter\Cookies\peter@ceneo[1].txt 328 bytes

C:\Documents and Settings\Peter\Cookies\peter@www.matchmaker[2].txt 206 bytes

C:\Documents and Settings\Peter\Cookies\peter@office.microsoft[2].txt 206 bytes

C:\Documents and Settings\Peter\Cookies\peter@www.dateamillionaire[2].txt 170 bytes

C:\Documents and Settings\Peter\Cookies\peter@symantec[1].txt 534 bytes

C:\Documents and Settings\Peter\Cookies\peter@blog.lagata[1].txt 378 bytes

C:\Documents and Settings\Peter\Cookies\peter@ecards-passion[2].txt 479 bytes

C:\Documents and Settings\Peter\Cookies\peter@profile.fanbox[1].txt 80 bytes

C:\Documents and Settings\Peter\Cookies\peter@hit.stat24[2].txt 240 bytes

C:\Documents and Settings\Peter\Cookies\peter@kartki.lagata[1].txt 367 bytes

C:\Documents and Settings\Peter\Cookies\peter@subs.subsag[1].txt 106 bytes

C:\Documents and Settings\Peter\Cookies\peter@ebay[2].txt 130 bytes

C:\Documents and Settings\Peter\Cookies\peter@mail.yahoo[1].txt 785 bytes

C:\Documents and Settings\Peter\Cookies\peter@matchmaker[2].txt 1.18KB

C:\Documents and Settings\Peter\Cookies\peter@ssl-hints.netflame[2].txt 163 bytes

C:\Documents and Settings\Peter\Cookies\peter@www.singlesnet[2].txt 502 bytes

C:\Documents and Settings\Peter\Cookies\peter@ads.revsci[1].txt 661 bytes

C:\Documents and Settings\Peter\Cookies\peter@interclick[2].txt 399 bytes

Marked for deletion: C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\index.dat

Marked for deletion: C:\Documents and Settings\Peter\Cookies\index.dat

Marked for deletion: C:\Documents and Settings\Peter\Local Settings\History\History.IE5\index.dat

Marked for deletion: C:\Documents and Settings\Peter\Local Settings\History\History.IE5\MSHist012008050720080508\index.dat

Emptied Recycle Bin (43 files) 34.5MB

C:\WINDOWS\TEMP\D653F3EC.TMP 127 bytes

C:\WINDOWS\TEMP\JET58F4.tmp 0 bytes

C:\WINDOWS\TEMP\JET88B6.tmp 0 bytes

C:\Documents and Settings\Peter\Local Settings\Temp\QTInstallCode.log 1.10KB

C:\Documents and Settings\Peter\Local Settings\Temp\wmplog00.sqm 1.33KB

C:\Documents and Settings\Peter\Local Settings\Temp\wmplog01.sqm 1.24KB

C:\Documents and Settings\Peter\Local Settings\Temp\wmplog02.sqm 1.50KB

C:\Documents and Settings\Peter\Local Settings\Temp\XR28TYBQ.emf 0.57MB

C:\Documents and Settings\Peter\Local Settings\Temp\{6931EF07-756C-46D8-9232-C3D508A12DBC}\setup.isn 0.42MB

