Jump to content


Photo

win32.tdss.rtk - removed, hopefully


  • This topic is locked This topic is locked
17 replies to this topic

#1 mrcolobus

mrcolobus

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 17 March 2009 - 10:39 AM

Hello

Yesterday Spybot detected and removed the win32.tdss.rtk trojan.
I read a bit about it here and on a few other forums and wanted to make sure that it was all sorted.

Any help you can offer will be much appreciated, thanks in advance.

Here's the requested logs


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:46, on 17/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Beans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Folding@home\Folding@home-x86\Folding@home.exe
C:\Program Files\Snackr\Snackr.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ParNRar\ParNRar.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Beans\Application Data\Folding@home-x86\FahCore_78.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Beans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Snackr.lnk = C:\Program Files\Snackr\Snackr.exe
O4 - Global Startup: Folding@home.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: En&queue current page with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link tar&get with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with BI&D - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Open current page with BID Link E&xplorer - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager...unttracking.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c999cef615093a) (gupdate1c999cef615093a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 12570 bytes




Malwarebytes' Anti-Malware 1.34
Database version: 1857
Windows 5.1.2600 Service Pack 3

17/03/2009 12:47:29
mbam-log-2009-03-17 (12-47-29).txt

Scan type: Quick Scan
Objects scanned: 71712
Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.


;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2009-03-17 16:22:01
PROTECTIONS: 1
MALWARE: 24
SUSPECTS: 3
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
ESET NOD32 Antivirus 3.0 3.0 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\beans\favorites\health
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@atdmt[2].txt
00144497 Cookie/Intelli-tracker TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@www.intelli-tracker[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@247realmedia[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@mediaplex[1].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@anm.co[2].txt
00148840 Cookie/Pollstar TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@pollstar[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@bs.serving-sys[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@advertising[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@questionmarket[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@atwola[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@smartadserver[1].txt
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Sausages\Cookies\sausages@adserver.easyad[1].txt
03453755 Generic Trojan Virus/Trojan No 0 Yes No F:\Software\CS3 Mac\Keygen.EXE
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location

;===============================================================================
=================================================================================
===================
No C:\Program Files\Autorun Eater\billy.exe



;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description

;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 19 March 2009 - 11:20 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 26 March 2009 - 01:54 PM

Hi,

Please update MBAM, perform a Quick Scan, and post the resultant log.

Next we'll use ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingc...to-use-combofix
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.


-screen317

Please consider donating to help support the continued prompt and excellent services of this site.


#4 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 04 April 2009 - 02:28 PM

Are you with us mrcolobus?

Please consider donating to help support the continued prompt and excellent services of this site.


#5 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 12 April 2009 - 10:08 PM

Due to the lack of feedback this Topic is closed.

[Reopened]

Everyone else please begin a New Topic.

Please consider donating to help support the continued prompt and excellent services of this site.


#6 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 May 2009 - 09:39 AM

Reopened at request of topic owner.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#7 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 18 May 2009 - 11:05 AM

mrcolobus,

I'm listening.

Please consider donating to help support the continued prompt and excellent services of this site.


#8 mrcolobus

mrcolobus

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 18 May 2009 - 01:16 PM

mrcolobus,

I'm listening.


Hello, thanks for re-opening this thread. I assume I just need to carry out the last given instructions? Running the scan now.

Edited by mrcolobus, 18 May 2009 - 01:30 PM.


#9 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 18 May 2009 - 02:36 PM

Please do.

Please consider donating to help support the continued prompt and excellent services of this site.


