Jump to content


Photo

please help me remove virus isolator


  • This topic is locked This topic is locked
15 replies to this topic

#1 etep513

etep513

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 23 April 2008 - 05:02 PM

A few days ago, my computer became infected with one of those rogue spyware programs (this one was named virus isolator). It had the traditional flashing icon in the bottom right hand corner of the screen, the constant popup ads which said that I was infected, and 3 icons on my desktop (Error Cleaner, Privacy Protector, and Spyware&Malware Protection). Also there are those constant windows security alerts (sent by the spyware which say that I am infected). Some of the icons from my desktop disappeared but the programs can still be accessed through the start menu. The thing that really shocked me with this piece of spyware is that it locked me out of the task manager. When I would click Ctlr+Alt+Delete it would say that the administrator disabled the task manager. I ran a scan with Spybot Search and Destroy and I removed all of the things that came up on that scanner. I also ran an Ad-Aware 2007 scan and removed the spyware that came up on that. After I ran the Ad-Aware 2007 scan I was able to use the task manager again. But the popups still keep coming, the flashing icon is still there, and the desktop sometime goes blank (you can see the desktop background but the icons are not there). Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:01:23 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing)
O3 - Toolbar: dpevflbg - {838B6BFB-94D5-4C3F-851C-EEBF6108BDA8} - C:\WINDOWS\dpevflbg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en[1].exe
O4 - HKLM\..\Run: [bc658048] rundll32.exe "C:\WINDOWS\system32\ourhpiqm.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189374326623
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.f...bal/msc3121.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: vadokmxt - {6616AF74-AC72-4C70-B328-E1CA50E5B427} - C:\WINDOWS\vadokmxt.dll
O21 - SSODL: wdpoefan - {A1CC74BA-E142-41FD-8172-FEE7AD1B0365} - C:\WINDOWS\wdpoefan.dll
O22 - SharedTaskScheduler: asparagine - {65bbf06c-ea06-4818-92a3-f3550d0e1004} - C:\WINDOWS\system32\rkvdr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcj_device - - C:\WINDOWS\System32\lxcjcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8888 bytes

I would greatly appreciate any help. Thanks for your time.

#2 etep513

etep513

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 24 April 2008 - 04:11 PM

The spyware name might actually be virtumonde, but I'm not sure. When I ran the Ad-Aware 2007 scan one of the things that came up was virtumonde. I don't know if that helps or not, but I just thought I'd mention it.

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,485 posts

Posted 26 April 2008 - 05:14 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#4 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 26 April 2008 - 01:47 PM

Hi,

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#5 etep513

etep513

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 27 April 2008 - 12:36 PM

Ok, here is the combofix log:





ComboFix 08-04-24.1 - Peter 2008-04-27 13:02:36.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.211 [GMT -4:00]
Running from: C:\Documents and Settings\Peter\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Peter\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\cIhkQqru.ini
C:\WINDOWS\system32\cIhkQqru.ini2
C:\WINDOWS\system32\IhQqYJlm.ini
C:\WINDOWS\system32\IhQqYJlm.ini2
C:\WINDOWS\system32\jSsAacdd.ini
C:\WINDOWS\system32\jSsAacdd.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJYqQhI.dll
C:\WINDOWS\system32\OoWvvyxx.ini
C:\WINDOWS\system32\OoWvvyxx.ini2
C:\WINDOWS\system32\qmodtqrh.ini
C:\WINDOWS\system32\reqmibiu.ini
C:\WINDOWS\system32\rkndrfbx.ini
C:\WINDOWS\system32\segauhmj.ini
C:\WINDOWS\system32\uDgfOXyb.ini
C:\WINDOWS\system32\uDgfOXyb.ini2
C:\WINDOWS\system32\winivstr.exe
C:\WINDOWS\system32\xbfrdnkr.dll
C:\WINDOWS\system32\XyaKlUtv.ini
C:\WINDOWS\system32\XyaKlUtv.ini2

.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-26 13:01 . 2008-04-26 13:01 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-04-26 12:37 . 2008-04-26 13:01 <DIR> d-------- C:\VundoFix Backups
2008-04-26 11:20 . 2008-04-26 14:32 95,808 --a------ C:\WINDOWS\system32\hrqtdomq.dll
2008-04-24 22:56 . 2008-04-25 15:00 1,509,306 --ahs---- C:\WINDOWS\system32\emfhuydi.ini
2008-04-24 20:43 . 2008-04-24 20:46 1,509,219 --ahs---- C:\WINDOWS\system32\slwupscy.ini
2008-04-24 19:17 . 2008-04-24 19:40 1,509,159 --ahs---- C:\WINDOWS\system32\owxsekpw.ini
2008-04-23 19:16 . 2008-04-23 19:16 1,540,617 --ahs---- C:\WINDOWS\system32\dbfqmyev.ini
2008-04-22 19:14 . 2008-04-23 19:15 1,541,089 --ahs---- C:\WINDOWS\system32\mqiphruo.ini
2008-04-21 20:42 . 2008-04-22 16:31 1,541,502 --ahs---- C:\WINDOWS\system32\hewdykmo.ini
2008-04-21 20:42 . 2008-04-21 20:42 87,616 --a------ C:\WINDOWS\system32\omkydweh.dll
2008-04-21 09:16 . 2008-04-21 18:57 414 --ahs---- C:\WINDOWS\system32\isltjfgd.ini
2008-04-20 22:20 . 2008-04-23 18:16 <DIR> d-------- C:\Documents and Settings\Peter\Application Data\TmpRecentIcons
2008-04-19 09:20 . 2008-04-20 21:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-19 09:20 . 2008-04-19 09:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-19 05:53 . 2008-04-27 12:38 <DIR> d-------- C:\Program Files\Lx_cats
2008-04-18 23:26 . 2008-04-27 12:40 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-04-15 19:34 . 2008-04-15 19:34 <DIR> d-------- C:\Documents and Settings\Peter\Application Data\acccore
2008-04-13 12:34 . 2008-04-26 09:46 868 --a------ C:\WINDOWS\wininit.ini
2008-04-12 20:34 . 2008-04-26 09:08 <DIR> d-------- C:\WINDOWS\system32\215651
2008-03-31 17:25 . 2008-03-31 17:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25 . 2008-03-31 17:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 17:25 . 2008-03-31 17:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 17:25 . 2008-03-31 17:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 17:25 . 2008-03-31 17:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 17:25 . 2008-03-31 17:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-31 13:32 . 2008-04-27 08:04 <DIR> d-------- C:\Documents and Settings\Peter\Application Data\Skype
2008-03-31 13:31 . 2008-03-31 13:31 <DIR> d-------- C:\Program Files\Skype
2008-03-31 13:31 . 2008-03-31 13:31 <DIR> d-------- C:\Program Files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 16:21 --------- d-----w C:\Documents and Settings\Peter\Application Data\SiteAdvisor
2008-04-27 12:04 --------- d-----w C:\Documents and Settings\Peter\Application Data\skypePM
2008-04-27 09:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-26 17:01 --------- d-----w C:\Program Files\PowerISO
2008-04-25 19:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-21 21:46 --------- d-----w C:\Program Files\Norton 360
2008-04-20 20:56 --------- d-----w C:\Documents and Settings\Peter\Application Data\uTorrent
2008-04-20 18:29 --------- d-----w C:\Program Files\DivX
2008-04-20 15:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-20 15:04 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-19 14:09 --------- d-----w C:\Documents and Settings\Peter\Application Data\Yahoo!
2008-04-19 14:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-17 03:21 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-15 23:54 --------- d-----w C:\Program Files\Viewpoint
2008-04-15 23:54 --------- d-----w C:\Program Files\AIM6
2008-04-15 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-15 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-15 23:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-04-12 00:47 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-03-31 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-29 23:28 --------- d-----w C:\Program Files\Starcraft
2008-03-26 13:31 --------- d-----w C:\Program Files\Google
2008-03-26 13:20 --------- d-----w C:\Documents and Settings\Peter\Application Data\MSN6
2008-03-22 18:05 --------- d-----w C:\Program Files\Java
2008-03-21 18:33 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-03-21 01:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 01:56 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-03-19 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-19 16:51 --------- d-----w C:\Program Files\Yahoo!
2008-03-14 04:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-09 03:37 --------- d-----w C:\Program Files\Windows Live
2008-03-08 20:41 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-08 18:49 --------- d-----w C:\Program Files\QuickTime
2008-03-08 18:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 15:10 --------- d-----w C:\Documents and Settings\Peter\Application Data\Apple Computer
2008-03-08 15:09 --------- d-----w C:\Program Files\iTunes
2008-03-08 15:09 --------- d-----w C:\Program Files\iPod
2008-03-08 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-08 14:56 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-02 21:01 --------- d-----w C:\Program Files\Common Files\Java
2008-03-01 20:15 --------- d-----w C:\Documents and Settings\Peter\Application Data\Gadu-Gadu
2008-03-01 20:11 --------- d-----w C:\Program Files\Gadu-Gadu
2008-02-05 16:56 46 ----a-w C:\tmp.bat
2008-02-01 16:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-04 02:41 439,296 ----a-w C:\Documents and Settings\Peter\GoToAssist_phone__317_en.exe
2007-12-07 03:38 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