C:\WINDOWS\MiniDump\Mini041308-01.dmp 96.00KB

C:\WINDOWS\MiniDump\Mini042408-01.dmp 96.00KB

C:\WINDOWS\MiniDump\Mini102607-01.dmp 96.00KB

C:\WINDOWS\system32\wbem\Logs\FrameWork.log 0.73MB

C:\WINDOWS\system32\wbem\Logs\mofcomp.log 14.20KB

C:\WINDOWS\system32\wbem\Logs\NTEVT.log 2 bytes

C:\WINDOWS\system32\wbem\Logs\replog.log 400 bytes

C:\WINDOWS\system32\wbem\Logs\setup.log 5.09KB

C:\WINDOWS\system32\wbem\Logs\wbemcore.log 1.26KB

C:\WINDOWS\system32\wbem\Logs\wbemess.log 21.02KB

C:\WINDOWS\system32\wbem\Logs\wbemprox.log 2.54KB

C:\WINDOWS\system32\wbem\Logs\WBEMSNMP.log 2 bytes

C:\WINDOWS\system32\wbem\Logs\WinMgmt.log 432 bytes

C:\WINDOWS\system32\wbem\Logs\wmiadap.log 3.45KB

C:\WINDOWS\system32\wbem\Logs\wmiprov.log 14.79KB

C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ 64.02KB

C:\WINDOWS\system32\wbem\Logs\wmiprov.lo_ 64.02KB

C:\WINDOWS\0.log 0 bytes

C:\WINDOWS\cmsetacl.log 200 bytes

C:\WINDOWS\comsetup.log 0.29MB

C:\WINDOWS\Directx.log 0.22MB

C:\WINDOWS\DPINST.LOG 22.85KB

C:\WINDOWS\DtcInstall.log 360 bytes

C:\WINDOWS\FaxSetup.log 0.84MB

C:\WINDOWS\GEARInstall.log 500 bytes

C:\WINDOWS\IDNMitigationAPIs.log 8.78KB

C:\WINDOWS\ie7.log 46.92KB

C:\WINDOWS\ie7_main.log 43.50KB

C:\WINDOWS\iis6.log 0.13MB

C:\WINDOWS\imsins.log 1.34KB

C:\WINDOWS\KB823559.log 21.13KB

C:\WINDOWS\KB828741.log 29.17KB

C:\WINDOWS\KB835732.log 23.74KB

C:\WINDOWS\KB842773.log 62.56KB

C:\WINDOWS\KB873339.log 36.77KB

C:\WINDOWS\KB885835.log 41.39KB

C:\WINDOWS\KB885836.log 41.04KB

C:\WINDOWS\KB886185.log 19.46KB

C:\WINDOWS\KB887472.log 36.12KB

C:\WINDOWS\KB888302.log 25.98KB

C:\WINDOWS\KB890046.log 32.02KB

C:\WINDOWS\KB890859.log 19.29KB

C:\WINDOWS\KB891781.log 34.44KB

C:\WINDOWS\KB892130.log 62.50KB

C:\WINDOWS\KB893756.log 41.04KB

C:\WINDOWS\KB893803v2.log 5.72KB

C:\WINDOWS\KB894391.log 20.42KB

C:\WINDOWS\KB896358.log 36.35KB

C:\WINDOWS\KB896423.log 35.96KB

C:\WINDOWS\KB896428.log 20.30KB

C:\WINDOWS\KB898461.log 6.60KB

C:\WINDOWS\KB899587.log 46.37KB

C:\WINDOWS\KB899591.log 41.23KB

C:\WINDOWS\KB900485.log 39.83KB

C:\WINDOWS\KB900725.log 27.85KB

C:\WINDOWS\KB901017.log 40.92KB

C:\WINDOWS\KB901214.log 29.75KB

C:\WINDOWS\KB902400.log 39.35KB

C:\WINDOWS\KB904706.log 24.79KB

C:\WINDOWS\KB904942.log 10.32KB

C:\WINDOWS\KB905414.log 31.06KB

C:\WINDOWS\KB905749.log 24.94KB

C:\WINDOWS\KB908519.log 18.14KB

C:\WINDOWS\KB908531.log 25.39KB

C:\WINDOWS\KB910437.log 29.26KB

C:\WINDOWS\KB911280.log 40.62KB

C:\WINDOWS\KB911562.log 40.35KB

C:\WINDOWS\KB911564.log 27.37KB

C:\WINDOWS\KB911927.log 41.36KB

C:\WINDOWS\KB913580.log 24.67KB

C:\WINDOWS\KB914388.log 32.42KB

C:\WINDOWS\KB914389.log 17.99KB

C:\WINDOWS\KB914440.log 5.26KB

C:\WINDOWS\KB915865.log 7.82KB

C:\WINDOWS\KB916595.log 25.13KB

C:\WINDOWS\KB917344.log 31.82KB

C:\WINDOWS\KB917953.log 30.29KB

C:\WINDOWS\KB918118.log 28.04KB

C:\WINDOWS\KB918439.log 35.18KB

C:\WINDOWS\KB919007.log 32.14KB

C:\WINDOWS\KB920213.log 26.44KB

C:\WINDOWS\KB920670.log 34.99KB

C:\WINDOWS\KB920683.log 18.41KB

C:\WINDOWS\KB920685.log 40.79KB

C:\WINDOWS\KB920872.log 33.92KB

C:\WINDOWS\KB921503.log 37.03KB

C:\WINDOWS\KB922582.log 23.21KB

C:\WINDOWS\KB922819.log 42.75KB

C:\WINDOWS\KB923191.log 26.80KB

C:\WINDOWS\KB923414.log 41.95KB

C:\WINDOWS\KB923689.log 25.97KB

C:\WINDOWS\KB923980.log 41.14KB

C:\WINDOWS\KB924270.log 39.12KB

C:\WINDOWS\KB924496.log 37.38KB

C:\WINDOWS\KB924667.log 37.10KB

C:\WINDOWS\KB925398.log 29.12KB

C:\WINDOWS\KB925720.log 38.21KB

C:\WINDOWS\KB925902.log 36.93KB

C:\WINDOWS\KB926239.log 7.81KB

C:\WINDOWS\KB926255.log 27.34KB

C:\WINDOWS\KB926436.log 31.81KB

C:\WINDOWS\KB927779.log 45.78KB

C:\WINDOWS\KB927802.log 42.95KB

C:\WINDOWS\KB927891.log 30.68KB

C:\WINDOWS\KB928255.log 42.91KB

C:\WINDOWS\KB928843.log 15.21KB

C:\WINDOWS\KB929123.log 35.79KB

C:\WINDOWS\KB929399.log 7.00KB

C:\WINDOWS\KB930178.log 32.68KB

C:\WINDOWS\KB930916.log 25.17KB

C:\WINDOWS\KB931261.log 37.38KB

C:\WINDOWS\KB931784.log 43.26KB

C:\WINDOWS\KB932168.log 30.81KB

C:\WINDOWS\KB933360.log 36.07KB

C:\WINDOWS\KB933729.log 10.93KB

C:\WINDOWS\KB935839.log 20.43KB

C:\WINDOWS\KB935840.log 25.34KB

C:\WINDOWS\KB936021.log 40.93KB

C:\WINDOWS\KB936357.log 37.27KB

C:\WINDOWS\KB936782.log 42.50KB

C:\WINDOWS\KB937143.log 27.29KB

C:\WINDOWS\KB938127-IE7.log 10.56KB

C:\WINDOWS\KB938127.log 26.26KB

C:\WINDOWS\KB938828.log 39.78KB

C:\WINDOWS\KB938829.log 36.87KB

C:\WINDOWS\KB939653.log 17.58KB

C:\WINDOWS\KB939683.log 12.35KB

C:\WINDOWS\KB941202.log 10.81KB

C:\WINDOWS\KB941568.log 13.32KB

C:\WINDOWS\KB941569.log 11.64KB

