1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

After cleaning still getting CID popups

Discussion in 'Virus & Other Malware Removal' started by dkwoodward, Jul 11, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. dkwoodward

    dkwoodward Thread Starter

    Joined:
    Jul 11, 2008
    Messages:
    5
    I have run Malwarebytes' Anti-Malware, and it cleaned up ALOT of issues, but I still keep getting CID Pop-ups on my computer, attached are DSS Main.txt and Extra.txt files, and the HiJackThis Log (pasting the log to this post makes the post too large.)

    Please Help.
     
  2. dkwoodward

    dkwoodward Thread Starter

    Joined:
    Jul 11, 2008
    Messages:
    5
    NoLop.log attached, here is the DSS File:

    Deckard's System Scanner v20071014.68
    Run by Kirsten on 2008-07-11 10:16:48
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Percentage of Memory in Use: 87% (more than 75%).
    Total Physical Memory: 384 MiB (512 MiB recommended).
    System Drive C: has 2.06 GiB (less than 15%) free.


    -- HijackThis (run as Kirsten.exe) ---------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:17:19 AM, on 7/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    C:\WINDOWS\system32\Event Agent\bin\services .exe
    C:\WINDOWS\system32\Event Agent\lsass .exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\WINDOWS\system32\Event Agent\bin\smss .exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Documents and Settings\Kirsten\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Kirsten.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O1 - Hosts: 1.1.1.1 f-secure.com
    O1 - Hosts: 1.1.1.1 www.f-secure.com
    O1 - Hosts: 1.1.1.1 ftp.f-secure.com
    O1 - Hosts: 1.1.1.1 ftp.sophos.com
    O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
    O1 - Hosts: 1.1.1.1 customer.symantec.com
    O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
    O1 - Hosts: 1.1.1.1 download.mcafee.com
    O1 - Hosts: 1.1.1.1 rads.mcafee.com
    O1 - Hosts: 1.1.1.1 mast.mcafee.com
    O1 - Hosts: 1.1.1.1 my-etrust.com
    O1 - Hosts: 1.1.1.1 www.my-etrust.com
    O1 - Hosts: 1.1.1.1 nai.com
    O1 - Hosts: 1.1.1.1 www.nai.com
    O1 - Hosts: 1.1.1.1 networkassociates.com
    O1 - Hosts: 1.1.1.1 secure.nai.com
    O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
    O1 - Hosts: 1.1.1.1 service1.symantec.com
    O1 - Hosts: 1.1.1.1 sophos.com
    O1 - Hosts: 1.1.1.1 www.sophos.com
    O1 - Hosts: 1.1.1.1 support.microsoft.com
    O1 - Hosts: 1.1.1.1 symantec.com
    O1 - Hosts: 1.1.1.1 www.symantec.com
    O1 - Hosts: 1.1.1.1 update.symantec.com
    O1 - Hosts: 1.1.1.1 updates.symantec.com
    O1 - Hosts: 1.1.1.1 us.mcafee.com
    O1 - Hosts: 1.1.1.1 vil.nai.com
    O1 - Hosts: 1.1.1.1 viruslist.com
    O1 - Hosts: 1.1.1.1 www.viruslist.com
    O1 - Hosts: 1.1.1.1 grisoft.com
    O1 - Hosts: 1.1.1.1 www.grisoft.com
    O1 - Hosts: 1.1.1.1 free.grisoft.com
    O1 - Hosts: 1.1.1.1 trendmicro.com
    O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
    O1 - Hosts: 1.1.1.1 www.trendmicro.com
    O1 - Hosts: 1.1.1.1 pandasoftware.com
    O1 - Hosts: 1.1.1.1 www.pandasoftware.com
    O1 - Hosts: 1.1.1.1 usa.kaspersky.com
    O1 - Hosts: 1.1.1.1 ewido.net
    O1 - Hosts: 1.1.1.1 www.ewido.net
    O1 - Hosts: 1.1.1.1 zonelabs.com
    O1 - Hosts: 1.1.1.1 www.zonelabs.com
    O1 - Hosts: 1.1.1.1 bitdefender.com
    O1 - Hosts: 1.1.1.1 www.bitdefender.com
    O1 - Hosts: 1.1.1.1 download.bitdefender.com
    O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
    O1 - Hosts: 1.1.1.1 spywareinfo.com
    O1 - Hosts: 1.1.1.1 www.spywareinfo.com
    O1 - Hosts: 1.1.1.1 merijn.org
    O1 - Hosts: 1.1.1.1 www.merijn.org
    O1 - Hosts: 1.1.1.1 sysinternals.com
    O1 - Hosts: 1.1.1.1 www.sysinternals.com
    O1 - Hosts: 1.1.1.1 onguardonline.gov
    O1 - Hosts: 1.1.1.1 www.onguardonline.gov
    O1 - Hosts: 1.1.1.1 avast.com
    O1 - Hosts: 1.1.1.1 www.avast.com
    O1 - Hosts: 1.1.1.1 safety.live.com
    O1 - Hosts: 1.1.1.1 www.paretologic.com
    O1 - Hosts: 1.1.1.1 paretologic.com
    O1 - Hosts: 1.1.1.1 virusscan.jotti.org
    O1 - Hosts: 1.1.1.1 services.google.com
    O1 - Hosts: 1.1.1.1 www.webroot.com
    O1 - Hosts: 1.1.1.1 webroot.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {10CD41A2-B34D-4912-9448-82E7E8E44866} - C:\WINDOWS\system32\pmnlifeC.dll (file missing)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {CFE17632-2A22-4271-B134-A9D9E2C3EAF5} - C:\WINDOWS\system32\nnnmjgDT.dll (file missing)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
    O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    O4 - HKLM\..\Run: [Msn Chat Monitor(IM Sniffer) v2.8.1120] C:\Program Files\MSN Chat Monitor\MsnChatMonitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [CCLite] C:\WINDOWS\system32\Event Agent\ea.exe
    O4 - HKLM\..\Run: [Event Agent] C:\WINDOWS\system32\Event Agent\bin\smss .exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Up Balm Ball Bone] C:\Documents and Settings\All Users\Application Data\Tons Chin Up Balm\INTRA 64.exe
    O4 - HKLM\..\Run: [A_MsnMonitor] "C:\Program Files\AwinSoft\MyMSN\MsnMonitor.exe"
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [flapexit] C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1\ONCE TRANS.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: lsass.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kirsten\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126742012314
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://sympatico.gamesmania.com/ExentCtl.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://sympatico.zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mmms.ca
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mmms.ca
    O20 - Winlogon Notify: nnnmjgDT - nnnmjgDT.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DKW_Service - Unknown owner - C:\DKW_Service\DKW_Service\DKW_Service\bin\Release\DKW_Service.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NT LM Security Support Provider (NtLmSsp) - NetGroup - Politecnico di Torino - (no file)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: IPSEC Services (PolicyAgent) - HP - (no file)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: System Event Agent - Unknown owner - C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe

    --
    End of file - 15443 bytes

    -- Files created between 2008-06-11 and 2008-07-11 -----------------------------

    2008-07-11 10:10:23 106 --a------ C:\delete.bat
    2008-07-11 10:01:41 0 d-------- C:\NoLopBackups
    2008-07-11 09:29:34 0 d-------- C:\Program Files\Trend Micro
    2008-07-10 10:28:46 0 d-------- C:\Documents and Settings\Kirsten\Application Data\Malwarebytes
    2008-07-10 10:28:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-10 10:28:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-07 00:04:17 0 d-------- C:\Program Files\WinPcap
    2008-07-06 14:49:11 588 --ahs---- C:\WINDOWS\system32\Cefilnmp.ini2
    2008-06-21 11:48:36 0 d-------- C:\Program Files\livefirstpart
    2008-06-15 16:56:02 0 d-------- C:\Documents and Settings\Kirsten\Application Data\Opera


    -- Find3M Report ---------------------------------------------------------------

    2008-07-11 10:03:27 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-80221102}.dat
    2008-07-11 10:03:27 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-80221102}.dat
    2008-07-10 13:13:45 0 d-------- C:\Program Files\Yahoo!
    2008-07-10 13:10:31 0 d-------- C:\Program Files\HP
    2008-07-10 13:07:43 0 d-------- C:\Program Files\Hewlett-Packard
    2008-07-10 12:50:06 0 d-------- C:\Program Files\Common Files
    2008-07-10 12:24:36 0 d-------- C:\Program Files\DivX
    2008-07-10 12:24:01 0 d-------- C:\Program Files\BitLord
    2008-07-10 12:23:50 0 d-------- C:\Program Files\Bet21.net
    2008-07-10 12:23:12 0 d-------- C:\Program Files\Audrey Hepburn1
    2008-06-21 11:52:07 0 d-------- C:\Documents and Settings\Kirsten\Application Data\livefirstpart
    2008-06-08 12:01:44 0 d-------- C:\Program Files\DVD Decrypter
    2008-06-04 07:25:55 0 d-------- C:\Program Files\Lavasoft
    2008-06-04 07:25:52 0 d-------- C:\Documents and Settings\Kirsten\Application Data\Lavasoft
    2008-06-04 07:11:10 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-03 20:54:29 0 d-------- C:\Program Files\MSECache
    2008-05-27 21:16:02 0 d-------- C:\Documents and Settings\Kirsten\Application Data\GetRightToGo
    2008-05-11 13:17:13 6415 --a------ C:\WINDOWS\mozver.dat
    2008-05-11 10:55:38 0 d-------- C:\Program Files\Replay Converter
    2008-05-11 10:44:25 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10CD41A2-B34D-4912-9448-82E7E8E44866}]
    C:\WINDOWS\system32\pmnlifeC.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFE17632-2A22-4271-B134-A9D9E2C3EAF5}]
    C:\WINDOWS\system32\nnnmjgDT.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [11/29/2001 02:00 AM]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/12/2006 02:52 PM]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [04/15/2008 09:10 AM]
    "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [01/19/2006 11:06 AM]
    "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [09/05/2005 04:55 PM]
    "AutoSys"="C:\WINDOWS\system32\autosys.exe" []
    "itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [11/21/2006 05:08 PM]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [09/09/2005 01:18 AM]
    "Msn Chat Monitor(IM Sniffer) v2.8.1120"="C:\Program Files\MSN Chat Monitor\MsnChatMonitor.exe" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
    "2Search"="C:\Program Files\2search\main.exe" []
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/30/2003 01:14 AM]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [03/21/2006 02:19 PM]
    "CCLite"="C:\WINDOWS\system32\Event Agent\ea.exe" [12/03/2007 10:11 AM]
    "Event Agent"="C:\WINDOWS\system32\Event Agent\bin\smss .exe" [02/02/2008 08:20 PM]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/20/2008 07:58 AM]
    "Up Balm Ball Bone"="C:\Documents and Settings\All Users\Application Data\Tons Chin Up Balm\INTRA 64.exe" [07/11/2008 10:10 AM]
    "A_MsnMonitor"="C:\Program Files\AwinSoft\MyMSN\MsnMonitor.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [03/19/2005 10:41 AM]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [09/22/2004 04:10 PM]
    "flapexit"="C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1\ONCE TRANS.exe" [06/21/2008 11:48 AM]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)
    "NoAdminPage"=1

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoActiveDesktopChanges"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ClearRecentDocsOnExit"=0 (0x0)
    "NoRecentDocsMenu"=0 (0x0)
    "EditLevel"=0 (0x0)
    "NoRun"=0 (0x0)
    "NoClose"=0 (0x0)
    "NoSaveSettings"=0 (0x0)
    "NoFileMenu"=0 (0x0)
    "NoCommonGroups"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVDIdle Pro\DVDShell.dll [10/09/2004 04:18 PM 49152]
    "{CFE17632-2A22-4271-B134-A9D9E2C3EAF5}"= C:\WINDOWS\system32\nnnmjgDT.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmjgDT]
    nnnmjgDT.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnlifeC

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"




    -- End of Deckard's System Scanner: finished at 2008-07-11 10:18:02 ------------
     

    Attached Files:

  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
    Hi Welcome to TSG!!