#10 mrcolobus

mrcolobus

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 18 May 2009 - 03:18 PM

All logs as requested


Malwarebytes' Anti-Malware 1.36
Database version: 2148
Windows 5.1.2600 Service Pack 3

18/05/2009 21:40:44
mbam-log-2009-05-18 (21-40-44).txt

Scan type: Full Scan (C:\|E:\|F:\|)
Objects scanned: 251164
Time elapsed: 55 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




ComboFix 09-05-18.02 - Beans 18/05/2009 21:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3263.2284 [GMT 1:00]
Running from: c:\documents and settings\Beans\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc127.JPG
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc128.JPG
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc131.jpg
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc132.jpg
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc133.lnk
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc134.lnk
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc135.lnk
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc17\170x128\MOV00508.MP4_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc17\170x128\MOV00535.3gp_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc17\170x128\MOV00647.MP4_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc17\170x128\MOV00665.3gp_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc17\320x320\MOV00508.MP4_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc17\320x320\MOV00535.3gp_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc17\320x320\MOV00647.MP4_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc17\320x320\MOV00665.3gp_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc17\56x42\MOV00508.MP4_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc17\56x42\MOV00535.3gp_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc17\56x42\MOV00647.MP4_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc17\56x42\MOV00665.3gp_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc18\200803A0\_PAlbTN\170x128\24032008001.mp4_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc18\200803A0\_PAlbTN\320x320\24032008001.mp4_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc18\200803A0\_PAlbTN\56x42\24032008001.mp4_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc2\instmsia.exe
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc2\instmsiw.exe
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc2\java\jre-6u7-windows-i586-p.exe
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc2\licenses\license_en-US.html
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc2\licenses\license_en-US.txt
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc2\OpenOffice.org 3.0.lnk
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc2\openofficeorg1.cab
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc2\openofficeorg30.msi
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc2\readmes\readme_en-US.html
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc2\readmes\readme_en-US.txt
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc2\setup.exe
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc2\setup.ini
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc20\200710A0\_PAlbTN\170x128\18102007005.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc20\200710A0\_PAlbTN\320x320\18102007005.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc20\200710A0\_PAlbTN\56x42\18102007005.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc20\200710A0\18102007005.jpg
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc21.jpg
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc22.jpg
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\170x128\16112007011.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\170x128\16112007012.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\170x128\16112007015.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\170x128\16112007016.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\170x128\17112007018.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\170x128\17112007020.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\320x320\16112007011.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\320x320\16112007012.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\320x320\16112007015.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\320x320\16112007016.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\320x320\17112007018.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\320x320\17112007020.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\56x42\16112007011.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\56x42\16112007012.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\56x42\16112007015.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\56x42\16112007016.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\56x42\17112007018.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc23\200711A0\_PAlbTN\56x42\17112007020.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc24\200712A0\_PAlbTN\170x128\01122007030.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc24\200712A0\_PAlbTN\170x128\04122007035.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc24\200712A0\_PAlbTN\170x128\30122007040.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc24\200712A0\_PAlbTN\320x320\01122007030.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc24\200712A0\_PAlbTN\320x320\04122007035.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc24\200712A0\_PAlbTN\320x320\30122007040.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc24\200712A0\_PAlbTN\56x42\01122007030.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc24\200712A0\_PAlbTN\56x42\04122007035.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc24\200712A0\_PAlbTN\56x42\30122007040.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc24\200712A0\04122007035.jpg
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc25\_PAlbTN\170x128\01012008041.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc25\_PAlbTN\170x128\17012008044.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc25\_PAlbTN\170x128\27012008047.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc25\_PAlbTN\320x320\01012008041.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc25\_PAlbTN\320x320\17012008044.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc25\_PAlbTN\320x320\27012008047.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc25\_PAlbTN\56x42\01012008041.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc25\_PAlbTN\56x42\17012008044.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc25\_PAlbTN\56x42\27012008047.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc25\R\_PAlbTN\170x128\01012008042.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc25\R\_PAlbTN\320x320\01012008042.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc25\R\_PAlbTN\56x42\01012008042.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc27.jpg
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\170x128\08022008048.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\170x128\14022008054.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\170x128\23022008061.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\170x128\23022008063.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\170x128\23022008065.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\170x128\23022008066.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\170x128\23022008067.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\320x320\08022008048.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\320x320\14022008054.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\320x320\23022008061.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\320x320\23022008063.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\320x320\23022008065.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\320x320\23022008066.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\320x320\23022008067.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\56x42\08022008048.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\56x42\14022008054.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\56x42\23022008061.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\56x42\23022008063.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\56x42\23022008065.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\56x42\23022008066.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\_PAlbTN\56x42\23022008067.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc28\200802A0\Thumbs.db
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc29.xls
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc3.exe