C:\WINDOWS\KB941644.log 10.88KB

C:\WINDOWS\KB941693.log 18.19KB

C:\WINDOWS\KB942615-IE7.log 58.42KB

C:\WINDOWS\KB942615.log 17.32KB

C:\WINDOWS\KB942763.log 25.28KB

C:\WINDOWS\KB942840.log 14.41KB

C:\WINDOWS\KB943055.log 10.58KB

C:\WINDOWS\KB943460.log 13.81KB

C:\WINDOWS\KB943485.log 11.11KB

C:\WINDOWS\KB944533-IE7.log 21.77KB

C:\WINDOWS\KB944653.log 11.46KB

C:\WINDOWS\KB945553.log 12.53KB

C:\WINDOWS\KB946026.log 16.01KB

C:\WINDOWS\KB947864-IE7.log 18.93KB

C:\WINDOWS\KB948590.log 12.35KB

C:\WINDOWS\KB948881.log 13.58KB

C:\WINDOWS\MSCompPackV1.log 6.27KB

C:\WINDOWS\msgsocm.log 43.74KB

C:\WINDOWS\msxml4-KB936181-enu.LOG 0.28MB

C:\WINDOWS\msxml6-KB933579-enu-x86.LOG 0.48MB

C:\WINDOWS\NLSDownlevelMapping.log 8.49KB

C:\WINDOWS\ntdtcsetup.log 0.18MB

C:\WINDOWS\ocgen.log 0.41MB

C:\WINDOWS\ocmsn.log 46.09KB

C:\WINDOWS\Q312370.log 10.17KB

C:\WINDOWS\Q321178.log 278 bytes

C:\WINDOWS\Q323255.log 920 bytes

C:\WINDOWS\Q329048.log 15.92KB

C:\WINDOWS\Q329115.log 1.53KB

C:\WINDOWS\Q329170.log 5.91KB

C:\WINDOWS\Q329390.log 1.18KB

C:\WINDOWS\Q329441.log 8.82KB

C:\WINDOWS\Q329834.log 16.27KB

C:\WINDOWS\Q810577.log 16.74KB

C:\WINDOWS\Q810833.log 13.66KB

C:\WINDOWS\Q811630.log 10.61KB

C:\WINDOWS\Q815021.log 9.46KB

C:\WINDOWS\regopt.log 1.03KB

C:\WINDOWS\sessmgr.setup.log 1.25KB

C:\WINDOWS\setupact.log 0.16MB

C:\WINDOWS\setupapi.log 0.50MB

C:\WINDOWS\setuperr.log 0 bytes

C:\WINDOWS\spupdsvc.log 87.50KB

C:\WINDOWS\svcpack.log 0.39MB

C:\WINDOWS\tsoc.log 0.33MB

C:\WINDOWS\updspapi.log 60.92KB

C:\WINDOWS\Windows Update.log 240 bytes

C:\WINDOWS\WMFDist11.log 46.05KB

C:\WINDOWS\wmp11.log 31.83KB

C:\WINDOWS\wmp11Uninst.log 9.43KB

C:\WINDOWS\wmsetup.log 78.71KB

C:\WINDOWS\wmsetup10.log 1.40KB

C:\WINDOWS\Wudf01000Inst.log 11.46KB

C:\WINDOWS\xpsp1hfm.log 28.04KB

C:\WINDOWS\imsins.BAK 1.32KB

C:\WINDOWS\ntbtlog.txt 88.33KB

C:\WINDOWS\OEWABLog.txt 1.14KB

C:\WINDOWS\setuplog.txt 0.71MB

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 17.2MB

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp 8.83KB

C:\WINDOWS\Debug\blastcln.log 286 bytes

C:\WINDOWS\Debug\mrt.log 12.13KB

C:\WINDOWS\Debug\mrteng.log 6.26KB

C:\WINDOWS\Debug\NetSetup.LOG 2.41KB

C:\WINDOWS\security\logs\backup.log 2.87KB

C:\WINDOWS\security\logs\SceRoot.log 592 bytes

C:\WINDOWS\security\logs\scesetup.log 0.11MB

C:\WINDOWS\security\logs\update.log 7.03KB

C:\WINDOWS\security\logs\scecomp.old 210 bytes

Removed Cookie: google.com

Removed Cookie: majorgeeks.com

Removed Cookie: pagead2.googlesyndication.com

Removed Cookie: quantserve.com

Removed Cookie: partner.googleadservices.com

Removed Cookie: yahoo.com

Removed Cookie: aus2.mozilla.org

Removed Cookie: forums.spywareinfo.com

Removed Cookie: www.spywareinfoforum.com

Removed Cookie: ubuntuforums.org

Removed Cookie: facebook.com

Removed Cookie: cubics.com

Removed Cookie: socialmedia.com

Removed Cookie: partner2profit.com

Removed Cookie: rad.msn.com

Removed Cookie: verizononline.com

Removed Cookie: verizon.net

Removed Cookie: atwola.com

Removed Cookie: dcshm.verizon.net

Removed Cookie: sso.verizon.net

Removed Cookie: webmail.verizon.net

Removed Cookie: www.verizon.net

Removed Cookie: ebay.com

Removed Cookie: wapp.verizon.net

Removed Cookie: netservices.verizon.net

Removed Cookie: nextag.com

Removed Cookie: thepiratebay.org

Removed Cookie: realmedia.com

Removed Cookie: youtube.com

Removed Cookie: www.howtoforge.com

Removed Cookie: amazon.com

Removed Cookie: ubuntu.com

Removed Cookie: dateamillionaire.com

Removed Cookie: iesnare.com

Removed Cookie: www.dateamillionaire.com

Removed Cookie: mmismm.com

Removed Cookie: www.catholicmates.com

Removed Cookie: catholicmates.com

Removed Cookie: interclick.com

Removed Cookie: rockyou.com

Removed Cookie: psu.edu

Removed Cookie: infoworld.com

Removed Cookie: cwflyris.computerworld.com

Removed Cookie: tigerdirect.com

Removed Cookie: click.highspeedbackbone.net

Removed Cookie: tigerdirect.ca

Removed Cookie: newegg.com

Removed Cookie: www.firstgiving.com

Removed Cookie: turn.com

Removed Cookie: www.newegg.com

Removed Cookie: cm.newegg.com

Removed Cookie: educations.newegg.com

Removed Cookie: afterdawn.com

Removed Cookie: intellitxt.com

Removed Cookie: adz.afterdawn.net

Removed Cookie: winplanet.com

Removed Cookie: internet.com

Removed Cookie: download.com

Removed Cookie: com.com

Removed Cookie: voicefive.com

Removed Cookie: revsci.net

Removed Cookie: cnet.com

Removed Cookie: real.com

Removed Cookie: www6.addfreestats.com

Removed Cookie: apple.com

Removed Cookie: bestbuy.com