------- Sigcheck -------

2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2001-08-30 06:30 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-10-14 14:31 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-04-11 20:47 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-04-11 20:47 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06EA20C2-1CDE-4BE1-A5EC-0119CBD8FD1D}]
C:\WINDOWS\system32\ddcaAsSj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{070327C6-C492-4277-A685-60BA219ADE25}]
C:\WINDOWS\system32\vtUlKayX.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36FD7532-E225-4541-9E6A-5AF7CA363EEF}]
C:\WINDOWS\system32\urqQkhIc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EC8A595-0CF9-4766-9C89-DB93DD304B22}]
C:\WINDOWS\system32\xxyvvWoO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= "C:\Program Files\NetProject\wamdl.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2005-09-08 14:45 73728]
"SBI"="C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en[1].exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"vadokmxt"= {6616AF74-AC72-4C70-B328-E1CA50E5B427} - C:\WINDOWS\vadokmxt.dll [ ]
"wdpoefan"= {A1CC74BA-E142-41FD-8172-FEE7AD1B0365} - C:\WINDOWS\wdpoefan.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"vidc.X264"= x264vfw.dll
"msacm.ac3filter"= ac3filter.acm
"vidc.mxmc"= MimicICM.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
--a------ 2001-08-17 13:52 180224 C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bc658048]
C:\WINDOWS\system32\xbfrdnkr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-08-03 12:51 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-01-10 01:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
--a------ 2001-12-20 10:42 35328 C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flircik]
--a------ 2007-07-11 12:57 1253376 C:\Program Files\Onet\Flircik\Flircik.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-08-04 10:29 1056552 C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2002-09-11 12:58 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-09-11 12:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-09-20 15:16 90112 C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 09:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
--a------ 2007-01-30 00:39 1432064 C:\Program Files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-04-09 08:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-08-04 10:30 2043688 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speed racer]
--a------ 1999-11-16 01:00 5632 C:\Program Files\Creative\PlayCenter\CTSRReg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-30 15:50 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-25 17:08 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 1999-11-12 01:00 86016 C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
--a------ 2001-12-20 02:59 204800 C:\Program Files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 cpuz128;cpuz128;C:\DOCUME~1\Peter\LOCALS~1\Temp\cpuz_x32.sys []
S3 iscFlash;iscFlash;C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 13:11:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
.
**************************************************************************
.
Completion time: 2008-04-27 13:20:37 - machine was rebooted [Peter]
ComboFix-quarantined-files.txt 2008-04-27 17:20:30

Pre-Run: 27,801,993,216 bytes free
Post-Run: 27,749,572,608 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

298 --- E O F --- 2008-04-17 17:16:42





And here is the latest hijackthis log:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:52 PM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {06EA20C2-1CDE-4BE1-A5EC-0119CBD8FD1D} - C:\WINDOWS\system32\ddcaAsSj.dll (file missing)
O2 - BHO: (no name) - {070327C6-C492-4277-A685-60BA219ADE25} - C:\WINDOWS\system32\vtUlKayX.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {36FD7532-E225-4541-9E6A-5AF7CA363EEF} - C:\WINDOWS\system32\urqQkhIc.dll (file missing)
O2 - BHO: (no name) - {4EC8A595-0CF9-4766-9C89-DB93DD304B22} - C:\WINDOWS\system32\xxyvvWoO.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en[1].exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189374326623
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.f...bal/msc3121.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: vadokmxt - {6616AF74-AC72-4C70-B328-E1CA50E5B427} - C:\WINDOWS\vadokmxt.dll (file missing)
O21 - SSODL: wdpoefan - {A1CC74BA-E142-41FD-8172-FEE7AD1B0365} - C:\WINDOWS\wdpoefan.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcj_device - - C:\WINDOWS\System32\lxcjcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7946 bytes



Thanks for your help.

#6 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 28 April 2008 - 01:30 PM

Hi,

Open notepad and copy/paste the text in the quotebox below into it (do not include the word Quote)

File::
C:\WINDOWS\system32\hrqtdomq.dll
C:\WINDOWS\system32\emfhuydi.ini
C:\WINDOWS\system32\slwupscy.ini
C:\WINDOWS\system32\owxsekpw.ini
C:\WINDOWS\system32\dbfqmyev.ini
C:\WINDOWS\system32\mqiphruo.ini
C:\WINDOWS\system32\hewdykmo.ini
C:\WINDOWS\system32\omkydweh.dll
C:\WINDOWS\system32\isltjfgd.ini
C:\WINDOWS\system32\vtUlKayX.dll
C:\WINDOWS\system32\ddcaAsSj.dll
C:\WINDOWS\system32\urqQkhIc.dll
C:\WINDOWS\system32\xxyvvWoO.dll
C:\WINDOWS\system32\xbfrdnkr.dll
Folder::
"C:\Program Files\NetProject
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06EA20C2-1CDE-4BE1-A5EC-0119CBD8FD1D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{070327C6-C492-4277-A685-60BA219ADE25}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36FD7532-E225-4541-9E6A-5AF7CA363EEF}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EC8A595-0CF9-4766-9C89-DB93DD304B22}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"=-
[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"=-
[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBI"=-
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source=
FriendlyName=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"vadokmxt"=-
"wdpoefan"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bc658048]


Save this as CFScript

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#7 etep513

etep513

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 28 April 2008 - 06:50 PM

Here is the latest combofix log:




ComboFix 08-04-24.1 - Peter 2008-04-28 19:11:47.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.215 [GMT -4:00]
Running from: C:\Documents and Settings\Peter\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Peter\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\dbfqmyev.ini
C:\WINDOWS\system32\ddcaAsSj.dll
C:\WINDOWS\system32\emfhuydi.ini
C:\WINDOWS\system32\hewdykmo.ini
C:\WINDOWS\system32\hrqtdomq.dll
C:\WINDOWS\system32\isltjfgd.ini
C:\WINDOWS\system32\mqiphruo.ini
C:\WINDOWS\system32\omkydweh.dll
C:\WINDOWS\system32\owxsekpw.ini
C:\WINDOWS\system32\slwupscy.ini
C:\WINDOWS\system32\urqQkhIc.dll
C:\WINDOWS\system32\vtUlKayX.dll
C:\WINDOWS\system32\xbfrdnkr.dll
C:\WINDOWS\system32\xxyvvWoO.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dbfqmyev.ini
C:\WINDOWS\system32\emfhuydi.ini
C:\WINDOWS\system32\hewdykmo.ini
C:\WINDOWS\system32\hrqtdomq.dll
C:\WINDOWS\system32\isltjfgd.ini
C:\WINDOWS\system32\mqiphruo.ini
C:\WINDOWS\system32\omkydweh.dll
C:\WINDOWS\system32\owxsekpw.ini
C:\WINDOWS\system32\slwupscy.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.