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc30.ods
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc31.jpg
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\170x128\17032008076.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\170x128\17032008078.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\170x128\24032008082.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\170x128\24032008087.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\170x128\24032008088.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\170x128\26032008090.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\170x128\26032008091.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\170x128\26032008093.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\320x320\17032008076.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\320x320\17032008078.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\320x320\24032008082.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\320x320\24032008087.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\320x320\24032008088.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\320x320\26032008090.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\320x320\26032008091.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\320x320\26032008093.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\56x42\17032008076.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\56x42\17032008078.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\56x42\24032008082.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\56x42\24032008087.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\56x42\24032008088.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\56x42\26032008090.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\56x42\26032008091.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\_PAlbTN\56x42\26032008093.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc32\200803A0\Thumbs.db
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc33\200804A0\_PAlbTN\170x128\01042008095.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc33\200804A0\_PAlbTN\170x128\02042008096.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc33\200804A0\_PAlbTN\170x128\20042008099.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc33\200804A0\_PAlbTN\320x320\01042008095.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc33\200804A0\_PAlbTN\320x320\02042008096.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc33\200804A0\_PAlbTN\320x320\20042008099.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc33\200804A0\_PAlbTN\56x42\01042008095.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc33\200804A0\_PAlbTN\56x42\02042008096.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc33\200804A0\_PAlbTN\56x42\20042008099.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc33\200804A0\Thumbs.db
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc34\200805A0\_PAlbTN\170x128\21052008101.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc34\200805A0\_PAlbTN\320x320\21052008101.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc34\200805A0\_PAlbTN\56x42\21052008101.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc34\200805A0\Thumbs.db
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc35\200806A0\_PAlbTN\170x128\11062008105.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc35\200806A0\_PAlbTN\170x128\14062008108.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc35\200806A0\_PAlbTN\170x128\25062008113.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc35\200806A0\_PAlbTN\170x128\29062008114.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc35\200806A0\_PAlbTN\320x320\11062008105.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc35\200806A0\_PAlbTN\320x320\14062008108.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc35\200806A0\_PAlbTN\320x320\25062008113.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc35\200806A0\_PAlbTN\320x320\29062008114.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc35\200806A0\_PAlbTN\56x42\11062008105.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc35\200806A0\_PAlbTN\56x42\14062008108.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc35\200806A0\_PAlbTN\56x42\25062008113.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc35\200806A0\_PAlbTN\56x42\29062008114.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc35\200806A0\Thumbs.db
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc36.jpg
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc37\_PAlbTN\170x128\15072008121.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc37\_PAlbTN\320x320\15072008121.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc37\_PAlbTN\56x42\15072008121.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc37\Thumbs.db
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\170x128\20072008122.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\170x128\25072008123.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\170x128\25072008124.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\170x128\25072008125.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\170x128\25072008126.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\170x128\27072008128.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\320x320\20072008122.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\320x320\25072008123.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\320x320\25072008124.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\320x320\25072008125.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\320x320\25072008126.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\320x320\27072008128.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\56x42\20072008122.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\56x42\25072008123.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\56x42\25072008124.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\56x42\25072008125.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\56x42\25072008126.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\_PAlbTN\56x42\27072008128.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc38\200807A0\Thumbs.db
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc39\200808A0\_PAlbTN\170x128\27082008137.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc39\200808A0\_PAlbTN\320x320\27082008137.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc39\200808A0\_PAlbTN\56x42\27082008137.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc41\200810A0\_PAlbTN\170x128\18102008146.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc41\200810A0\_PAlbTN\320x320\18102008146.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc41\200810A0\_PAlbTN\56x42\18102008146.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc42\200811A0\_PAlbTN\170x128\24112008161.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc42\200811A0\_PAlbTN\320x320\24112008161.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc42\200811A0\_PAlbTN\56x42\24112008161.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc43.jpg
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc44\200812A0\_PAlbTN\170x128\08122008167.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc44\200812A0\_PAlbTN\170x128\19122008170.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc44\200812A0\_PAlbTN\170x128\20122008171.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc44\200812A0\_PAlbTN\170x128\24122008173.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc44\200812A0\_PAlbTN\170x128\25122008175.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc44\200812A0\_PAlbTN\320x320\08122008167.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc44\200812A0\_PAlbTN\320x320\19122008170.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc44\200812A0\_PAlbTN\320x320\20122008171.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc44\200812A0\_PAlbTN\320x320\24122008173.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc44\200812A0\_PAlbTN\320x320\25122008175.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc44\200812A0\_PAlbTN\56x42\08122008167.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc44\200812A0\_PAlbTN\56x42\19122008170.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc44\200812A0\_PAlbTN\56x42\20122008171.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc44\200812A0\_PAlbTN\56x42\24122008173.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc44\200812A0\_PAlbTN\56x42\25122008175.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc44\200812A0\Thumbs.db