Removed Cookie: www.bestbuy.com

Removed Cookie: track.bestbuy.com

Removed Cookie: dell.com

Removed Cookie: search.dell.com

Removed Cookie: www.dell.com

Removed Cookie: offermatica.com

Removed Cookie: www.tigerdirect.com

Removed Cookie: flurl.com

Removed Cookie: content.liveuniverse.com

Removed Cookie: adultfriendfinder.com

Removed Cookie: yourfilehost.com

Removed Cookie: blip.tv

Removed Cookie: shooshtime.com

Removed Cookie: adultadworld.com

Removed Cookie: ad2.doublepimp.com

Removed Cookie: ad2.clickhype.com

Removed Cookie: abclocal.go.com

Removed Cookie: go.com

Removed Cookie: npr.org

Removed Cookie: p2plendingnews.com

Removed Cookie: clicktorrent.info

Removed Cookie: afy11.net

Removed Cookie: demonoid.com

Removed Cookie: www.demonoid.com

Removed Cookie: precisionclick.com

Removed Cookie: mailbox.verizon.net

Removed Cookie: discovery.com

Removed Cookie: collective-media.net

Removed Cookie: insightexpressai.com

Removed Cookie: media6degrees.com

Removed Cookie: tacoda.net

Removed Cookie: base.googlehosted.com

Removed Cookie: storechat.apple.com

Removed Cookie: mozilla-x86-64.com

Removed Cookie: www.mozilla-x86-64.com

Removed Cookie: dongtaiwang.com

Removed Cookie: hit.gemius.pl

Removed Cookie: stat.4u.pl

Removed Cookie: ad.adocean.pl

Removed Cookie: nuggad.net

Removed Cookie: hit.stat24.com

Removed Cookie: gde.adocean.pl

Removed Cookie: ad2.pl.mediainter.net

Removed Cookie: onet.pl

Removed Cookie: ekartki.net.pl

Removed Cookie: e-kartki.glg.pl

Removed Cookie: digitalpoint.com

Removed Cookie: vip.clickzs.com

Removed Cookie: fastecard.com

Removed Cookie: www.fastecard.com

Removed Cookie: hipstercards.com

Removed Cookie: www.buzztone.com

Removed Cookie: 123greetings.com

Removed Cookie: cards.100free-ecards.com

Removed Cookie: 100free-ecards.com

Removed Cookie: riversongs.com

Removed Cookie: r.sharethis.com

Removed Cookie: e-cards.com

Removed Cookie: www.googleadservices.com

Removed Cookie: dgreetings.com

Removed Cookie: cards.ecard4all.com

Removed Cookie: shopping.yahoo.com

Removed Cookie: cupidecards.com

Removed Cookie: unlimitedfreecards.com

Removed Cookie: myfuncards.com

Removed Cookie: imgfarm.com

Removed Cookie: azjmp.com

Removed Cookie: cards.123greetings.com

Removed Cookie: all4love.net

Removed Cookie: lovingyou.com

Removed Cookie: cz8.clickzs.com

Removed Cookie: cz3.clickzs.com

Removed Cookie: adobe.com

Removed Cookie: www.123greetings.com

Removed Cookie: shaadi.com

Removed Cookie: www.shaadi.com

Removed Cookie: wp.pl

Removed Cookie: www.wp.pl

Removed Cookie: my.adocean.pl

Removed Cookie: eyewonder.com

Removed Cookie: pcworld.com

Removed Cookie: www.pcworld.com

Removed Cookie: digg.com

Removed Cookie: hb.pcworld.com

Removed Cookie: serving-sys.com

Removed Cookie: bs.serving-sys.com

Removed Cookie: blogs.pcworld.com

Removed Cookie: admissions.psu.edu

Removed Cookie: www.yahoo.com

Removed Cookie: translate.google.com

Removed Cookie: constantcontact.com

Removed Cookie: bitdefender.com

Removed Cookie: ssl-hints.netflame.cc

Removed Cookie: main.ebayrtm.com

Removed Cookie: ebayrtm.com

Removed Cookie: fbgdc.com

Removed Cookie: buzznet.com

Removed Cookie: trashypretty.com

Removed Cookie: eas.apm.emediate.eu

Removed Cookie: realtechnetwork.net

Removed Cookie: ads.realtechnetwork.net

Removed Cookie: ylwbook.areaconnect.addresses.com

Removed Cookie: addresses.com

Removed Cookie: areaconnect.com

Removed Cookie: www.primosearch.com

Removed Cookie: ads.revsci.net

Removed Cookie: tooshocking.com

Removed Cookie: ads.tooshocking.com

Removed Cookie: www.burstbeacon.com

Removed Cookie: www.citibank.com

Removed Cookie: vendorweb.citibank.com

Removed Cookie: yelp.com

Removed Cookie: www.yelp.com

Removed Cookie: www.insiderpages.com

Removed Cookie: iacas.adbureau.net

Removed Cookie: qualisteam.com

Removed Cookie: www.citibank.ru

Removed Cookie: intelli-direct.com

Removed Cookie: adopt.euroclick.com

Removed Cookie: www.wn.com

Removed Cookie: bankofamerica.com

Removed Cookie: www.bankofamerica.com

Removed Cookie: tc.bankofamerica.com

Removed Cookie: siteresources.worldbank.org

Removed Cookie: enhance.com

Removed Cookie: local.com

Removed Cookie: www.local.com

Removed Cookie: adecn.com

Removed Cookie: pro-market.net

Removed Cookie: wwwz.websearch.verizon.net

Removed Cookie: citifinancial.pl

Removed Cookie: answers.com

Removed Cookie: www.answers.com

Removed Cookie: anad.tacoda.net

Removed Cookie: aggregateknowledge.com

Removed Cookie: a.answers.com

Removed Cookie: npdor.com

Removed Cookie: ourfreestuff.net