2008-04-26 13:01 . 2008-04-26 13:01 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-04-26 12:37 . 2008-04-26 13:01 <DIR> d-------- C:\VundoFix Backups
2008-04-20 22:20 . 2008-04-23 18:16 <DIR> d-------- C:\Documents and Settings\Peter\Application Data\TmpRecentIcons
2008-04-19 09:20 . 2008-04-20 21:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-19 09:20 . 2008-04-19 09:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-19 05:53 . 2008-04-28 11:14 <DIR> d-------- C:\Program Files\Lx_cats
2008-04-18 23:26 . 2008-04-28 19:01 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-04-15 19:34 . 2008-04-15 19:34 <DIR> d-------- C:\Documents and Settings\Peter\Application Data\acccore
2008-04-13 12:34 . 2008-04-26 09:46 868 --a------ C:\WINDOWS\wininit.ini
2008-04-12 20:34 . 2008-04-26 09:08 <DIR> d-------- C:\WINDOWS\system32\215651
2008-03-31 17:25 . 2008-03-31 17:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25 . 2008-03-31 17:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 17:25 . 2008-03-31 17:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 17:25 . 2008-03-31 17:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 17:25 . 2008-03-31 17:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 17:25 . 2008-03-31 17:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-31 13:32 . 2008-04-28 18:13 <DIR> d-------- C:\Documents and Settings\Peter\Application Data\Skype
2008-03-31 13:31 . 2008-03-31 13:31 <DIR> d-------- C:\Program Files\Skype
2008-03-31 13:31 . 2008-03-31 13:31 <DIR> d-------- C:\Program Files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 22:54 --------- d-----w C:\Documents and Settings\Peter\Application Data\SiteAdvisor
2008-04-28 20:55 --------- d-----w C:\Documents and Settings\Peter\Application Data\skypePM
2008-04-28 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-28 00:17 --------- d-----w C:\Documents and Settings\Peter\Application Data\uTorrent
2008-04-26 17:01 --------- d-----w C:\Program Files\PowerISO
2008-04-25 19:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-21 21:46 --------- d-----w C:\Program Files\Norton 360
2008-04-20 18:29 --------- d-----w C:\Program Files\DivX
2008-04-20 15:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-20 15:04 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-19 14:09 --------- d-----w C:\Documents and Settings\Peter\Application Data\Yahoo!
2008-04-19 14:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-17 03:21 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-15 23:54 --------- d-----w C:\Program Files\Viewpoint
2008-04-15 23:54 --------- d-----w C:\Program Files\AIM6
2008-04-15 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-15 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-15 23:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-04-12 00:47 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-03-31 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-29 23:28 --------- d-----w C:\Program Files\Starcraft
2008-03-26 13:31 --------- d-----w C:\Program Files\Google
2008-03-26 13:20 --------- d-----w C:\Documents and Settings\Peter\Application Data\MSN6
2008-03-24 02:48 3,362 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-22 18:05 --------- d-----w C:\Program Files\Java
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-21 18:33 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-03-21 01:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 01:56 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-03-19 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-19 16:51 --------- d-----w C:\Program Files\Yahoo!
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 04:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-11 01:21 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-03-11 01:21 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-09 03:37 --------- d-----w C:\Program Files\Windows Live
2008-03-08 20:41 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-08 18:49 --------- d-----w C:\Program Files\QuickTime
2008-03-08 18:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 15:10 --------- d-----w C:\Documents and Settings\Peter\Application Data\Apple Computer
2008-03-08 15:09 --------- d-----w C:\Program Files\iTunes
2008-03-08 15:09 --------- d-----w C:\Program Files\iPod
2008-03-08 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-08 14:56 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-02 21:01 --------- d-----w C:\Program Files\Common Files\Java
2008-03-01 20:15 --------- d-----w C:\Documents and Settings\Peter\Application Data\Gadu-Gadu
2008-03-01 20:11 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-25 21:08 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 19:03 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-05 16:56 46 ----a-w C:\tmp.bat
2008-02-04 22:09 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-02-01 16:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-04 02:41 439,296 ----a-w C:\Documents and Settings\Peter\GoToAssist_phone__317_en.exe
2007-12-07 03:38 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

------- Sigcheck -------

2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2001-08-30 06:30 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-10-14 14:31 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-04-11 20:47 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-04-11 20:47 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-04-27_13.20.06.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 17:10:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-28 23:06:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06EA20C2-1CDE-4BE1-A5EC-0119CBD8FD1D}]
C:\WINDOWS\system32\ddcaAsSj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{070327C6-C492-4277-A685-60BA219ADE25}]
C:\WINDOWS\system32\vtUlKayX.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36FD7532-E225-4541-9E6A-5AF7CA363EEF}]
C:\WINDOWS\system32\urqQkhIc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EC8A595-0CF9-4766-9C89-DB93DD304B22}]
C:\WINDOWS\system32\xxyvvWoO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"vidc.X264"= x264vfw.dll
"msacm.ac3filter"= ac3filter.acm
"vidc.mxmc"= MimicICM.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
--a------ 2001-08-17 13:52 180224 C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-08-03 12:51 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-01-10 01:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
--a------ 2001-12-20 10:42 35328 C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flircik]
--a------ 2007-07-11 12:57 1253376 C:\Program Files\Onet\Flircik\Flircik.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-08-04 10:29 1056552 C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2002-09-11 12:58 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-09-11 12:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-09-20 15:16 90112 C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCJCATS]
--a------ 2005-09-08 14:45 73728 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 09:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
--a------ 2007-01-30 00:39 1432064 C:\Program Files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-04-09 08:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBI]
C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en
[1].exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-08-04 10:30 2043688 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speed racer]
--a------ 1999-11-16 01:00 5632 C:\Program Files\Creative\PlayCenter\CTSRReg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-30 15:50 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-25 17:08 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 1999-11-12 01:00 86016 C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
--a------ 2001-12-20 02:59 204800 C:\Program Files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 cpuz128;cpuz128;C:\DOCUME~1\Peter\LOCALS~1\Temp\cpuz_x32.sys []
S3 iscFlash;iscFlash;C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 19:16:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-28 19:19:27
ComboFix-quarantined-files.txt 2008-04-28 23:18:27
ComboFix2.txt 2008-04-27 17:20:38

Pre-Run: 27,533,373,440 bytes free
Post-Run: 27,590,873,088 bytes free

292 --- E O F --- 2008-04-17 17:16:42





And here is the latest hijackthis log:





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:58 PM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {06EA20C2-1CDE-4BE1-A5EC-0119CBD8FD1D} - C:\WINDOWS\system32\ddcaAsSj.dll (file missing)
O2 - BHO: (no name) - {070327C6-C492-4277-A685-60BA219ADE25} - C:\WINDOWS\system32\vtUlKayX.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {36FD7532-E225-4541-9E6A-5AF7CA363EEF} - C:\WINDOWS\system32\urqQkhIc.dll (file missing)
O2 - BHO: (no name) - {4EC8A595-0CF9-4766-9C89-DB93DD304B22} - C:\WINDOWS\system32\xxyvvWoO.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en[1].exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Flircik] C:\Program Files\Onet\Flircik\Flircik.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189374326623
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.f...bal/msc3121.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcj_device - - C:\WINDOWS\System32\lxcjcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9751 bytes

Thanks for your time :)

#8 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 30 April 2008 - 04:44 AM

Hi again,

Scan with HiJackThis and put a check in the box next to the following items;

O2 - BHO: (no name) - {06EA20C2-1CDE-4BE1-A5EC-0119CBD8FD1D} - C:\WINDOWS\system32\ddcaAsSj.dll (file missing)
O2 - BHO: (no name) - {070327C6-C492-4277-A685-60BA219ADE25} - C:\WINDOWS\system32\vtUlKayX.dll (file missing)
O2 - BHO: (no name) - {36FD7532-E225-4541-9E6A-5AF7CA363EEF} - C:\WINDOWS\system32\urqQkhIc.dll (file missing)
O2 - BHO: (no name) - {4EC8A595-0CF9-4766-9C89-DB93DD304B22} - C:\WINDOWS\system32\xxyvvWoO.dll (file missing)
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en[1].exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Close all browsers and windows, click on fix selected and allow HJT to fix these entries.

Restart.

Please do the following:
Run a BitDefender Online scan Here and post the results.

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#9 etep513

etep513

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 05 May 2008 - 08:48 PM

What happened to the post that I already put up here? I already posted the bitdefender scan but it disappeared.

BitDefender Online Scanner







Scan report generated at: Sat, May 03, 2008 - 13:56:51









Scan path: A:\;C:\;E:\;F:\;G:\;















Statistics

Time


01:55:16

Files


254046

Folders


7267

Boot Sectors


2

Archives


3258

Packed Files


9914







Results

Identified Viruses


0

Infected Files


0

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


0







Engines Info

Virus Definitions


1189248

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


16

Archive plugins


42

Unpack plugins


7

E-mail plugins


6

System plugins


5







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes





Scanned File


Status

No virus found.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:21 PM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en[1].exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Flircik] C:\Program Files\Onet\Flircik\Flircik.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189374326623
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.f...bal/msc3121.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcj_device - - C:\WINDOWS\System32\lxcjcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9592 bytes

#10 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 07 May 2008 - 08:20 AM

Hi again,

Download: CCleaner (freeware)
http://www.majorgeek...wnload4191.html
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
The following should be selected by default, if not, please select:
Posted Image
Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit

Now please post a new HiJackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#11 etep513

etep513

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 07 May 2008 - 06:39 PM

Here is the CCleaner log:




CLEANING COMPLETE - (96.553 secs)
------------------------------------------------------------------------------------------
167.7MB removed.
------------------------------------------------------------------------------------------