    Please visit this webpage for instructions for downloading and running ComboFix.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
     
  4. dkwoodward

    dkwoodward Thread Starter

    Joined:
    Jul 11, 2008
    Messages:
    5
    BTW, on reboot, while the ComboFix Box was up, the computer had a message box appear 2-3 times, stating that an application could not start because of a missing file: MFC71U.dll.... is this a valid Foundation Class dll, and should I replace the missing file?

    ComboFix Log:
    ComboFix 08-07-10.1 - Kirsten 2008-07-11 11:10:11.1 - NTFSx86
    Running from: C:\Documents and Settings\Kirsten\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Jasmine\Application Data\FunWebProducts
    C:\WINDOWS\system32\2search.exe
    C:\WINDOWS\system32\Cefilnmp.ini
    C:\WINDOWS\system32\Cefilnmp.ini2
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\taskkill.com
    C:\WINDOWS\system32\wanpacket.dll
    C:\WINDOWS\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_NPF


    ((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
    .

    2008-07-11 11:23 . 2008-07-11 11:23 90,112 --a------ C:\WINDOWS\system32\WOEM_3_2awoem.tmp
    2008-07-11 10:10 . 2008-07-11 10:10 106 --a------ C:\delete.bat
    2008-07-11 10:01 . 2008-07-11 10:04 <DIR> d-------- C:\NoLopBackups
    2008-07-11 09:29 . 2008-07-11 09:29 <DIR> d-------- C:\Program Files\Trend Micro
    2008-07-11 09:15 . 2008-07-11 09:15 <DIR> d-------- C:\Deckard
    2008-07-10 10:28 . 2008-07-10 10:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-10 10:28 . 2008-07-10 10:28 <DIR> d-------- C:\Documents and Settings\Kirsten\Application Data\Malwarebytes
    2008-07-10 10:28 . 2008-07-10 10:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-10 10:28 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-07-10 10:28 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-07 00:04 . 2008-07-07 00:04 <DIR> d-------- C:\Program Files\WinPcap
    2008-06-21 11:48 . 2008-06-21 11:48 <DIR> d-------- C:\Program Files\livefirstpart
    2008-06-20 12:00 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-11 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pattern Maker for cross stitch
    2008-07-11 15:05 --------- d-----w C:\Program Files\Microsoft Visual Studio .NET 2003
    2008-07-11 15:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-07-11 14:59 --------- d-----w C:\Program Files\Microsoft ACT
    2008-07-11 14:59 --------- d-----w C:\Program Files\Common Files\Merge Modules
    2008-07-11 14:57 --------- d-----w C:\Program Files\HTML Help Workshop
    2008-07-11 14:34 --------- d-----w C:\Program Files\Mindscape
    2008-07-11 14:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-11 14:33 --------- d-----w C:\Program Files\Black Isle
    2008-07-10 17:13 --------- d-----w C:\Program Files\Yahoo!
    2008-07-10 17:10 --------- d-----w C:\Program Files\HP
    2008-07-10 17:07 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-07-10 16:24 --------- d-----w C:\Program Files\DivX
    2008-07-10 16:24 --------- d-----w C:\Program Files\BitLord
    2008-07-10 16:23 --------- d-----w C:\Program Files\Bet21.net
    2008-07-10 16:23 --------- d-----w C:\Program Files\Audrey Hepburn1
    2008-07-07 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2008-06-21 15:52 --------- d-----w C:\Documents and Settings\Kirsten\Application Data\livefirstpart
    2008-06-21 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tons Chin Up Balm
    2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-08 16:01 --------- d-----w C:\Program Files\DVD Decrypter
    2008-06-08 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-06-04 11:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-04 11:25 --------- d-----w C:\Program Files\Lavasoft
    2008-06-04 11:25 --------- d-----w C:\Documents and Settings\Kirsten\Application Data\Lavasoft
    2008-06-04 11:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-04 00:54 --------- d-----w C:\Program Files\MSECache
    2008-05-28 01:16 --------- d-----w C:\Documents and Settings\Kirsten\Application Data\GetRightToGo
    2008-05-11 15:02 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-05-11 14:55 --------- d-----w C:\Program Files\Replay Converter
    2008-05-11 14:44 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2008-03-16 15:54 18,552 ----a-w C:\Documents and Settings\Kirsten\Application Data\GDIPFONTCACHEV1.DAT
    2005-12-26 00:37 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
    2005-11-02 21:05 80 --sh--r C:\WINDOWS\system32\DA6F837D84.dll
    2006-12-30 12:51 80 --sh--r C:\WINDOWS\system32\F64BBCD75D.dll
    .
    Code:
    <pre>
    ----a-w           946,176 2008-02-11 22:26:18  C:\WINDOWS\system32\Event Agent\lsass .exe
    ----a-w         1,564,745 2007-12-30 15:20:20  C:\WINDOWS\system32\Event Agent\Bin\services .exe
    ----a-w           192,580 2008-02-03 00:20:32  C:\WINDOWS\system32\Event Agent\Bin\smss .exe
    ----a-w           102,400 2007-12-08 20:45:44  C:\WINDOWS\system32\Event Agent\Bin\spoolsv .exe
    </pre>