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc45\200901A0\_PAlbTN\170x128\20012009179.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc45\200901A0\_PAlbTN\170x128\28012009182.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc45\200901A0\_PAlbTN\320x320\20012009179.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc45\200901A0\_PAlbTN\320x320\28012009182.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc45\200901A0\_PAlbTN\56x42\20012009179.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc45\200901A0\_PAlbTN\56x42\28012009182.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc46.jpg
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\170x128\09022009184.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\170x128\10022009186.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\170x128\16022009187.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\170x128\20022009190.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\170x128\21022009192.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\170x128\22022009193.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\320x320\09022009184.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\320x320\10022009186.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\320x320\16022009187.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\320x320\20022009190.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\320x320\21022009192.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\320x320\22022009193.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\56x42\09022009184.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\56x42\10022009186.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\56x42\16022009187.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\56x42\20022009190.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\56x42\21022009192.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\_PAlbTN\56x42\22022009193.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc47\200902A0\Thumbs.db
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc49.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc50.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc51.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc52.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc53.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc54.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc55.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc56.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc57.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc58.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc59.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc6.lnk
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc60.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc61.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc62.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc63.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc64.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc65.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc66.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc67.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc68.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc69.gif
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC_0001.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00020.JPG_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00041.JPG_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00047.JPG_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00053.JPG_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00057.JPG_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00073.JPG_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00074.JPG_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00079.JPG_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00089.JPG_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00093.JPG_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00095.JPG_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00452.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00464.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00470.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00471.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00479.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00512.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00513.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00519.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00523.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00526.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00545.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00650.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00656.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00663.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00669.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00674.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00675.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\170x128\DSC00686.jpg_170x128
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC_0001.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00020.JPG_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00041.JPG_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00047.JPG_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00053.JPG_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00057.JPG_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00073.JPG_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00074.JPG_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00079.JPG_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00089.JPG_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00093.JPG_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00095.JPG_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00452.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00464.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00470.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00471.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00479.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00512.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00513.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00519.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00523.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00526.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00545.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00650.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00656.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00663.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00669.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00674.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00675.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\320x320\DSC00686.jpg_320x320
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC_0001.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00020.JPG_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00041.JPG_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00047.JPG_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00053.JPG_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00057.JPG_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00073.JPG_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00074.JPG_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00079.JPG_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00089.JPG_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00093.JPG_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00095.JPG_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00452.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00464.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00470.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00471.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00479.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00512.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00513.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00519.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00523.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00526.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00545.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00650.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00656.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00663.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00669.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00674.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00675.jpg_56x42
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc7\56x42\DSC00686.jpg_56x42