Details of files deleted
------------------------------------------------------------------------------------------
IE Temporary Internet Files (3872 files) 44.2MB
C:\Documents and Settings\Peter\Cookies\peter@hit.stat[1].txt 116 bytes
C:\Documents and Settings\Peter\Cookies\peter@insightexpressai[2].txt 538 bytes
C:\Documents and Settings\Peter\Cookies\peter@azjmp[2].txt 827 bytes
C:\Documents and Settings\Peter\Cookies\peter@onlinestores.metaservices.microsoft[1].txt 146 bytes
C:\Documents and Settings\Peter\Cookies\peter@iesnare[2].txt 120 bytes
C:\Documents and Settings\Peter\Cookies\peter@www.upsellit[2].txt 114 bytes
C:\Documents and Settings\Peter\Cookies\peter@dietfromthesea[2].txt 418 bytes
C:\Documents and Settings\Peter\Cookies\peter@quantserve[2].txt 199 bytes
C:\Documents and Settings\Peter\Cookies\peter@www.yahoo[1].txt 148 bytes
C:\Documents and Settings\Peter\Cookies\peter@insider.msg.yahoo[1].txt 80 bytes
C:\Documents and Settings\Peter\Cookies\peter@partners.trafficneeds[1].txt 135 bytes
C:\Documents and Settings\Peter\Cookies\peter@live365[1].txt 96 bytes
C:\Documents and Settings\Peter\Cookies\peter@direct.afilo[1].txt 610 bytes
C:\Documents and Settings\Peter\Cookies\peter@affiliate.pjntracker[1].txt 81 bytes
C:\Documents and Settings\Peter\Cookies\peter@fanbox[1].txt 212 bytes
C:\Documents and Settings\Peter\Cookies\peter@www.ecards-passion[2].txt 503 bytes
C:\Documents and Settings\Peter\Cookies\peter@stat.4u[1].txt 94 bytes
C:\Documents and Settings\Peter\Cookies\peter@www.friendlymatch[1].txt 99 bytes
C:\Documents and Settings\Peter\Cookies\peter@yahoo[2].txt 968 bytes
C:\Documents and Settings\Peter\Cookies\peter@google[1].txt 136 bytes
C:\Documents and Settings\Peter\Cookies\peter@adopt.euroclick[2].txt 715 bytes
C:\Documents and Settings\Peter\Cookies\peter@bitdefender[2].txt 135 bytes
C:\Documents and Settings\Peter\Cookies\peter@richmedia.yahoo[2].txt 119 bytes
C:\Documents and Settings\Peter\Cookies\peter@ads.lagata[1].txt 100 bytes
C:\Documents and Settings\Peter\Cookies\peter@dateamillionaire[1].txt 534 bytes
C:\Documents and Settings\Peter\Cookies\peter@www.dietfromthesea[1].txt 124 bytes
C:\Documents and Settings\Peter\Cookies\peter@hit.gemius[2].txt 222 bytes
C:\Documents and Settings\Peter\Cookies\peter@ceneo[1].txt 328 bytes
C:\Documents and Settings\Peter\Cookies\peter@www.matchmaker[2].txt 206 bytes
C:\Documents and Settings\Peter\Cookies\peter@office.microsoft[2].txt 206 bytes
C:\Documents and Settings\Peter\Cookies\peter@www.dateamillionaire[2].txt 170 bytes
C:\Documents and Settings\Peter\Cookies\peter@symantec[1].txt 534 bytes
C:\Documents and Settings\Peter\Cookies\peter@blog.lagata[1].txt 378 bytes
C:\Documents and Settings\Peter\Cookies\peter@ecards-passion[2].txt 479 bytes
C:\Documents and Settings\Peter\Cookies\peter@profile.fanbox[1].txt 80 bytes
C:\Documents and Settings\Peter\Cookies\peter@hit.stat24[2].txt 240 bytes
C:\Documents and Settings\Peter\Cookies\peter@kartki.lagata[1].txt 367 bytes
C:\Documents and Settings\Peter\Cookies\peter@subs.subsag[1].txt 106 bytes
C:\Documents and Settings\Peter\Cookies\peter@ebay[2].txt 130 bytes
C:\Documents and Settings\Peter\Cookies\peter@mail.yahoo[1].txt 785 bytes
C:\Documents and Settings\Peter\Cookies\peter@matchmaker[2].txt 1.18KB
C:\Documents and Settings\Peter\Cookies\peter@ssl-hints.netflame[2].txt 163 bytes
C:\Documents and Settings\Peter\Cookies\peter@www.singlesnet[2].txt 502 bytes
C:\Documents and Settings\Peter\Cookies\peter@ads.revsci[1].txt 661 bytes
C:\Documents and Settings\Peter\Cookies\peter@interclick[2].txt 399 bytes
Marked for deletion: C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marked for deletion: C:\Documents and Settings\Peter\Cookies\index.dat
Marked for deletion: C:\Documents and Settings\Peter\Local Settings\History\History.IE5\index.dat
Marked for deletion: C:\Documents and Settings\Peter\Local Settings\History\History.IE5\MSHist012008050720080508\index.dat
Emptied Recycle Bin (43 files) 34.5MB
C:\WINDOWS\TEMP\D653F3EC.TMP 127 bytes
C:\WINDOWS\TEMP\JET58F4.tmp 0 bytes
C:\WINDOWS\TEMP\JET88B6.tmp 0 bytes
C:\Documents and Settings\Peter\Local Settings\Temp\QTInstallCode.log 1.10KB
C:\Documents and Settings\Peter\Local Settings\Temp\wmplog00.sqm 1.33KB
C:\Documents and Settings\Peter\Local Settings\Temp\wmplog01.sqm 1.24KB
C:\Documents and Settings\Peter\Local Settings\Temp\wmplog02.sqm 1.50KB
C:\Documents and Settings\Peter\Local Settings\Temp\XR28TYBQ.emf 0.57MB
C:\Documents and Settings\Peter\Local Settings\Temp\{6931EF07-756C-46D8-9232-C3D508A12DBC}\setup.isn 0.42MB
C:\WINDOWS\MiniDump\Mini041308-01.dmp 96.00KB
C:\WINDOWS\MiniDump\Mini042408-01.dmp 96.00KB
C:\WINDOWS\MiniDump\Mini102607-01.dmp 96.00KB
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 0.73MB
C:\WINDOWS\system32\wbem\Logs\mofcomp.log 14.20KB
C:\WINDOWS\system32\wbem\Logs\NTEVT.log 2 bytes
C:\WINDOWS\system32\wbem\Logs\replog.log 400 bytes
C:\WINDOWS\system32\wbem\Logs\setup.log 5.09KB
C:\WINDOWS\system32\wbem\Logs\wbemcore.log 1.26KB
C:\WINDOWS\system32\wbem\Logs\wbemess.log 21.02KB
C:\WINDOWS\system32\wbem\Logs\wbemprox.log 2.54KB
C:\WINDOWS\system32\wbem\Logs\WBEMSNMP.log 2 bytes
C:\WINDOWS\system32\wbem\Logs\WinMgmt.log 432 bytes
C:\WINDOWS\system32\wbem\Logs\wmiadap.log 3.45KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 14.79KB
C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ 64.02KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.lo_ 64.02KB
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\cmsetacl.log 200 bytes
C:\WINDOWS\comsetup.log 0.29MB
C:\WINDOWS\Directx.log 0.22MB
C:\WINDOWS\DPINST.LOG 22.85KB
C:\WINDOWS\DtcInstall.log 360 bytes
C:\WINDOWS\FaxSetup.log 0.84MB
C:\WINDOWS\GEARInstall.log 500 bytes
C:\WINDOWS\IDNMitigationAPIs.log 8.78KB
C:\WINDOWS\ie7.log 46.92KB
C:\WINDOWS\ie7_main.log 43.50KB
C:\WINDOWS\iis6.log 0.13MB
C:\WINDOWS\imsins.log 1.34KB
C:\WINDOWS\KB823559.log 21.13KB
C:\WINDOWS\KB828741.log 29.17KB
C:\WINDOWS\KB835732.log 23.74KB
C:\WINDOWS\KB842773.log 62.56KB
C:\WINDOWS\KB873339.log 36.77KB
C:\WINDOWS\KB885835.log 41.39KB
C:\WINDOWS\KB885836.log 41.04KB
C:\WINDOWS\KB886185.log 19.46KB
C:\WINDOWS\KB887472.log 36.12KB
C:\WINDOWS\KB888302.log 25.98KB
C:\WINDOWS\KB890046.log 32.02KB
C:\WINDOWS\KB890859.log 19.29KB
C:\WINDOWS\KB891781.log 34.44KB
C:\WINDOWS\KB892130.log 62.50KB
C:\WINDOWS\KB893756.log 41.04KB
C:\WINDOWS\KB893803v2.log 5.72KB
C:\WINDOWS\KB894391.log 20.42KB
C:\WINDOWS\KB896358.log 36.35KB
C:\WINDOWS\KB896423.log 35.96KB
C:\WINDOWS\KB896428.log 20.30KB
C:\WINDOWS\KB898461.log 6.60KB
C:\WINDOWS\KB899587.log 46.37KB
C:\WINDOWS\KB899591.log 41.23KB
C:\WINDOWS\KB900485.log 39.83KB
C:\WINDOWS\KB900725.log 27.85KB
C:\WINDOWS\KB901017.log 40.92KB
C:\WINDOWS\KB901214.log 29.75KB
C:\WINDOWS\KB902400.log 39.35KB
C:\WINDOWS\KB904706.log 24.79KB
C:\WINDOWS\KB904942.log 10.32KB
C:\WINDOWS\KB905414.log 31.06KB
C:\WINDOWS\KB905749.log 24.94KB
C:\WINDOWS\KB908519.log 18.14KB
C:\WINDOWS\KB908531.log 25.39KB
C:\WINDOWS\KB910437.log 29.26KB
C:\WINDOWS\KB911280.log 40.62KB
C:\WINDOWS\KB911562.log 40.35KB
C:\WINDOWS\KB911564.log 27.37KB
C:\WINDOWS\KB911927.log 41.36KB
C:\WINDOWS\KB913580.log 24.67KB
C:\WINDOWS\KB914388.log 32.42KB
C:\WINDOWS\KB914389.log 17.99KB
C:\WINDOWS\KB914440.log 5.26KB
C:\WINDOWS\KB915865.log 7.82KB
C:\WINDOWS\KB916595.log 25.13KB
C:\WINDOWS\KB917344.log 31.82KB
C:\WINDOWS\KB917953.log 30.29KB
C:\WINDOWS\KB918118.log 28.04KB
C:\WINDOWS\KB918439.log 35.18KB
C:\WINDOWS\KB919007.log 32.14KB
C:\WINDOWS\KB920213.log 26.44KB
C:\WINDOWS\KB920670.log 34.99KB
C:\WINDOWS\KB920683.log 18.41KB
C:\WINDOWS\KB920685.log 40.79KB
C:\WINDOWS\KB920872.log 33.92KB
C:\WINDOWS\KB921503.log 37.03KB
C:\WINDOWS\KB922582.log 23.21KB
C:\WINDOWS\KB922819.log 42.75KB
C:\WINDOWS\KB923191.log 26.80KB
C:\WINDOWS\KB923414.log 41.95KB
C:\WINDOWS\KB923689.log 25.97KB
C:\WINDOWS\KB923980.log 41.14KB
C:\WINDOWS\KB924270.log 39.12KB
C:\WINDOWS\KB924496.log 37.38KB
C:\WINDOWS\KB924667.log 37.10KB
C:\WINDOWS\KB925398.log 29.12KB
C:\WINDOWS\KB925720.log 38.21KB
C:\WINDOWS\KB925902.log 36.93KB
C:\WINDOWS\KB926239.log 7.81KB
C:\WINDOWS\KB926255.log 27.34KB
C:\WINDOWS\KB926436.log 31.81KB
C:\WINDOWS\KB927779.log 45.78KB
C:\WINDOWS\KB927802.log 42.95KB
C:\WINDOWS\KB927891.log 30.68KB
C:\WINDOWS\KB928255.log 42.91KB
C:\WINDOWS\KB928843.log 15.21KB
C:\WINDOWS\KB929123.log 35.79KB
C:\WINDOWS\KB929399.log 7.00KB
C:\WINDOWS\KB930178.log 32.68KB
C:\WINDOWS\KB930916.log 25.17KB
C:\WINDOWS\KB931261.log 37.38KB
C:\WINDOWS\KB931784.log 43.26KB