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2005-03-19 10:41 40960]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10 1871872]
    "flapexit"="C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1\ONCE TRANS.exe" [2008-06-21 11:48 501760]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-12 14:52 77824]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-15 09:10 579584]
    "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11:06 11776]
    "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 16:55 339968]
    "AutoSys"="C:\WINDOWS\system32\autosys.exe" [N/A]
    "itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18 57344]
    "Msn Chat Monitor(IM Sniffer) v2.8.1120"="C:\Program Files\MSN Chat Monitor\MsnChatMonitor.exe" [N/A]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
    "2Search"="C:\Program Files\2search\main.exe" [N/A]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
    "CCLite"="C:\WINDOWS\system32\Event Agent\ea.exe" [2007-12-03 10:11 49152]
    "Event Agent"="C:\WINDOWS\system32\Event Agent\bin\smss .exe" [2008-02-02 20:20 192580]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-20 07:58 185896]
    "Up Balm Ball Bone"="C:\Documents and Settings\All Users\Application Data\Tons Chin Up Balm\INTRA 64.exe" [2008-07-11 11:33 2546176]
    "A_MsnMonitor"="C:\Program Files\AwinSoft\MyMSN\MsnMonitor.exe" [N/A]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 15:35 219136]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17 443968]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-07 07:26:28 180224]
    KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 15:12:08 16423]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "EditLevel"= 0 (0x0)
    "NoCommonGroups"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "C:\Program Files\DVDIdle Pro\DVDShell.dll" [2004-10-09 16:18 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
    "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\BearShare\\BearShare.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\WINDOWS\\system32\\Event Agent\\Driver\\WinPcap_3_1.exe"=
    "C:\\WINDOWS\\system32\\Event Agent\\bin\\services .exe"=
    "C:\\WINDOWS\\system32\\Event Agent\\bin\\spoolsv .exe"=
    "C:\\WINDOWS\\system32\\Event Agent\\lsass .exe"=
    "C:\\WINDOWS\\system32\\Event Agent\\lite.exe"=
    "C:\\WINDOWS\\system32\\Event Agent\\bin\\smss .exe"=
    "C:\\WINDOWS\\system32\\Event Agent\\bin\\EventAgentRegistry.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Documents and Settings\\Kirsten\\Desktop\\dss.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8105:TCP"= 8105:TCP:*:Disabled:BitComet 8105 TCP
    "8105:UDP"= 8105:UDP:*:Disabled:BitComet 8105 UDP

    R2 System Event Agent;System Event Agent;C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe [2007-12-08 16:45]
    R3 WOEM_3_2a;WinPcap Packet Driver (WOEM_3_2a);C:\WINDOWS\system32\drivers\WOEM_3_2a.sys []
    S3 DKW_Service;DKW_Service;C:\DKW_Service\DKW_Service\DKW_Service\bin\Release\DKW_Service.exe [2008-04-10 19:50]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;E:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 07:01]

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-03-16 00:30:32 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
    - c:\Program Files\Microsoft IntelliType Pro\itype.exe
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{10CD41A2-B34D-4912-9448-82E7E8E44866} - C:\WINDOWS\system32\pmnlifeC.dll
    BHO-{CFE17632-2A22-4271-B134-A9D9E2C3EAF5} - C:\WINDOWS\system32\nnnmjgDT.dll
    ShellExecuteHooks-{CFE17632-2A22-4271-B134-A9D9E2C3EAF5} - C:\WINDOWS\system32\nnnmjgDT.dll
    Notify-nnnmjgDT - nnnmjgDT.dll


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-11 11:28:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\Event Agent\Bin\services .exe
    C:\WINDOWS\system32\Event Agent\lsass .exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    **************************************************************************
    .
    Completion time: 2008-07-11 11:45:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-11 15:45:33

    Pre-Run: 5,929,480,192 bytes free
    Post-Run: 5,923,336,192 bytes free

    211 --- E O F --- 2008-06-21 02:33:07

    ********************************************************
    HiJackThis log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:56:26 AM, on 7/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe
    C:\WINDOWS\system32\Event Agent\bin\services .exe
    C:\WINDOWS\system32\Event Agent\lsass .exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\WINDOWS\system32\Event Agent\bin\smss .exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\NCLAUNCH.EXe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
    O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    O4 - HKLM\..\Run: [Msn Chat Monitor(IM Sniffer) v2.8.1120] C:\Program Files\MSN Chat Monitor\MsnChatMonitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [CCLite] C:\WINDOWS\system32\Event Agent\ea.exe
    O4 - HKLM\..\Run: [Event Agent] C:\WINDOWS\system32\Event Agent\bin\smss .exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Up Balm Ball Bone] C:\Documents and Settings\All Users\Application Data\Tons Chin Up Balm\INTRA 64.exe
    O4 - HKLM\..\Run: [A_MsnMonitor] "C:\Program Files\AwinSoft\MyMSN\MsnMonitor.exe"
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [flapexit] C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1\ONCE TRANS.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: lsass.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kirsten\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126742012314
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://sympatico.gamesmania.com/ExentCtl.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://sympatico.zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mmms.ca
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mmms.ca
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DKW_Service - Unknown owner - C:\DKW_Service\DKW_Service\DKW_Service\bin\Release\DKW_Service.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: System Event Agent - Unknown owner - C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe

    --
    End of file - 12683 bytes
     
  5. dkwoodward

    dkwoodward Thread Starter

    Joined:
    Jul 11, 2008
    Messages:
    5
    Sorry, I thought I had the XP Restore stuff installed, redid this because of my error.


    ComboFix 08-07-10.1 - Kirsten 2008-07-11 12:40:23.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.98 [GMT -4:00]
    Running from: C:\Documents and Settings\Kirsten\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Kirsten\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
    .