Removed Cookie: quia.com

Removed Cookie: secure.newegg.com

Removed Cookie: www.true.com

Removed Cookie: tracking.keywordmax.com

Removed Cookie: adshuffle.com

Removed Cookie: by.adshuffle.com

Removed Cookie: richmedia.yahoo.com

Removed Cookie: fubar.com

Removed Cookie: torrentsforall.net

Removed Cookie: www.inventionconcept.com

Removed Cookie: www.contactfly.com

Removed Cookie: stat.onestat.com

Removed Cookie: www.tomshardware.com

Removed Cookie: tomshardware.com

Removed Cookie: xiti.com

Removed Cookie: untd.com

Removed Cookie: adwords.google.com

Removed Cookie: tripadvisor.com

Removed Cookie: fury.whogivesahoot.com

Removed Cookie: www.askmen.com

Removed Cookie: askmen.com

Removed Cookie: ign.com

Removed Cookie: opt.fimserve.com

Removed Cookie: demr.opt.fimserve.com

Removed Cookie: abmr.net

Removed Cookie: wfmz.com

Removed Cookie: reference.com

Removed Cookie: wunderloop.net

Removed Cookie: dictionary.reference.com

Removed Cookie: ask.com

Removed Cookie: wwwwz.websearch.verizon.net

Removed Cookie: recaptcha.net

Removed Cookie: mapquest.com

Removed Cookie: att.com

Removed Cookie: baltimoresun.com

Removed Cookie: trb.com

Removed Cookie: topix.net

Removed Cookie: myrewardzone.bestbuy.com

Removed Cookie: myrewardzone.com

Removed Cookie: rewardzone.com

Removed Cookie: about.com

Removed Cookie: nytimes.com

Removed Cookie: sportsmedicine.about.com

Removed Cookie: exercise.about.com

Removed Cookie: walking.about.com

Removed Cookie: running.about.com

Removed Cookie: johnstonefitness.com

Removed Cookie: nehalemnews.com

Removed Cookie: beyond3d.com

Removed Cookie: www2.techreport.com

Removed Cookie: www.beyond3d.com

Removed Cookie: www.xtremesystems.org

Removed Cookie: xtremesystems.org

Removed Cookie: newsfactor.com

Removed Cookie: www.newsfactor.com

Removed Cookie: anandtech.com

Removed Cookie: dynamic2.anandtech.com

Removed Cookie: collegeboard.com

Removed Cookie: collegesearch.collegeboard.com

Removed Cookie: www3.lehigh.edu

Removed Cookie: publishers.clickbooth.com

Removed Cookie: live.com

Removed Cookie: www2.victoriassecret.com

Removed Cookie: victoriassecret.com

Removed Cookie: www25.victoriassecret.com

Removed Cookie: www.victoriassecret.com

Removed Cookie: yallwire.com

Removed Cookie: ads2.blastro.com

Removed Cookie: gigya.com

Removed Cookie: tremor.adbureau.net

Removed Cookie: ads.vlaze.com

Removed Cookie: vlaze.com

Removed Cookie: www.google.com

Removed Cookie: community.verizon.net

Removed Cookie: au2m8.com

Removed Cookie: phoenixlabs.org

Removed Cookie: forums.phoenixlabs.org

Removed Cookie: www.bleepingcomputer.com

Removed Cookie: microsoft.com

Removed Cookie: m.webtrends.com

Removed Cookie: www.microsoft.com

Removed Cookie: support.microsoft.com

Removed Cookie: systemerrorfixer.com

Removed Cookie: adnetserver.com

Removed Cookie: 82.98.235.210

Removed Cookie: adtrgt.com

Removed Cookie: designbloxlive.com

Removed Cookie: pub.lookery.com

Removed Cookie: subtracts.userplane.com

Removed Cookie: legitreviews.com

Removed Cookie: upb.pitt.edu

Removed Cookie: www.upb.pitt.edu

Removed Cookie: pitt.edu

Removed Cookie: answers.yahoo.com

Removed Cookie: eyereturn.com

Removed Cookie: weather.com

Removed Cookie: dcc.weather.com

Removed Cookie: secure.systemerrorfixer.com

Removed Cookie: wunderground.com

Removed Cookie: www35.vzw.com

Removed Cookie: vzw.com

Removed Cookie: verizonwireless.com

Removed Cookie: www.verizonwireless.com

Removed Cookie: cc-dt.com

Removed Cookie: 89.188.16.22

Removed Cookie: ads.bleepingcomputer.com

Removed Cookie: rubiconproject.com

Removed Cookie: webshots.com

Removed Cookie: gamefaqs.com

Removed Cookie: www.tigerdirect.ca

Removed Cookie: soc.our.psu.edu

Removed Cookie: trustedantivirus.com

Removed Cookie: 82.98.235.216

Removed Cookie: broadcaster.com

Removed Cookie: 2-spyware.com

Removed Cookie: aff.primaryads.com

Removed Cookie: amazingdump.com

Removed Cookie: arch.psu.edu

Removed Cookie: ebooks.com

Removed Cookie: flycell.com

Removed Cookie: fudzilla.com

Removed Cookie: geocities.com

Removed Cookie: hornymatches.com

Removed Cookie: imrworldwide.com

Removed Cookie: isohunt.com

Removed Cookie: matchmaker.com

Removed Cookie: microcenter.com

Removed Cookie: millionairematch.com

Removed Cookie: o.webmd.com

Removed Cookie: online-literature.com

Removed Cookie: pchubs.com

Removed Cookie: tweaktown.com

Removed Cookie: ultraslut.com

Removed Cookie: uniquedump.com

Removed Cookie: university.com

Removed Cookie: webmd.com

Removed Cookie: www.flycell.com