C:\WINDOWS\KB932168.log 30.81KB
C:\WINDOWS\KB933360.log 36.07KB
C:\WINDOWS\KB933729.log 10.93KB
C:\WINDOWS\KB935839.log 20.43KB
C:\WINDOWS\KB935840.log 25.34KB
C:\WINDOWS\KB936021.log 40.93KB
C:\WINDOWS\KB936357.log 37.27KB
C:\WINDOWS\KB936782.log 42.50KB
C:\WINDOWS\KB937143.log 27.29KB
C:\WINDOWS\KB938127-IE7.log 10.56KB
C:\WINDOWS\KB938127.log 26.26KB
C:\WINDOWS\KB938828.log 39.78KB
C:\WINDOWS\KB938829.log 36.87KB
C:\WINDOWS\KB939653.log 17.58KB
C:\WINDOWS\KB939683.log 12.35KB
C:\WINDOWS\KB941202.log 10.81KB
C:\WINDOWS\KB941568.log 13.32KB
C:\WINDOWS\KB941569.log 11.64KB
C:\WINDOWS\KB941644.log 10.88KB
C:\WINDOWS\KB941693.log 18.19KB
C:\WINDOWS\KB942615-IE7.log 58.42KB
C:\WINDOWS\KB942615.log 17.32KB
C:\WINDOWS\KB942763.log 25.28KB
C:\WINDOWS\KB942840.log 14.41KB
C:\WINDOWS\KB943055.log 10.58KB
C:\WINDOWS\KB943460.log 13.81KB
C:\WINDOWS\KB943485.log 11.11KB
C:\WINDOWS\KB944533-IE7.log 21.77KB
C:\WINDOWS\KB944653.log 11.46KB
C:\WINDOWS\KB945553.log 12.53KB
C:\WINDOWS\KB946026.log 16.01KB
C:\WINDOWS\KB947864-IE7.log 18.93KB
C:\WINDOWS\KB948590.log 12.35KB
C:\WINDOWS\KB948881.log 13.58KB
C:\WINDOWS\MSCompPackV1.log 6.27KB
C:\WINDOWS\msgsocm.log 43.74KB
C:\WINDOWS\msxml4-KB936181-enu.LOG 0.28MB
C:\WINDOWS\msxml6-KB933579-enu-x86.LOG 0.48MB
C:\WINDOWS\NLSDownlevelMapping.log 8.49KB
C:\WINDOWS\ntdtcsetup.log 0.18MB
C:\WINDOWS\ocgen.log 0.41MB
C:\WINDOWS\ocmsn.log 46.09KB
C:\WINDOWS\Q312370.log 10.17KB
C:\WINDOWS\Q321178.log 278 bytes
C:\WINDOWS\Q323255.log 920 bytes
C:\WINDOWS\Q329048.log 15.92KB
C:\WINDOWS\Q329115.log 1.53KB
C:\WINDOWS\Q329170.log 5.91KB
C:\WINDOWS\Q329390.log 1.18KB
C:\WINDOWS\Q329441.log 8.82KB
C:\WINDOWS\Q329834.log 16.27KB
C:\WINDOWS\Q810577.log 16.74KB
C:\WINDOWS\Q810833.log 13.66KB
C:\WINDOWS\Q811630.log 10.61KB
C:\WINDOWS\Q815021.log 9.46KB
C:\WINDOWS\regopt.log 1.03KB
C:\WINDOWS\sessmgr.setup.log 1.25KB
C:\WINDOWS\setupact.log 0.16MB
C:\WINDOWS\setupapi.log 0.50MB
C:\WINDOWS\setuperr.log 0 bytes
C:\WINDOWS\spupdsvc.log 87.50KB
C:\WINDOWS\svcpack.log 0.39MB
C:\WINDOWS\tsoc.log 0.33MB
C:\WINDOWS\updspapi.log 60.92KB
C:\WINDOWS\Windows Update.log 240 bytes
C:\WINDOWS\WMFDist11.log 46.05KB
C:\WINDOWS\wmp11.log 31.83KB
C:\WINDOWS\wmp11Uninst.log 9.43KB
C:\WINDOWS\wmsetup.log 78.71KB
C:\WINDOWS\wmsetup10.log 1.40KB
C:\WINDOWS\Wudf01000Inst.log 11.46KB
C:\WINDOWS\xpsp1hfm.log 28.04KB
C:\WINDOWS\imsins.BAK 1.32KB
C:\WINDOWS\ntbtlog.txt 88.33KB
C:\WINDOWS\OEWABLog.txt 1.14KB
C:\WINDOWS\setuplog.txt 0.71MB
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 17.2MB
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp 8.83KB
C:\WINDOWS\Debug\blastcln.log 286 bytes
C:\WINDOWS\Debug\mrt.log 12.13KB
C:\WINDOWS\Debug\mrteng.log 6.26KB
C:\WINDOWS\Debug\NetSetup.LOG 2.41KB
C:\WINDOWS\security\logs\backup.log 2.87KB
C:\WINDOWS\security\logs\SceRoot.log 592 bytes
C:\WINDOWS\security\logs\scesetup.log 0.11MB
C:\WINDOWS\security\logs\update.log 7.03KB
C:\WINDOWS\security\logs\scecomp.old 210 bytes
Removed Cookie: google.com
Removed Cookie: majorgeeks.com
Removed Cookie: pagead2.googlesyndication.com
Removed Cookie: quantserve.com
Removed Cookie: partner.googleadservices.com
Removed Cookie: yahoo.com
Removed Cookie: aus2.mozilla.org
Removed Cookie: forums.spywareinfo.com
Removed Cookie: www.spywareinfoforum.com
Removed Cookie: ubuntuforums.org
Removed Cookie: facebook.com
Removed Cookie: cubics.com
Removed Cookie: socialmedia.com
Removed Cookie: partner2profit.com
Removed Cookie: rad.msn.com
Removed Cookie: verizononline.com
Removed Cookie: verizon.net
Removed Cookie: atwola.com
Removed Cookie: dcshm.verizon.net
Removed Cookie: sso.verizon.net
Removed Cookie: webmail.verizon.net
Removed Cookie: www.verizon.net
Removed Cookie: ebay.com
Removed Cookie: wapp.verizon.net
Removed Cookie: netservices.verizon.net
Removed Cookie: nextag.com
Removed Cookie: thepiratebay.org
Removed Cookie: realmedia.com
Removed Cookie: youtube.com
Removed Cookie: www.howtoforge.com
Removed Cookie: amazon.com
Removed Cookie: ubuntu.com
Removed Cookie: dateamillionaire.com
Removed Cookie: iesnare.com
Removed Cookie: www.dateamillionaire.com
Removed Cookie: mmismm.com
Removed Cookie: www.catholicmates.com
Removed Cookie: catholicmates.com
Removed Cookie: interclick.com
Removed Cookie: rockyou.com
Removed Cookie: psu.edu
Removed Cookie: infoworld.com
Removed Cookie: cwflyris.computerworld.com
Removed Cookie: tigerdirect.com
Removed Cookie: click.highspeedbackbone.net
Removed Cookie: tigerdirect.ca
Removed Cookie: newegg.com
Removed Cookie: www.firstgiving.com
Removed Cookie: turn.com
Removed Cookie: www.newegg.com
Removed Cookie: cm.newegg.com
Removed Cookie: educations.newegg.com
Removed Cookie: afterdawn.com
Removed Cookie: intellitxt.com
Removed Cookie: adz.afterdawn.net
Removed Cookie: winplanet.com
Removed Cookie: internet.com
Removed Cookie: download.com
Removed Cookie: com.com
Removed Cookie: voicefive.com
Removed Cookie: revsci.net
Removed Cookie: cnet.com
Removed Cookie: real.com
Removed Cookie: www6.addfreestats.com
Removed Cookie: apple.com
Removed Cookie: bestbuy.com
Removed Cookie: www.bestbuy.com
Removed Cookie: track.bestbuy.com
Removed Cookie: dell.com
Removed Cookie: search.dell.com
Removed Cookie: www.dell.com
Removed Cookie: offermatica.com
Removed Cookie: www.tigerdirect.com
Removed Cookie: flurl.com
Removed Cookie: content.liveuniverse.com
Removed Cookie: adultfriendfinder.com
Removed Cookie: yourfilehost.com
Removed Cookie: blip.tv
Removed Cookie: shooshtime.com
Removed Cookie: adultadworld.com
Removed Cookie: ad2.doublepimp.com
Removed Cookie: ad2.clickhype.com
Removed Cookie: abclocal.go.com
Removed Cookie: go.com
Removed Cookie: npr.org
Removed Cookie: p2plendingnews.com
Removed Cookie: clicktorrent.info
Removed Cookie: afy11.net
Removed Cookie: demonoid.com
Removed Cookie: www.demonoid.com
Removed Cookie: precisionclick.com
Removed Cookie: mailbox.verizon.net
Removed Cookie: discovery.com
Removed Cookie: collective-media.net
Removed Cookie: insightexpressai.com
Removed Cookie: media6degrees.com
Removed Cookie: tacoda.net
Removed Cookie: base.googlehosted.com
Removed Cookie: storechat.apple.com
Removed Cookie: mozilla-x86-64.com
Removed Cookie: www.mozilla-x86-64.com
Removed Cookie: dongtaiwang.com
Removed Cookie: hit.gemius.pl
Removed Cookie: stat.4u.pl
Removed Cookie: ad.adocean.pl
Removed Cookie: nuggad.net
Removed Cookie: hit.stat24.com
Removed Cookie: gde.adocean.pl
Removed Cookie: ad2.pl.mediainter.net
Removed Cookie: onet.pl
Removed Cookie: ekartki.net.pl
Removed Cookie: e-kartki.glg.pl
Removed Cookie: digitalpoint.com
Removed Cookie: vip.clickzs.com
Removed Cookie: fastecard.com
Removed Cookie: www.fastecard.com
Removed Cookie: hipstercards.com
Removed Cookie: www.buzztone.com
Removed Cookie: 123greetings.com
Removed Cookie: cards.100free-ecards.com
Removed Cookie: 100free-ecards.com
Removed Cookie: riversongs.com
Removed Cookie: r.sharethis.com
Removed Cookie: e-cards.com
Removed Cookie: www.googleadservices.com
Removed Cookie: dgreetings.com
Removed Cookie: cards.ecard4all.com
Removed Cookie: shopping.yahoo.com
Removed Cookie: cupidecards.com
Removed Cookie: unlimitedfreecards.com
Removed Cookie: myfuncards.com
Removed Cookie: imgfarm.com
Removed Cookie: azjmp.com
Removed Cookie: cards.123greetings.com
Removed Cookie: all4love.net
Removed Cookie: lovingyou.com
Removed Cookie: cz8.clickzs.com
Removed Cookie: cz3.clickzs.com
Removed Cookie: adobe.com
Removed Cookie: www.123greetings.com
Removed Cookie: shaadi.com
Removed Cookie: www.shaadi.com
Removed Cookie: wp.pl
Removed Cookie: www.wp.pl
Removed Cookie: my.adocean.pl
Removed Cookie: eyewonder.com
Removed Cookie: pcworld.com
Removed Cookie: www.pcworld.com
Removed Cookie: digg.com
Removed Cookie: hb.pcworld.com
Removed Cookie: serving-sys.com
Removed Cookie: bs.serving-sys.com
Removed Cookie: blogs.pcworld.com
Removed Cookie: admissions.psu.edu
Removed Cookie: www.yahoo.com
Removed Cookie: translate.google.com
Removed Cookie: constantcontact.com
Removed Cookie: bitdefender.com
Removed Cookie: ssl-hints.netflame.cc
Removed Cookie: main.ebayrtm.com
Removed Cookie: ebayrtm.com
Removed Cookie: fbgdc.com
Removed Cookie: buzznet.com
Removed Cookie: trashypretty.com
Removed Cookie: eas.apm.emediate.eu
Removed Cookie: realtechnetwork.net
Removed Cookie: ads.realtechnetwork.net
Removed Cookie: ylwbook.areaconnect.addresses.com
Removed Cookie: addresses.com
Removed Cookie: areaconnect.com
Removed Cookie: www.primosearch.com
Removed Cookie: ads.revsci.net
Removed Cookie: tooshocking.com
Removed Cookie: ads.tooshocking.com