c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc91\Thumbs.db
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc92.xls
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc93.JPG
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc94.JPG
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc95.JPG
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc96.JPG
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc97.JPG
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc98.JPG
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\Dc99.JPG
c:\recycler\S-1-5-21-1606980848-583907252-1417001333-1005\INFO2
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

.
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-18 11:53 . 2007-03-06 12:24 55296 ----a-w c:\windows\system32\drivers\rp_skt32.sys
2009-05-18 11:53 . 2007-04-19 10:36 48384 ----a-w c:\windows\system32\drivers\rp_pkt32.sys
2009-05-18 11:53 . 2009-05-18 11:53 -------- d-----w c:\program files\Common Files\Authentium
2009-05-18 11:52 . 2009-05-18 11:52 -------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2009-05-18 11:52 . 2009-05-18 11:52 -------- d-----w c:\program files\Raxco
2009-05-18 11:52 . 2009-05-18 11:52 -------- d-----w c:\program files\CA
2009-05-18 11:52 . 2009-05-18 19:28 -------- d-----w c:\program files\Common Files\Scanner
2009-05-18 10:45 . 2009-05-18 10:45 -------- d-----w c:\documents and settings\All Users\Application Data\VirginMedia
2009-05-18 10:45 . 2009-05-18 10:46 -------- d-----w c:\documents and settings\Beans\Local Settings\Application Data\VirginMedia
2009-05-18 10:45 . 2009-05-18 10:45 -------- d-----w c:\program files\VirginMedia
2009-05-18 10:42 . 2009-05-18 19:36 -------- d-----w c:\documents and settings\Beans\Application Data\Virgin Broadband
2009-05-18 10:42 . 2009-05-18 11:51 -------- d-----w c:\documents and settings\All Users\Application Data\Virgin Broadband
2009-05-18 10:42 . 2009-05-18 11:51 -------- d-----w c:\program files\Virgin Broadband
2009-05-18 10:36 . 2009-05-18 10:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-18 10:36 . 2009-05-18 10:37 -------- d-----w c:\program files\Norton Security Scan
2009-05-15 20:08 . 2009-05-15 20:08 -------- d-----w c:\documents and settings\NetworkService\Application Data\DivX
2009-05-11 17:53 . 2007-12-14 03:31 57408 ----a-w c:\windows\system32\drivers\wsimd.sys
2009-05-10 16:47 . 2009-05-10 16:47 -------- d-----w c:\documents and settings\Beans\Application Data\vlc
2009-05-10 14:58 . 2009-05-10 14:58 -------- d-----w c:\program files\Atheros
2009-05-10 14:46 . 2002-12-24 12:52 54016 ----a-w c:\windows\system32\drivers\ousb2hub.sys
2009-05-10 14:46 . 2002-12-24 12:52 39040 ----a-w c:\windows\system32\drivers\ousbehci.sys
2009-05-10 14:46 . 2009-05-10 14:46 -------- d-----w c:\windows\Drivers
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w c:\windows\system32\GPhotos.scr
2009-04-23 13:10 . 2009-04-23 13:10 -------- d--h--r c:\documents and settings\All Users\Application Data\Atheros
2009-04-23 12:58 . 2009-04-23 12:58 -------- d-----w c:\documents and settings\All Users\Application Data\NETGEAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 19:36 . 2008-12-03 22:16 -------- d-----w c:\program files\FlashGet
2009-05-18 19:18 . 2009-03-17 12:38 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-18 11:49 . 2008-11-15 17:40 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-14 21:11 . 2008-11-21 12:59 -------- d-----w c:\program files\mkv2vob
2009-05-14 18:50 . 2008-11-20 22:11 -------- d-----w c:\program files\Google
2009-05-14 11:08 . 2008-11-21 12:30 -------- d-----w c:\program files\NewsLeecher
2009-04-23 13:08 . 2008-11-20 20:34 -------- d-----w c:\program files\Netgear
2009-04-22 19:04 . 2009-02-16 21:37 -------- d-----w c:\program files\Bulk Image Downloader
2009-04-16 10:34 . 2009-04-16 10:33 -------- d-----w c:\program files\iTunes
2009-04-16 10:33 . 2009-04-16 10:33 -------- d-----w c:\program files\iPod
2009-04-16 10:33 . 2008-12-01 09:47 -------- d-----w c:\program files\Common Files\Apple
2009-04-16 10:32 . 2009-04-16 10:31 -------- d-----w c:\program files\QuickTime
2009-04-16 10:28 . 2009-04-16 10:28 -------- d-----w c:\program files\Safari
2009-04-16 10:27 . 2008-11-23 18:51 -------- d-----w c:\program files\Bonjour
2009-04-15 21:00 . 2009-04-07 18:08 -------- d-----w c:\program files\Xperia Video Encoder
2009-04-07 18:57 . 2009-02-20 20:51 -------- d-----w c:\program files\Autorun Eater