Removed Cookie: abcnews.go.com

Removed Cookie: ads.kaktuz.net

Removed Cookie: ads.nsfwmediainc.com

Removed Cookie: as.webmd.com

Removed Cookie: eshop.moc.psu.edu

Removed Cookie: forums.cnet.com

Removed Cookie: surround.verizon.net

Removed Cookie: www.2-spyware.com

Removed Cookie: www.a013.com

Removed Cookie: www.hornymatches.com

Removed Cookie: www.lickafish.com

Removed Cookie: www.matchmaker.com

Removed Cookie: www.ngohq.com

Removed Cookie: www.trendsecure.com

Removed Cookie: www.tweaktown.com

Removed Cookie: www.uglywagon.com

Removed Cookie: www.webmd.com

C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\xdsbel7r.default\downloads.rdf 206 bytes

Firefox/Mozilla Temporary Internet Cache (286 files) 50.9MB

C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\xdsbel7r.default\history.dat 3.31MB

C:\Documents and Settings\Peter\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\Search80\6b04f6aa770037d4e920855d1b9e59fe.idx 55.29KB

C:\Documents and Settings\Peter\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\Search80\8247ec92538a324934c8efb6d05b023c.idx 33.33KB

C:\Documents and Settings\Peter\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\Search80\9c05da4904059b4298caaeabc1c26c49.idx 0.42MB

C:\Documents and Settings\Peter\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\Search80\c9c134636454c74a8854ac17f41cb8fc.idx 29.79KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\12I1O6P4.LNK 1.02KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\AIMG6G0T.LNK 1.02KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\AP Economics.LNK 818 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\ARarePhoto[1].pps.LNK 1.15KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\AVWA45NE.LNK 1.02KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\BEX1T5OK.LNK 1.02KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Body House[1].pps.LNK 1.16KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\combofix instructions.doc.LNK 764 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Desktop.LNK 573 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\DX2GCUK7.LNK 1.02KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Economics Extra credit.doc.LNK 769 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\G5KZWAW3.LNK 1.02KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\goggles[1].xls.LNK 1.14KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\GUQU0CMO.LNK 1.02KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\html on www.morawiec.com.url 68 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\index.dat 1,003 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\IWG1KK33.LNK 1.02KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Julio Romero de Torres.ppt.LNK 791 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\K3J10H4T.LNK 1.02KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\KV87AX5G.LNK 1,016 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\My Documents.LNK 584 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\my stance.doc.LNK 704 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Normal.LNK 869 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\peeping(1).xls.LNK 731 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\peeping(1)[1].xls.LNK 1.17KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\podziekowanie[1].ppt.LNK 1.17KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Removal Steps.doc.LNK 724 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\res.doc.LNK 690 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Research Paper Title Page.doc.LNK 885 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\response.doc.LNK 699 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\SDG2PAAF.LNK 1.02KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\SNFSVZQU.LNK 1,016 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Text Files.LNK 685 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\The Odyssey.doc.LNK 815 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Tylko_w_Polsce_1__1_[1]..[1].pps.LNK 1.25KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\WhiteMinorityGraduatesPastFutureHighlights.xls.LNK 869 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Works Cited Page.doc.LNK 840 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\World Literature Research Paper.doc.LNK 803 bytes

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\WZLTTUL9.LNK 1.02KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\YH5K6HCE.LNK 1.02KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\YMH5IJRR.LNK 1.02KB