Removed Cookie: www.burstbeacon.com
Removed Cookie: www.citibank.com
Removed Cookie: vendorweb.citibank.com
Removed Cookie: yelp.com
Removed Cookie: www.yelp.com
Removed Cookie: www.insiderpages.com
Removed Cookie: iacas.adbureau.net
Removed Cookie: qualisteam.com
Removed Cookie: www.citibank.ru
Removed Cookie: intelli-direct.com
Removed Cookie: adopt.euroclick.com
Removed Cookie: www.wn.com
Removed Cookie: bankofamerica.com
Removed Cookie: www.bankofamerica.com
Removed Cookie: tc.bankofamerica.com
Removed Cookie: siteresources.worldbank.org
Removed Cookie: enhance.com
Removed Cookie: local.com
Removed Cookie: www.local.com
Removed Cookie: adecn.com
Removed Cookie: pro-market.net
Removed Cookie: wwwz.websearch.verizon.net
Removed Cookie: citifinancial.pl
Removed Cookie: answers.com
Removed Cookie: www.answers.com
Removed Cookie: anad.tacoda.net
Removed Cookie: aggregateknowledge.com
Removed Cookie: a.answers.com
Removed Cookie: npdor.com
Removed Cookie: ourfreestuff.net
Removed Cookie: quia.com
Removed Cookie: secure.newegg.com
Removed Cookie: www.true.com
Removed Cookie: tracking.keywordmax.com
Removed Cookie: adshuffle.com
Removed Cookie: by.adshuffle.com
Removed Cookie: richmedia.yahoo.com
Removed Cookie: fubar.com
Removed Cookie: torrentsforall.net
Removed Cookie: www.inventionconcept.com
Removed Cookie: www.contactfly.com
Removed Cookie: stat.onestat.com
Removed Cookie: www.tomshardware.com
Removed Cookie: tomshardware.com
Removed Cookie: xiti.com
Removed Cookie: untd.com
Removed Cookie: adwords.google.com
Removed Cookie: tripadvisor.com
Removed Cookie: fury.whogivesahoot.com
Removed Cookie: www.askmen.com
Removed Cookie: askmen.com
Removed Cookie: ign.com
Removed Cookie: opt.fimserve.com
Removed Cookie: demr.opt.fimserve.com
Removed Cookie: abmr.net
Removed Cookie: wfmz.com
Removed Cookie: reference.com
Removed Cookie: wunderloop.net
Removed Cookie: dictionary.reference.com
Removed Cookie: ask.com
Removed Cookie: wwwwz.websearch.verizon.net
Removed Cookie: recaptcha.net
Removed Cookie: mapquest.com
Removed Cookie: att.com
Removed Cookie: baltimoresun.com
Removed Cookie: trb.com
Removed Cookie: topix.net
Removed Cookie: myrewardzone.bestbuy.com
Removed Cookie: myrewardzone.com
Removed Cookie: rewardzone.com
Removed Cookie: about.com
Removed Cookie: nytimes.com
Removed Cookie: sportsmedicine.about.com
Removed Cookie: exercise.about.com
Removed Cookie: walking.about.com
Removed Cookie: running.about.com
Removed Cookie: johnstonefitness.com
Removed Cookie: nehalemnews.com
Removed Cookie: beyond3d.com
Removed Cookie: www2.techreport.com
Removed Cookie: www.beyond3d.com
Removed Cookie: www.xtremesystems.org
Removed Cookie: xtremesystems.org
Removed Cookie: newsfactor.com
Removed Cookie: www.newsfactor.com
Removed Cookie: anandtech.com
Removed Cookie: dynamic2.anandtech.com
Removed Cookie: collegeboard.com
Removed Cookie: collegesearch.collegeboard.com
Removed Cookie: www3.lehigh.edu
Removed Cookie: publishers.clickbooth.com
Removed Cookie: live.com
Removed Cookie: www2.victoriassecret.com
Removed Cookie: victoriassecret.com
Removed Cookie: www25.victoriassecret.com
Removed Cookie: www.victoriassecret.com
Removed Cookie: yallwire.com
Removed Cookie: ads2.blastro.com
Removed Cookie: gigya.com
Removed Cookie: tremor.adbureau.net
Removed Cookie: ads.vlaze.com
Removed Cookie: vlaze.com
Removed Cookie: www.google.com
Removed Cookie: community.verizon.net
Removed Cookie: au2m8.com
Removed Cookie: phoenixlabs.org
Removed Cookie: forums.phoenixlabs.org
Removed Cookie: www.bleepingcomputer.com
Removed Cookie: microsoft.com
Removed Cookie: m.webtrends.com
Removed Cookie: www.microsoft.com
Removed Cookie: support.microsoft.com
Removed Cookie: systemerrorfixer.com
Removed Cookie: adnetserver.com
Removed Cookie: 82.98.235.210
Removed Cookie: adtrgt.com
Removed Cookie: designbloxlive.com
Removed Cookie: pub.lookery.com
Removed Cookie: subtracts.userplane.com
Removed Cookie: legitreviews.com
Removed Cookie: upb.pitt.edu
Removed Cookie: www.upb.pitt.edu
Removed Cookie: pitt.edu
Removed Cookie: answers.yahoo.com
Removed Cookie: eyereturn.com
Removed Cookie: weather.com
Removed Cookie: dcc.weather.com
Removed Cookie: secure.systemerrorfixer.com
Removed Cookie: wunderground.com
Removed Cookie: www35.vzw.com
Removed Cookie: vzw.com
Removed Cookie: verizonwireless.com
Removed Cookie: www.verizonwireless.com
Removed Cookie: cc-dt.com
Removed Cookie: 89.188.16.22
Removed Cookie: ads.bleepingcomputer.com
Removed Cookie: rubiconproject.com
Removed Cookie: webshots.com
Removed Cookie: gamefaqs.com
Removed Cookie: www.tigerdirect.ca
Removed Cookie: soc.our.psu.edu
Removed Cookie: trustedantivirus.com
Removed Cookie: 82.98.235.216
Removed Cookie: broadcaster.com
Removed Cookie: 2-spyware.com
Removed Cookie: aff.primaryads.com
Removed Cookie: amazingdump.com
Removed Cookie: arch.psu.edu
Removed Cookie: ebooks.com
Removed Cookie: flycell.com
Removed Cookie: fudzilla.com
Removed Cookie: geocities.com
Removed Cookie: hornymatches.com
Removed Cookie: imrworldwide.com
Removed Cookie: isohunt.com
Removed Cookie: matchmaker.com
Removed Cookie: microcenter.com
Removed Cookie: millionairematch.com
Removed Cookie: o.webmd.com
Removed Cookie: online-literature.com
Removed Cookie: pchubs.com
Removed Cookie: tweaktown.com
Removed Cookie: ultraslut.com
Removed Cookie: uniquedump.com
Removed Cookie: university.com
Removed Cookie: webmd.com
Removed Cookie: www.flycell.com
Removed Cookie: abcnews.go.com
Removed Cookie: ads.kaktuz.net
Removed Cookie: ads.nsfwmediainc.com
Removed Cookie: as.webmd.com
Removed Cookie: eshop.moc.psu.edu
Removed Cookie: forums.cnet.com
Removed Cookie: surround.verizon.net
Removed Cookie: www.2-spyware.com
Removed Cookie: www.a013.com
Removed Cookie: www.hornymatches.com
Removed Cookie: www.lickafish.com
Removed Cookie: www.matchmaker.com
Removed Cookie: www.ngohq.com
Removed Cookie: www.trendsecure.com
Removed Cookie: www.tweaktown.com
Removed Cookie: www.uglywagon.com
Removed Cookie: www.webmd.com
C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\xdsbel7r.default\downloads.rdf 206 bytes
Firefox/Mozilla Temporary Internet Cache (286 files) 50.9MB
C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\xdsbel7r.default\history.dat 3.31MB
C:\Documents and Settings\Peter\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\Search80\6b04f6aa770037d4e920855d1b9e59fe.idx 55.29KB
C:\Documents and Settings\Peter\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\Search80\8247ec92538a324934c8efb6d05b023c.idx 33.33KB
C:\Documents and Settings\Peter\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\Search80\9c05da4904059b4298caaeabc1c26c49.idx 0.42MB
C:\Documents and Settings\Peter\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\Search80\c9c134636454c74a8854ac17f41cb8fc.idx 29.79KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\12I1O6P4.LNK 1.02KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\AIMG6G0T.LNK 1.02KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\AP Economics.LNK 818 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\ARarePhoto[1].pps.LNK 1.15KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\AVWA45NE.LNK 1.02KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\BEX1T5OK.LNK 1.02KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Body House[1].pps.LNK 1.16KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\combofix instructions.doc.LNK 764 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Desktop.LNK 573 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\DX2GCUK7.LNK 1.02KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Economics Extra credit.doc.LNK 769 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\G5KZWAW3.LNK 1.02KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\goggles[1].xls.LNK 1.14KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\GUQU0CMO.LNK 1.02KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\html on www.morawiec.com.url 68 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\index.dat 1,003 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\IWG1KK33.LNK 1.02KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Julio Romero de Torres.ppt.LNK 791 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\K3J10H4T.LNK 1.02KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\KV87AX5G.LNK 1,016 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\My Documents.LNK 584 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\my stance.doc.LNK 704 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Normal.LNK 869 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\peeping(1).xls.LNK 731 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\peeping(1)[1].xls.LNK 1.17KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\podziekowanie[1].ppt.LNK 1.17KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Removal Steps.doc.LNK 724 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\res.doc.LNK 690 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Research Paper Title Page.doc.LNK 885 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\response.doc.LNK 699 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\SDG2PAAF.LNK 1.02KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\SNFSVZQU.LNK 1,016 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Text Files.LNK 685 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\The Odyssey.doc.LNK 815 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Tylko_w_Polsce_1__1_[1]..[1].pps.LNK 1.25KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\WhiteMinorityGraduatesPastFutureHighlights.xls.LNK 869 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\Works Cited Page.doc.LNK 840 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\World Literature Research Paper.doc.LNK 803 bytes