    2008-07-11 11:23 . 2008-07-11 11:23 90,112 --a------ C:\WINDOWS\system32\WOEM_3_2awoem.tmp
    2008-07-11 10:10 . 2008-07-11 10:10 106 --a------ C:\delete.bat
    2008-07-11 10:01 . 2008-07-11 10:04 <DIR> d-------- C:\NoLopBackups
    2008-07-11 09:29 . 2008-07-11 09:29 <DIR> d-------- C:\Program Files\Trend Micro
    2008-07-11 09:15 . 2008-07-11 09:15 <DIR> d-------- C:\Deckard
    2008-07-10 10:28 . 2008-07-10 10:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-10 10:28 . 2008-07-10 10:28 <DIR> d-------- C:\Documents and Settings\Kirsten\Application Data\Malwarebytes
    2008-07-10 10:28 . 2008-07-10 10:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-10 10:28 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-07-10 10:28 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-07 00:04 . 2008-07-07 00:04 <DIR> d-------- C:\Program Files\WinPcap
    2008-06-21 11:48 . 2008-06-21 11:48 <DIR> d-------- C:\Program Files\livefirstpart
    2008-06-20 12:00 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-11 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pattern Maker for cross stitch
    2008-07-11 15:05 --------- d-----w C:\Program Files\Microsoft Visual Studio .NET 2003
    2008-07-11 15:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-07-11 14:59 --------- d-----w C:\Program Files\Microsoft ACT
    2008-07-11 14:59 --------- d-----w C:\Program Files\Common Files\Merge Modules
    2008-07-11 14:57 --------- d-----w C:\Program Files\HTML Help Workshop
    2008-07-11 14:34 --------- d-----w C:\Program Files\Mindscape
    2008-07-11 14:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-11 14:33 --------- d-----w C:\Program Files\Black Isle
    2008-07-10 17:13 --------- d-----w C:\Program Files\Yahoo!
    2008-07-10 17:10 --------- d-----w C:\Program Files\HP
    2008-07-10 17:07 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-07-10 16:24 --------- d-----w C:\Program Files\DivX
    2008-07-10 16:24 --------- d-----w C:\Program Files\BitLord
    2008-07-10 16:23 --------- d-----w C:\Program Files\Bet21.net
    2008-07-10 16:23 --------- d-----w C:\Program Files\Audrey Hepburn1
    2008-07-07 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2008-06-21 15:52 --------- d-----w C:\Documents and Settings\Kirsten\Application Data\livefirstpart
    2008-06-21 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tons Chin Up Balm
    2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-08 16:01 --------- d-----w C:\Program Files\DVD Decrypter
    2008-06-08 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-06-04 11:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-04 11:25 --------- d-----w C:\Program Files\Lavasoft
    2008-06-04 11:25 --------- d-----w C:\Documents and Settings\Kirsten\Application Data\Lavasoft
    2008-06-04 11:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-04 00:54 --------- d-----w C:\Program Files\MSECache
    2008-05-28 01:16 --------- d-----w C:\Documents and Settings\Kirsten\Application Data\GetRightToGo
    2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-05-11 15:02 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-05-11 14:55 --------- d-----w C:\Program Files\Replay Converter
    2008-05-11 14:44 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-04-20 11:58 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
    2008-03-16 15:54 18,552 ----a-w C:\Documents and Settings\Kirsten\Application Data\GDIPFONTCACHEV1.DAT
    2005-12-26 00:37 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
    2005-11-02 21:05 80 --sh--r C:\WINDOWS\system32\DA6F837D84.dll
    2006-12-30 12:51 80 --sh--r C:\WINDOWS\system32\F64BBCD75D.dll
    .
    Code:
    <pre>
    ----a-w           946,176 2008-02-11 22:26:18  C:\WINDOWS\system32\Event Agent\lsass .exe
    ----a-w         1,564,745 2007-12-30 15:20:20  C:\WINDOWS\system32\Event Agent\Bin\services .exe
    ----a-w           192,580 2008-02-03 00:20:32  C:\WINDOWS\system32\Event Agent\Bin\smss .exe
    ----a-w           102,400 2007-12-08 20:45:44  C:\WINDOWS\system32\Event Agent\Bin\spoolsv .exe
    </pre>

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2005-03-19 10:41 40960]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10 1871872]
    "flapexit"="C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1\ONCE TRANS.exe" [2008-06-21 11:48 501760]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-12 14:52 77824]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-15 09:10 579584]
    "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11:06 11776]
    "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 16:55 339968]
    "AutoSys"="C:\WINDOWS\system32\autosys.exe" [N/A]
    "itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18 57344]
    "Msn Chat Monitor(IM Sniffer) v2.8.1120"="C:\Program Files\MSN Chat Monitor\MsnChatMonitor.exe" [N/A]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
    "2Search"="C:\Program Files\2search\main.exe" [N/A]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
    "CCLite"="C:\WINDOWS\system32\Event Agent\ea.exe" [2007-12-03 10:11 49152]
    "Event Agent"="C:\WINDOWS\system32\Event Agent\bin\smss .exe" [2008-02-02 20:20 192580]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-20 07:58 185896]
    "Up Balm Ball Bone"="C:\Documents and Settings\All Users\Application Data\Tons Chin Up Balm\INTRA 64.exe" [2008-07-11 11:33 2546176]
    "A_MsnMonitor"="C:\Program Files\AwinSoft\MyMSN\MsnMonitor.exe" [N/A]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 15:35 219136]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17 443968]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-07 07:26:28 180224]
    KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 15:12:08 16423]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "EditLevel"= 0 (0x0)
    "NoCommonGroups"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "C:\Program Files\DVDIdle Pro\DVDShell.dll" [2004-10-09 16:18 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
    "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\BearShare\\BearShare.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\WINDOWS\\system32\\Event Agent\\Driver\\WinPcap_3_1.exe"=
    "C:\\WINDOWS\\system32\\Event Agent\\bin\\services .exe"=
    "C:\\WINDOWS\\system32\\Event Agent\\bin\\spoolsv .exe"=
    "C:\\WINDOWS\\system32\\Event Agent\\lsass .exe"=
    "C:\\WINDOWS\\system32\\Event Agent\\lite.exe"=
    "C:\\WINDOWS\\system32\\Event Agent\\bin\\smss .exe"=
    "C:\\WINDOWS\\system32\\Event Agent\\bin\\EventAgentRegistry.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Documents and Settings\\Kirsten\\Desktop\\dss.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8105:TCP"= 8105:TCP:*:Disabled:BitComet 8105 TCP
    "8105:UDP"= 8105:UDP:*:Disabled:BitComet 8105 UDP

    R2 System Event Agent;System Event Agent;C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe [2007-12-08 16:45]
    R3 WOEM_3_2a;WinPcap Packet Driver (WOEM_3_2a);C:\WINDOWS\system32\drivers\WOEM_3_2a.sys []
    S3 DKW_Service;DKW_Service;C:\DKW_Service\DKW_Service\DKW_Service\bin\Release\DKW_Service.exe [2008-04-10 19:50]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;E:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 07:01]