C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\zbli%C5%BCa si%C4%99 weekend[1].pps.LNK 1.26KB

C:\Documents and Settings\Peter\Application Data\Google\Local Search History\google%2Eweb.w 108 bytes

C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\xdsbel7r.default\GoogleToolbarData\searchhistory.xml 445 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\0\71a558c0-4829234e 2.71KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\0\71a558c0-4829234e.idx 308 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\10\116d7b8a-55f020b7 6.36KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\10\116d7b8a-55f020b7.idx 307 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\10\3ab3464a-26307aa7 437 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\10\3ab3464a-26307aa7.idx 292 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\12\be0e54c-542a803a 8.11KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\12\be0e54c-542a803a.idx 6.33KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\13\570b6cd-24ed07ba 5.87KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\13\570b6cd-24ed07ba.idx 322 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\14\1c0b538e-17f1c528 9.67KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\14\1c0b538e-17f1c528.idx 312 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\14\225f3d0e-161ab162 438 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\14\225f3d0e-161ab162.idx 437 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\14\6f8ff1ce-4c79c588 0.18MB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\14\6f8ff1ce-4c79c588.idx 438 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\15\4b86590f-66b16283 5.64KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\15\4b86590f-66b16283.idx 298 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\16\3ce09bd0-6c93dd49 0.30MB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\16\3ce09bd0-6c93dd49.idx 332 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\17\49028d1-765786c3 284 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\17\49028d1-765786c3.idx 325 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\17\64404d91-67f596f3 6.15KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\17\64404d91-67f596f3.idx 338 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\18\5bbb2592-42b8c66b 0.14MB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\18\5bbb2592-42b8c66b.idx 21.62KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\2\1369442-2cb3b028 727 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\2\1369442-2cb3b028.idx 437 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\2\d111202-121bf0da 1.12KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\2\d111202-121bf0da.idx 438 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\21\1afc8615-4dc9495d 2.91MB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\21\1afc8615-4dc9495d.idx 350 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\21\4733b815-2bb613ee 827 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\21\4733b815-2bb613ee.idx 304 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\21\55a74b55-69868163 2.57KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\21\55a74b55-69868163.idx 299 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\24\60d981d8-4f292c2d 51.68KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\24\60d981d8-4f292c2d.idx 9.70KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\25\10dd3219-664be21c-2.1.12.0- 0.54MB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\25\10dd3219-664be21c-2.1.12.0-.idx 61.68KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\29\7419899d-35b4c655 1.85KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\29\7419899d-35b4c655.idx 439 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\30\3ed1d39e-53c01d69 2.63KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\30\3ed1d39e-53c01d69.idx 438 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\33\673b72e1-4ff3d4a3 42.51KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\33\673b72e1-4ff3d4a3.idx 407 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\33\7cac94e1-7e23e2a7 69.59KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\33\7cac94e1-7e23e2a7.idx 473 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\34\7c9cffe2-53a8c41a 457 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\34\7c9cffe2-53a8c41a.idx 437 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\35\176afd63-17753350 5.31KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\35\176afd63-17753350.idx 313 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\38\118c8fe6-5c3f82c7 28.45KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\38\118c8fe6-5c3f82c7.idx 338 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\39\195c9b67-375b13f5 9.88KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\39\195c9b67-375b13f5.idx 311 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\40\1dafd428-41ce7e3a 694 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\40\1dafd428-41ce7e3a.idx 437 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\40\305a34e8-17ce4188 141 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\40\305a34e8-17ce4188.idx 334 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\43\62b0f66b-62823ec7 827 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\43\62b0f66b-62823ec7.idx 318 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\44\2e6a36ec-75009a68 2.88KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\44\2e6a36ec-75009a68.idx 438 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\44\328455ac-5bba8bc3 3.75KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\44\328455ac-5bba8bc3.idx 294 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\45\40fb5aed-53477db2 50.02KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\45\40fb5aed-53477db2.idx 374 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\45\40fb5aed-664411a6 49.96KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\45\40fb5aed-664411a6.idx 374 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\45\7a20522d-64d0f1e3-0.1.4.9- 0.11MB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\45\7a20522d-64d0f1e3-0.1.4.9-.idx 13.86KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\46\43fdbbae-1c41208e 12.56KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\46\43fdbbae-1c41208e.idx 408 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\48\4138dd70-1aabf172 6.96KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\48\4138dd70-1aabf172.idx 317 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\49\54cef8f1-171c1ee0 5.87KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\49\54cef8f1-171c1ee0.idx 301 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\51\5ae67833-6807622b 1.09KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\51\5ae67833-6807622b.idx 333 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\52\12227134-56f6d9a7 527 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\52\12227134-56f6d9a7.idx 437 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\52\6d7493b4-401a2c7e 8.11KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\52\6d7493b4-401a2c7e.idx 6.30KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\54\3a2c35b6-7fbf1998 9.18KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\54\3a2c35b6-7fbf1998.idx 446 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\54\48690576-1a576bbc 383 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\54\48690576-1a576bbc.idx 303 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\56\7076a8f8-1721c7ea 578 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\56\7076a8f8-1721c7ea.idx 437 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\56\73883438-1304cafc 12.29KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\56\73883438-1304cafc.idx 761 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\58\4f5a25fa-7ff93a2f 771 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\58\4f5a25fa-7ff93a2f.idx 437 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\58\601430fa-4fc3b465 616 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\58\601430fa-4fc3b465.idx 437 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\58\6bcd4a7a-73d35977 366 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\58\6bcd4a7a-73d35977.idx 437 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-12f9c56f 302 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-12f9c56f.idx 39 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\59\47fc1bb-333e7fc5 6.46KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\59\47fc1bb-333e7fc5.idx 7.09KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\59\47fc1bb-43e6e3a8 6.69KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\59\47fc1bb-43e6e3a8.idx 7.31KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\60\5662ebfc-721fa9ee 16.36KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\60\5662ebfc-721fa9ee.idx 296 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\61\29a63e3d-13d8f2f8 0.16MB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\61\29a63e3d-13d8f2f8.idx 417 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\61\6b92603d-33dbb81d 37.17KB