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\WZLTTUL9.LNK 1.02KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\YH5K6HCE.LNK 1.02KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\YMH5IJRR.LNK 1.02KB
C:\Documents and Settings\Peter\Application Data\Microsoft\Office\Recent\zbli%C5%BCa si%C4%99 weekend[1].pps.LNK 1.26KB
C:\Documents and Settings\Peter\Application Data\Google\Local Search History\google%2Eweb.w 108 bytes
C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\xdsbel7r.default\GoogleToolbarData\searchhistory.xml 445 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\0\71a558c0-4829234e 2.71KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\0\71a558c0-4829234e.idx 308 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\10\116d7b8a-55f020b7 6.36KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\10\116d7b8a-55f020b7.idx 307 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\10\3ab3464a-26307aa7 437 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\10\3ab3464a-26307aa7.idx 292 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\12\be0e54c-542a803a 8.11KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\12\be0e54c-542a803a.idx 6.33KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\13\570b6cd-24ed07ba 5.87KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\13\570b6cd-24ed07ba.idx 322 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\14\1c0b538e-17f1c528 9.67KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\14\1c0b538e-17f1c528.idx 312 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\14\225f3d0e-161ab162 438 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\14\225f3d0e-161ab162.idx 437 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\14\6f8ff1ce-4c79c588 0.18MB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\14\6f8ff1ce-4c79c588.idx 438 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\15\4b86590f-66b16283 5.64KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\15\4b86590f-66b16283.idx 298 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\16\3ce09bd0-6c93dd49 0.30MB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\16\3ce09bd0-6c93dd49.idx 332 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\17\49028d1-765786c3 284 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\17\49028d1-765786c3.idx 325 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\17\64404d91-67f596f3 6.15KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\17\64404d91-67f596f3.idx 338 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\18\5bbb2592-42b8c66b 0.14MB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\18\5bbb2592-42b8c66b.idx 21.62KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\2\1369442-2cb3b028 727 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\2\1369442-2cb3b028.idx 437 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\2\d111202-121bf0da 1.12KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\2\d111202-121bf0da.idx 438 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\21\1afc8615-4dc9495d 2.91MB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\21\1afc8615-4dc9495d.idx 350 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\21\4733b815-2bb613ee 827 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\21\4733b815-2bb613ee.idx 304 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\21\55a74b55-69868163 2.57KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\21\55a74b55-69868163.idx 299 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\24\60d981d8-4f292c2d 51.68KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\24\60d981d8-4f292c2d.idx 9.70KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\25\10dd3219-664be21c-2.1.12.0- 0.54MB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\25\10dd3219-664be21c-2.1.12.0-.idx 61.68KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\29\7419899d-35b4c655 1.85KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\29\7419899d-35b4c655.idx 439 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\30\3ed1d39e-53c01d69 2.63KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\30\3ed1d39e-53c01d69.idx 438 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\33\673b72e1-4ff3d4a3 42.51KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\33\673b72e1-4ff3d4a3.idx 407 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\33\7cac94e1-7e23e2a7 69.59KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\33\7cac94e1-7e23e2a7.idx 473 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\34\7c9cffe2-53a8c41a 457 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\34\7c9cffe2-53a8c41a.idx 437 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\35\176afd63-17753350 5.31KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\35\176afd63-17753350.idx 313 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\38\118c8fe6-5c3f82c7 28.45KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\38\118c8fe6-5c3f82c7.idx 338 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\39\195c9b67-375b13f5 9.88KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\39\195c9b67-375b13f5.idx 311 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\40\1dafd428-41ce7e3a 694 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\40\1dafd428-41ce7e3a.idx 437 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\40\305a34e8-17ce4188 141 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\40\305a34e8-17ce4188.idx 334 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\43\62b0f66b-62823ec7 827 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\43\62b0f66b-62823ec7.idx 318 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\44\2e6a36ec-75009a68 2.88KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\44\2e6a36ec-75009a68.idx 438 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\44\328455ac-5bba8bc3 3.75KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\44\328455ac-5bba8bc3.idx 294 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\45\40fb5aed-53477db2 50.02KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\45\40fb5aed-53477db2.idx 374 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\45\40fb5aed-664411a6 49.96KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\45\40fb5aed-664411a6.idx 374 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\45\7a20522d-64d0f1e3-0.1.4.9- 0.11MB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\45\7a20522d-64d0f1e3-0.1.4.9-.idx 13.86KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\46\43fdbbae-1c41208e 12.56KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\46\43fdbbae-1c41208e.idx 408 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\48\4138dd70-1aabf172 6.96KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\48\4138dd70-1aabf172.idx 317 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\49\54cef8f1-171c1ee0 5.87KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\49\54cef8f1-171c1ee0.idx 301 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\51\5ae67833-6807622b 1.09KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\51\5ae67833-6807622b.idx 333 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\52\12227134-56f6d9a7 527 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\52\12227134-56f6d9a7.idx 