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-03-16 00:30:32 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
    - c:\Program Files\Microsoft IntelliType Pro\itype.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-11 12:45:45
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-07-11 12:54:07
    ComboFix-quarantined-files.txt 2008-07-11 16:53:17
    ComboFix2.txt 2008-07-11 15:46:01

    Pre-Run: 5,881,184,256 bytes free
    Post-Run: 5,847,875,584 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    181 --- E O F --- 2008-06-21 02:33:07

    ********************************************
    HiJackThis Log
    ********************************************
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:12:23 PM, on 7/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe
    C:\WINDOWS\system32\Event Agent\bin\services .exe
    C:\WINDOWS\system32\Event Agent\lsass .exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\WINDOWS\system32\Event Agent\bin\smss .exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
    O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    O4 - HKLM\..\Run: [Msn Chat Monitor(IM Sniffer) v2.8.1120] C:\Program Files\MSN Chat Monitor\MsnChatMonitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [CCLite] C:\WINDOWS\system32\Event Agent\ea.exe
    O4 - HKLM\..\Run: [Event Agent] C:\WINDOWS\system32\Event Agent\bin\smss .exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Up Balm Ball Bone] C:\Documents and Settings\All Users\Application Data\Tons Chin Up Balm\INTRA 64.exe
    O4 - HKLM\..\Run: [A_MsnMonitor] "C:\Program Files\AwinSoft\MyMSN\MsnMonitor.exe"
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [flapexit] C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1\ONCE TRANS.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: lsass.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kirsten\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126742012314
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://sympatico.gamesmania.com/ExentCtl.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://sympatico.zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mmms.ca
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mmms.ca
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DKW_Service - Unknown owner - C:\DKW_Service\DKW_Service\DKW_Service\bin\Release\DKW_Service.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: System Event Agent - Unknown owner - C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe

    --
    End of file - 12633 bytes
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
    Open Notepad and copy and paste the text in the quote box below into it:

    Save the file to you desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]

    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.




    Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Quick Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply with a new hijackthis log.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



    Please do an online scan with Kaspersky WebScanner

    Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure the following is checked.
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply.

    Upgrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
    • Click on Continue.
    • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")
     
  7. dkwoodward

    dkwoodward Thread Starter

    Joined:
    Jul 11, 2008
    Messages:
    5
    ComboFix 08-07-10.1 - Kirsten 2008-07-15 19:26:33.3 - NTFSx86
    Running from: C:\Documents and Settings\Kirsten\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Kirsten\Desktop\CFScript.txt
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1
    C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1\0
    C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1\32elsesetupblue.exe
    C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1\998A2B0E
    C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1\five axis third.exe
    C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1\lxjhswcm.exe
    C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1\nedigaot.exe
    C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1\ONCE TRANS.exe
    C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1\twoesrht.exe
    C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1\uvelnkoi.exe
    C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1\xrnmwmgi.exe
    C:\DOCUME~1\Kirsten\APPLIC~1\LIVEFI~1\ywjtlrsh.exe
    C:\Documents and Settings\All Users\Application Data\Tons Chin Up Balm
    C:\Documents and Settings\All Users\Application Data\Tons Chin Up Balm\INTRA 64.exe
    C:\Documents and Settings\All Users\Application Data\Tons Chin Up Balm\Third Live.exe
    C:\Documents and Settings\Josh\Local Settings\Temporary Internet Files\

    .
    ((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 )))))))))))))))))))))))))))))))
    .

    2008-07-11 10:10 . 2008-07-11 10:10 106 --a------ C:\delete.bat
    2008-07-11 10:01 . 2008-07-11 10:04 <DIR> d-------- C:\NoLopBackups
    2008-07-11 09:29 . 2008-07-11 09:29 <DIR> d-------- C:\Program Files\Trend Micro
    2008-07-11 09:15 . 2008-07-11 09:15 <DIR> d-------- C:\Deckard
    2008-07-10 10:28 . 2008-07-10 10:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-10 10:28 . 2008-07-10 10:28 <DIR> d-------- C:\Documents and Settings\Kirsten\Application Data\Malwarebytes
    2008-07-10 10:28 . 2008-07-10 10:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-10 10:28 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-07-10 10:28 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-07 00:04 . 2008-07-07 00:04 <DIR> d-------- C:\Program Files\WinPcap
    2008-06-21 11:48 . 2008-06-21 11:48 <DIR> d-------- C:\Program Files\livefirstpart
    2008-06-20 12:00 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-14 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2008-07-11 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pattern Maker for cross stitch
    2008-07-11 15:05 --------- d-----w C:\Program Files\Microsoft Visual Studio .NET 2003
    2008-07-11 15:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-07-11 14:59 --------- d-----w C:\Program Files\Microsoft ACT
    2008-07-11 14:59 --------- d-----w C:\Program Files\Common Files\Merge Modules
    2008-07-11 14:57 --------- d-----w C:\Program Files\HTML Help Workshop
    2008-07-11 14:34 --------- d-----w C:\Program Files\Mindscape
    2008-07-11 14:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-11 14:33 --------- d-----w C:\Program Files\Black Isle
    2008-07-10 17:13 --------- d-----w C:\Program Files\Yahoo!
    2008-07-10 17:10 --------- d-----w C:\Program Files\HP
    2008-07-10 17:07 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-07-10 16:24 --------- d-----w C:\Program Files\DivX
    2008-07-10 16:24 --------- d-----w C:\Program Files\BitLord
    2008-07-10 16:23 --------- d-----w C:\Program Files\Bet21.net
    2008-07-10 16:23 --------- d-----w C:\Program Files\Audrey Hepburn1
    2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-08 16:01 --------- d-----w C:\Program Files\DVD Decrypter
    2008-06-08 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-06-04 11:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-04 11:25 --------- d-----w C:\Program Files\Lavasoft
    2008-06-04 11:25 --------- d-----w C:\Documents and Settings\Kirsten\Application Data\Lavasoft
    2008-06-04 11:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-04 00:54 --------- d-----w C:\Program Files\MSECache
    2008-05-28 01:16 --------- d-----w C:\Documents and Settings\Kirsten\Application Data\GetRightToGo
    2008-05-11 14:44 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2008-03-16 15:54 18,552 ----a-w C:\Documents and Settings\Kirsten\Application Data\GDIPFONTCACHEV1.DAT
    2005-12-26 00:37 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
    2005-11-02 21:05 80 --sh--r C:\WINDOWS\system32\DA6F837D84.dll
    2006-12-30 12:51 80 --sh--r C:\WINDOWS\system32\F64BBCD75D.dll
    .