2009-04-07 17:45 . 2009-02-16 18:43 -------- d-----w c:\program files\TCP Optimizer
2009-04-06 14:32 . 2009-03-17 12:38 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2009-03-17 12:38 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 20:01 . 2009-04-05 19:02 -------- d-----w c:\program files\Veoh Networks
2009-04-01 10:09 . 2008-11-17 12:10 -------- d-----w c:\program files\Java
2009-03-26 14:23 . 2009-04-16 10:30 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-26 14:23 . 2008-12-01 09:48 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-23 12:10 . 2008-12-06 10:30 39184 ----a-w c:\documents and settings\Sausages\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-22 20:34 . 2009-03-22 20:34 -------- d-----w c:\program files\Samsung
2009-03-22 20:32 . 2008-11-23 19:01 39184 ----a-w c:\documents and settings\Beans\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-22 11:42 . 2009-03-22 11:42 -------- d-----w c:\program files\JRE
2009-03-22 11:42 . 2009-03-22 11:42 -------- d-----w c:\program files\OpenOffice.org 3
2009-03-22 11:41 . 2008-11-17 12:11 -------- d-----w c:\program files\OpenOffice.org 2.4
2009-03-20 11:15 . 2008-11-21 21:29 -------- d-----w c:\program files\Common Files\Adobe
2009-03-19 15:32 . 2008-12-01 09:49 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 04:19 . 2008-12-28 18:59 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2008-04-14 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 18:19 . 2009-02-28 18:19 36320 ---ha-w c:\windows\system32\mlfcache.dat
2009-02-25 18:53 . 2009-02-25 18:53 128 ----a-w c:\documents and settings\Beans\Local Settings\Application Data\fusioncache.dat
2009-02-20 20:41 . 2009-02-20 20:39 1469952 ----a-w c:\documents and settings\Beans\Application Data\tsdnwin.dll
2009-02-20 18:09 . 2008-04-14 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-18 19:09 . 2009-01-28 21:30 262144 ----a-w c:\documents and settings\Beans\Local Settings\Application Data\physmeminsti.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Beans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-06 133104]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Google Media Scanner"="c:\program files\Google\Google Media Server\GoogleMediaScanner.exe" [2009-05-14 319488]
"V Stuff Backup"="c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" [2009-03-26 7996808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-25 185872]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-03-08 337216]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-14 30192]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-01-29 2303216]
"PCguard"="c:\program files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 310000]
"-FreedomNeedsReboot"="c:\program files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-11-22 16858112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Sausages\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\Beans\Start Menu\Programs\Startup\
Snackr.lnk - c:\program files\Snackr\Snackr.exe [2009-2-4 95232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Folding@home.lnk - c:\documents and settings\Beans\Application Data\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe [2009-2-15 98477]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\Netgear\WN111v2\WN111V2.exe [2008-10-6 1482831]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Netgear\\Netgear Wireless Game Adapter\\Setup Wizard.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Media Server\\GoogleMediaServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55203:TCP"= 55203:TCP:Google Media
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 HFXP2;HFXP2;c:\windows\system32\drivers\hfxp2.sys [12/10/2004 14:24 11392]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [17/03/2009 13:51 28544]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 15:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18/08/2008 14:27 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 15:23 727720]
R2 Google MediaServer;Google MediaServer;c:\program files\Google\Google Media Server\GoogleMediaServer.exe [14/05/2009 19:50 622080]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [07/03/2009 21:22 2749736]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24/07/2003 12:10 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [01/10/2008 16:45 57440]
R3 wacmoumonitor;Wacom Mode Helper;c:\window