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\61\6b92603d-33dbb81d.idx 349 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\63\702e73f-4f2f7420 284 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\63\702e73f-4f2f7420.idx 339 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\8\861d648-7ad80a9b 960 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\8\861d648-7ad80a9b.idx 423 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\165a9d85-2614f610.hst 11 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\1965a555-7feae76a.hst 13 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\1a1b9da2-6fd58ea6.hst 12 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\1e637e86-16044c97.hst 12 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\1ea2474-3f9a1137.hst 15 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\1fbe018b-520cdc47.hst 14 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\2ca7c6a3-1d0c2470.hst 12 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\2ffd225d-22d3f678.hst 13 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\4ae40826-7b72ba78.hst 11 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\4e2ca93a-46f0fd5f.hst 13 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\50d4ad02-1e0f36f5.hst 12 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\5cebd23f-185a3d25.hst 14 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\5e618527-60915175.hst 14 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\618c0e8f-73843ef1.hst 13 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\61cbbe28-4578294e.hst 13 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\64cb5111-281604ce.hst 15 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\679fef18-391d31c6.hst 13 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\6c0ed797-48f74a51.hst 15 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\6d4c0728-46203662.hst 11 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\7029723-1cbbbec3.hst 12 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\752fd2b7-618b3e3f.hst 12 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\76075bb2-7b3fd2cc.hst 14 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\7623ccf7-695ba883.hst 13 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\df6f15f-3ada3633.hst 13 bytes

C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed 1 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\2mdn.net\1295985\203149_1195672877_Adroit_728x90_ImpOfMktg_120.swf\Adroit_id.sol 94 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\a.abcnews.com\s_br.sol 595 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\adaptv.vo.llnwd.net\o15\client\AdPlayer8_002992.swf\adap.tv.sol 52 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\adaptv.vo.llnwd.net\o15\client\AdPlayer8_003386.swf\adap.tv.sol 53 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\adaptv.vo.llnwd.net\o15\client\AdPlayer8_006086.swf\adap.tv.sol 52 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\adcontent.videoegg.com\eap\3715\core\AdManager.swf\vepui.sol 68 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\adcontent.videoegg.com\vepui.sol 68 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\adtraff.com\forcejoe.sol 49 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\akimages.metacafe.com\MetacafeFlashVideoPlayer.sol 64 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\akimages.metacafe.com\MetacafePPR.sol 54 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\bestbuy.shoplocal.com\global526846.sol 370 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\bin.clearspring.com\clearspring.sol 815 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\cdn.widgetserver.com\com.quantserve.sol 74 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\chat.dateamillionaire.com\chat.swf\FlashChat.sol 55 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\cimages.broadcaster.com\auto_play.sol 1.02KB

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\cimages.broadcaster.com\player_settings.sol 79 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\cosmos.bcst.yahoo.com\COSMOSPrefs.sol 76 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\crackle.com\crackleSettings.sol 62 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\dhd.discovery.com\fpVersion.sol 44 bytes

C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\embed.redtube.com\player\xmoo

Share this post


Link to post
Share on other sites

Here is the hijack this log:

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:12:19 PM, on 5/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

C:\Program Files\Logitech\ImageStudio\LogiTray.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

C:\Program Files\PeerGuardian2\pg2.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Logitech\ImageStudio\LowLight.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe

O4 - HKLM\..\Run: [sBI] C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en[1].exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [Flircik] C:\Program Files\Onet\Flircik\Flircik.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189374326623

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: lxcj_device - - C:\WINDOWS\System32\lxcjcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

 

--

End of file - 9406 bytes

Share this post


Link to post
Share on other sites

Hi again,

 

Reconfigure Windows XP to show hidden files:

Click Start. Open My Computer.

Select the Tools menu and click Folder Options. Select the View Tab.

 

Under the Hidden files and folders heading select "Show hidden files and folders".

Uncheck the "Hide protected operating system files (recommended)" option.

Uncheck the "Hide file extensions for known file types" option.

Click Yes to confirm. Click OK.

 

Now navigate to

C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en[1].exe

 

and manually delete this file:

 

setup_sbd_en[1].exe

 

Reboot.

 

Reconfigure Windows XP to hide hidden files:

Click Start. Open My Computer.

Select the Tools menu and click Folder Options. Select the View Tab.

 

Under the Hidden files and folders heading deselect "Show hidden files and folders".

Check the "Hide protected operating system files (recommended)" option.

Check the "Hide file extensions for known file types" option.

Click Yes to confirm. Click OK.

 

Please now post a new HiJackThis log.

 

jedi

Share this post


Link to post
Share on other sites

I can't find the folder that comes after IE5. I used the run utility but its saying that it does not exist.

Share this post


Link to post
Share on other sites

Hi again,

 

In which case I would say you look clean, how is the PC running now?

 

jedi

Share this post


Link to post
Share on other sites

Since the issue appears to be resolved this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0