    ((((((((((((((((((((((((((((( [email protected]_11.44.54.93 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-07-11 15:22:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-07-15 23:34:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2007-12-30 15:20:20 1,564,745 ----a-w C:\WINDOWS\system32\Event Agent\Bin\services.exe
    + 2008-02-03 00:20:32 192,580 ----a-w C:\WINDOWS\system32\Event Agent\Bin\smss.exe
    + 2007-12-08 20:45:44 102,400 ----a-w C:\WINDOWS\system32\Event Agent\Bin\spoolsv.exe
    + 2008-02-11 22:26:18 946,176 ----a-w C:\WINDOWS\system32\Event Agent\lsass.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2005-03-19 10:41 40960]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10 1871872]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-12 14:52 77824]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-15 09:10 579584]
    "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11:06 11776]
    "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 16:55 339968]
    "itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18 57344]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
    "CCLite"="C:\WINDOWS\system32\Event Agent\ea.exe" [2007-12-03 10:11 49152]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-20 07:58 185896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 15:35 219136]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17 443968]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-07 07:26:28 180224]
    KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 15:12:08 16423]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "EditLevel"= 0 (0x0)
    "NoCommonGroups"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "C:\Program Files\DVDIdle Pro\DVDShell.dll" [2004-10-09 16:18 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
    "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\BearShare\\BearShare.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\WINDOWS\\system32\\Event Agent\\Driver\\WinPcap_3_1.exe"=
    "C:\\WINDOWS\\system32\\Event Agent\\lite.exe"=
    "C:\\WINDOWS\\system32\\Event Agent\\bin\\EventAgentRegistry.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Documents and Settings\\Kirsten\\Desktop\\dss.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8105:TCP"= 8105:TCP:*:Disabled:BitComet 8105 TCP
    "8105:UDP"= 8105:UDP:*:Disabled:BitComet 8105 UDP

    R2 System Event Agent;System Event Agent;C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe []
    S3 DKW_Service;DKW_Service;C:\DKW_Service\DKW_Service\DKW_Service\bin\Release\DKW_Service.exe [2008-04-10 19:50]
    S3 WOEM_3_2a;WinPcap Packet Driver (WOEM_3_2a);C:\WINDOWS\system32\drivers\WOEM_3_2a.sys []
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;E:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 07:01]

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-03-16 00:30:32 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
    - c:\Program Files\Microsoft IntelliType Pro\itype.exe
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-Msn Chat Monitor(IM Sniffer) v2.8.1120 - C:\Program Files\MSN Chat Monitor\MsnChatMonitor.exe
    HKLM-Run-Event Agent - C:\WINDOWS\system32\Event Agent\bin\smss .exe
    HKLM-Run-A_MsnMonitor - C:\Program Files\AwinSoft\MyMSN\MsnMonitor.exe


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-15 19:35:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\Event Agent\Bin\spoolsv.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\Event Agent\Bin\smss.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2008-07-15 19:52:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-15 23:52:05
    ComboFix2.txt 2008-07-11 16:54:09
    ComboFix3.txt 2008-07-11 15:46:01

    Pre-Run: 5,856,493,568 bytes free
    Post-Run: 5,839,097,856 bytes free

    200 --- E O F --- 2008-06-21 02:33:07

    Malwarebytes' Anti-Malware 1.20
    Database version: 957
    Windows 5.1.2600 Service Pack 2

    8:25:32 PM 7/15/2008
    mbam-log-7-15-2008 (20-25-32).txt

    Scan type: Quick Scan
    Objects scanned: 44732
    Time elapsed: 9 minute(s), 48 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Wednesday, July 16, 2008
    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Tuesday, July 15, 2008 20:18:26
    Records in database: 957114
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\

    Scan statistics:
    Files scanned: 96299
    Threat name: 63
    Infected objects: 106
    Suspicious objects: 4
    Duration of the scan: 03:08:07