Edited by mrcolobus, 18 May 2009 - 03:41 PM.


#11 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 23 May 2009 - 10:45 PM

mrcolobus,

My apologies for the delay; I didn't receive a notification that you replied..


Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


After that, download my Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Restart your computer, and let me know what issues remain.

-screen317

Please consider donating to help support the continued prompt and excellent services of this site.


#12 mrcolobus

mrcolobus

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 25 May 2009 - 11:56 AM

As requested

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, May 24, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, May 24, 2009 16:28:49
Records in database: 2234316
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 152421
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:16:18

No malware has been detected. The scan area is clean.

The selected area was scanned.





Results of screen317's Security Check version 0.98.3
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
ESETNOD32Antivirus
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

WinPatrol 2009
Spybot - Search & Destroy
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java™ 6 Update 13
Java™ 6 Update 4
Java™ 6 Update 7
Out of date Java installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

WinPatrol winpatrol.exe
Spybot SDHelper is disabled!
ESET ESET NOD32 Antivirus ekrn.exe
ESET ESET NOD32 Antivirus egui.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 14 seconds.
`````````End of Log```````````

#13 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 25 May 2009 - 03:50 PM

Hi mrcolobus,


Navigate to Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u

This uninstalls all of ComboFix's components.

Also delete SecurityCheck.exe


After that, please download JavaRa and unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.


Restart your computer, post a fresh HijackThis log, and let me know what issues remain.

-screen317

Please consider donating to help support the continued prompt and excellent services of this site.


#14 mrcolobus

mrcolobus

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 27 May 2009 - 01:26 PM

Log as requested

JavaRa 1.14 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed May 27 20:24:42 2009

Found and removed: C:\Program Files\Java\jre1.6.0_04

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Classes\JavaPlugin.160_04

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_04

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160040}

Found and removed: Software\Classes\JavaPlugin.160_04

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_04

Found and removed: Software\JavaSoft\Java2D\1.6.0_04

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_04\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_04\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_04.b12\

------------------------------------

Finished reporting.

#15 mrcolobus

mrcolobus

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 27 May 2009 - 01:26 PM

As far as I can tell there are no obvious problems, I actually had two of my card's details stolen the other day, but I don't think it was from the computer.
Thanks for looking at all this, you guys do a great service - definately worth a donation.


HijackThis log as requested

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:26, on 27/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Beans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Google Media Server\GoogleMediaScanner.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Folding@home\Folding@home-x86\Folding@home.exe
C:\Program Files\Netgear\WN111v2\WN111V2.exe
C:\Program Files\Snackr\Snackr.exe
C:\Documents and Settings\Beans\Application Data\Folding@home-x86\FahCore_7c.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Beans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Media Scanner] "C:\Program Files\Google\Google Media Server\GoogleMediaScanner.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Snackr.lnk = C:\Program Files\Snackr\Snackr.exe
O4 - Global Startup: Folding@home.lnk = ?
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\Netgear\WN111v2\WN111V2.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: En&queue current page with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link tar&get with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with BI&D - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Open current page with BID Link E&xplorer - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager...unttracking.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c999cef615093a) (gupdate1c999cef615093a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDDlife HDD Access service - Unknown owner - C:\Program Files\Common Files\BinarySense\hldasvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 13986 bytes

Edited by mrcolobus, 27 May 2009 - 03:37 PM.


#16 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 30 May 2009 - 02:51 PM

Hi mrcolobus,

As far as I can tell there are no obvious problems, I actually had two of my card's details stolen the other day, but I don't think it was from the computer.

Make sure you contact those financial institutions so they're aware of the situation, if you haven't already.

Thanks for looking at all this, you guys do a great service - definately worth a donation.

You're very welcome, and your donation is very much appreciated.. :D


On that note, please delete JavaRa.

Good work. Your log appears to be clean!

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) It is vital that you have a firewall. The one that comes with Windows XP is not sufficient in that it only checks incoming data. I recommend selecting one of the following free firewalls. Be sure to only install one.

Kerio
Comodo
Outpost

2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

6) Be sure to update your Antivirus and Antispyware programs often!


Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?




Safe surfing,

-screen317

Please consider donating to help support the continued prompt and excellent services of this site.


#17 mrcolobus

mrcolobus

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 07 June 2009 - 07:12 AM

Thanks for your help, have carried out your recommendations.

Cheers! :thumbup:

#18 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 07 June 2009 - 12:46 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Please consider donating to help support the continued prompt and excellent services of this site.





Member of UNITE
Support SpywareInfo Forum - click the button