437 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\52\6d7493b4-401a2c7e 8.11KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\52\6d7493b4-401a2c7e.idx 6.30KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\54\3a2c35b6-7fbf1998 9.18KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\54\3a2c35b6-7fbf1998.idx 446 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\54\48690576-1a576bbc 383 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\54\48690576-1a576bbc.idx 303 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\56\7076a8f8-1721c7ea 578 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\56\7076a8f8-1721c7ea.idx 437 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\56\73883438-1304cafc 12.29KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\56\73883438-1304cafc.idx 761 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\58\4f5a25fa-7ff93a2f 771 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\58\4f5a25fa-7ff93a2f.idx 437 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\58\601430fa-4fc3b465 616 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\58\601430fa-4fc3b465.idx 437 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\58\6bcd4a7a-73d35977 366 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\58\6bcd4a7a-73d35977.idx 437 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-12f9c56f 302 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-12f9c56f.idx 39 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\59\47fc1bb-333e7fc5 6.46KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\59\47fc1bb-333e7fc5.idx 7.09KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\59\47fc1bb-43e6e3a8 6.69KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\59\47fc1bb-43e6e3a8.idx 7.31KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\60\5662ebfc-721fa9ee 16.36KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\60\5662ebfc-721fa9ee.idx 296 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\61\29a63e3d-13d8f2f8 0.16MB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\61\29a63e3d-13d8f2f8.idx 417 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\61\6b92603d-33dbb81d 37.17KB
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\61\6b92603d-33dbb81d.idx 349 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\63\702e73f-4f2f7420 284 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\63\702e73f-4f2f7420.idx 339 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\8\861d648-7ad80a9b 960 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\8\861d648-7ad80a9b.idx 423 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\165a9d85-2614f610.hst 11 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\1965a555-7feae76a.hst 13 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\1a1b9da2-6fd58ea6.hst 12 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\1e637e86-16044c97.hst 12 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\1ea2474-3f9a1137.hst 15 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\1fbe018b-520cdc47.hst 14 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\2ca7c6a3-1d0c2470.hst 12 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\2ffd225d-22d3f678.hst 13 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\4ae40826-7b72ba78.hst 11 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\4e2ca93a-46f0fd5f.hst 13 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\50d4ad02-1e0f36f5.hst 12 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\5cebd23f-185a3d25.hst 14 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\5e618527-60915175.hst 14 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\618c0e8f-73843ef1.hst 13 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\61cbbe28-4578294e.hst 13 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\64cb5111-281604ce.hst 15 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\679fef18-391d31c6.hst 13 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\6c0ed797-48f74a51.hst 15 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\6d4c0728-46203662.hst 11 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\7029723-1cbbbec3.hst 12 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\752fd2b7-618b3e3f.hst 12 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\76075bb2-7b3fd2cc.hst 14 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\7623ccf7-695ba883.hst 13 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\host\df6f15f-3ada3633.hst 13 bytes
C:\Documents and Settings\Peter\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed 1 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\2mdn.net\1295985\203149_1195672877_Adroit_728x90_ImpOfMktg_120.swf\Adroit_id.sol 94 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\a.abcnews.com\s_br.sol 595 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\adaptv.vo.llnwd.net\o15\client\AdPlayer8_002992.swf\adap.tv.sol 52 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\adaptv.vo.llnwd.net\o15\client\AdPlayer8_003386.swf\adap.tv.sol 53 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\adaptv.vo.llnwd.net\o15\client\AdPlayer8_006086.swf\adap.tv.sol 52 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\adcontent.videoegg.com\eap\3715\core\AdManager.swf\vepui.sol 68 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\adcontent.videoegg.com\vepui.sol 68 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\adtraff.com\forcejoe.sol 49 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\akimages.metacafe.com\MetacafeFlashVideoPlayer.sol 64 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\akimages.metacafe.com\MetacafePPR.sol 54 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\bestbuy.shoplocal.com\global526846.sol 370 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\bin.clearspring.com\clearspring.sol 815 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\cdn.widgetserver.com\com.quantserve.sol 74 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\chat.dateamillionaire.com\chat.swf\FlashChat.sol 55 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\cimages.broadcaster.com\auto_play.sol 1.02KB
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\cimages.broadcaster.com\player_settings.sol 79 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\cosmos.bcst.yahoo.com\COSMOSPrefs.sol 76 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\crackle.com\crackleSettings.sol 62 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\dhd.discovery.com\fpVersion.sol 44 bytes
C:\Documents and Settings\Peter\Application Data\Macromedia\Flash Player\#SharedObjects\6Y5MMP3K\embed.redtube.com\player\xmoo

#12 etep513

etep513

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 07 May 2008 - 07:34 PM

Here is the hijack this log:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:19 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en[1].exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Flircik] C:\Program Files\Onet\Flircik\Flircik.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189374326623
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.f...bal/msc3121.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcj_device - - C:\WINDOWS\System32\lxcjcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9406 bytes

#13 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 08 May 2008 - 03:08 AM

Hi again,

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Now navigate to

C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\3OYY4EJ8\setup_sbd_en[1].exe


and manually delete this file:

setup_sbd_en[1].exe

Reboot.

Reconfigure Windows XP to hide hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading deselect "Show hidden files and folders".
Check the "Hide protected operating system files (recommended)" option.
Check the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Please now post a new HiJackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#14 etep513

etep513

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 08 May 2008 - 06:07 PM

I can't find the folder that comes after IE5. I used the run utility but its saying that it does not exist.

#15 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 09 May 2008 - 04:03 AM

Hi again,

In which case I would say you look clean, how is the PC running now?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#16 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,820 posts

Posted 16 May 2008 - 03:01 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button