    File name / Threat name / Threats count
    C:\Deckard\System Scanner\20080711101646\backup\DOCUME~1\Kirsten\LOCALS~1\Temp\bis484.exe Infected: Trojan.Win32.Obfuscated.eui 1
    C:\Deckard\System Scanner\20080711101646\backup\DOCUME~1\Kirsten\LOCALS~1\Temp\bis5C0.exe Infected: Trojan.Win32.Obfuscated.bwl 1
    C:\Deckard\System Scanner\20080711101646\backup\DOCUME~1\Kirsten\LOCALS~1\Temp\tm26951.exe Suspicious: Packed.Win32.Morphine.a 1
    C:\Deckard\System Scanner\20080711101646\backup\DOCUME~1\Kirsten\LOCALS~1\Temp\tm47468.exe Infected: Trojan-Downloader.Win32.Qoologic.ax 1
    C:\Deckard\System Scanner\20080711101646\backup\DOCUME~1\Kirsten\LOCALS~1\Temp\tm55630.exe Suspicious: Packed.Win32.Morphine.a 1
    C:\Documents and Settings\Kirsten\Desktop\M&M VPN\a_msn_monitor.exe Infected: not-a-virus:Monitor.Win32.MonitorSniffer.j 1
    C:\Documents and Settings\Kirsten\Shared\this if for all the girls.wm Infected: Trojan-Downloader.WMA.Wimad.m 1
    C:\Downloads\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z 1
    C:\My Downloads\crank dat hannah montana.wm Infected: Trojan-Downloader.WMA.Wimad.m 1
    C:\My Downloads\i like money by millionair.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
    C:\My Downloads\last doller.wm Infected: Trojan-Downloader.WMA.Wimad.m 1
    C:\My Downloads\Leonard Cohen - I'm Your Man(1).wma Infected: Trojan-Downloader.WMA.GetCodec.b 1
    C:\My Downloads\madonna im a hazard.wm Infected: Trojan-Downloader.WMA.Wimad.m 1
    C:\Program Files\BearShare\Installer\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z 1
    C:\Program Files\BearShare\Installer\BSINSTALL.exe Infected: not-a-virus:AdTool.Win32.WhenU.a 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\00150B30 Infected: Trojan-Downloader.Win32.TSUpdate.p 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\019B4D7B Infected: Trojan-Downloader.Win32.Qoologic.ad 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\034352D8 Infected: not-a-virus:AdWare.Win32.EliteBar.ac 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\07270802.class Infected: Trojan-Downloader.Java.OpenStream.w 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\073F6070 Infected: Trojan-Downloader.JS.IstBar.b 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0BE546C0 Infected: Backdoor.Win32.Ruledor.c 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0FB0505D.DLL Infected: Trojan.Win32.Delf.gh 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\146C4ED2 Infected: Trojan-Downloader.Win32.Qoologic.ax 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\14EA4C7D Infected: Trojan-Downloader.Win32.Qoologic.ax 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\15DF363D.class Infected: Trojan-Downloader.Java.OpenStream.t 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\16AE22D2 Infected: not-a-virus:AdWare.Win32.F1Organizer.c 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\177502BF Infected: not-a-virus:AdWare.Win32.SaveNow.z 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\179733EF Infected: not-a-virus:AdWare.Win32.ReSearch.a 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\183A7765 Infected: Trojan-Downloader.Win32.TSUpdate.f 2
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1C6B1B0E Infected: Trojan-Spy.Win32.Briss.j 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1FD856D8 Infected: Trojan-Spy.Win32.Briss.j 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20AD5E0C Infected: Trojan.Win32.Small.cy 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\25CA18D1 Infected: Trojan-Downloader.Win32.TSUpdate.l 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\25CE42CD Infected: Trojan-Downloader.Win32.TSUpdate.k 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\281A25D7 Infected: not-a-virus:AdWare.Win32.ClearSearch.o 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\28DC50BF Infected: Trojan-Downloader.Win32.TSUpdate.k 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\28DC50BF Infected: Trojan-Downloader.Win32.TSUpdate.p 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\28DC50BF Infected: Trojan-Downloader.Win32.TSUpdate.l 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\28DC50BF Infected: not-a-virus:AdWare.Win32.Xupiter.m 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\29E1527E Infected: not-a-virus:AdWare.Win32.ClearSearch.a 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2CCD2D45 Infected: Trojan-Spy.Win32.Briss.e 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2CD72B3A Infected: Trojan-Downloader.Win32.Dyfuca.dp 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2CDA5536 Infected: Trojan-Spy.Win32.Briss.i 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2CDD7F33 Infected: not-a-virus:AdWare.Win32.BetterInternet 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2CE0292F Infected: not-a-virus:AdWare.Win32.BetterInternet 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2CE77D28 Infected: Trojan-Downloader.Win32.Dyfuca.gen 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2CEA2724 Infected: Trojan-Downloader.Win32.Dyfuca.gen 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2CED5121 Infected: Trojan-Spy.Win32.Briss.j 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\306B6440 Infected: Trojan.Win32.StartPage.nk 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30F41A88 Infected: Trojan-Downloader.Win32.TSUpdate.f 2
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\30F74485 Infected: not-a-virus:AdWare.Win32.F1Organizer.h 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\33F20913 Infected: Trojan-Downloader.Win32.Dyfuca.dp 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A0C1729 Infected: Trojan-Downloader.Win32.Dyfuca.ep 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A0F4126 Infected: Trojan-Downloader.Win32.IstBar.ja 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A0F4126 Infected: Trojan-Downloader.Win32.IstBar.ny 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A193F1B Infected: Trojan.Win32.Small.cy 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A1C6917 Infected: not-a-virus:AdWare.Win32.180Solutions.e 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\45DE6930 Infected: not-a-virus:AdWare.Win32.Xupiter.m 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\47AC7666 Infected: Trojan-Downloader.Win32.Small.xk 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\47AC7666 Infected: Exploit.HTML.CodeBaseExec 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\485E2B88 Infected: Trojan-Downloader.JS.IstBar.b 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4A6C0948.htm Suspicious: Exploit.HTML.Mht 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4A76073D.exe Infected: Trojan-Downloader.Win32.Small.xk 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5064352E Infected: not-a-virus:AdWare.Win32.SaveNow.z 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\51AD24BF Infected: Backdoor.Win32.Ruledor.c 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\524B3121 Infected: not-a-virus:AdWare.Win32.Comet.ai 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\52E62758 Infected: Trojan.Win32.Pakes 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\52EC7B51 Infected: Trojan.Win32.Pakes 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\52EF254E Infected: Trojan.Win32.Pakes 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\52F34F4A Infected: Trojan.Win32.Pakes 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\52F67946 Infected: Trojan-Downloader.Win32.Qoologic.ax 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5439575A Infected: not-a-virus:AdWare.Win32.F1Organizer.h 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54402B53 Infected: not-a-virus:AdWare.Win32.ClearSearch.j 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54435550 Infected: Backdoor.Win32.Ruledor.c 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54477F4C Infected: not-a-virus:AdWare.Win32.SaveNow.z 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\544A2948 Infected: not-a-virus:AdWare.Win32.SaveNow.az 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\544D5345 Infected: not-a-virus:AdWare.Win32.SaveNow.z 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\55A56B16 Infected: Trojan-Downloader.Win32.Dyfuca.du 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\56A33D0F Infected: Trojan-Downloader.JS.IstBar.b 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\56D023BD Infected: Trojan-Dropper.Win32.Agent.ay 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\56D34DB9 Infected: Trojan-Downloader.Win32.Dyfuca.ds 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\59CF2E70.htm Suspicious: Exploit.HTML.Mht 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5AE5000D Infected: not-a-virus:AdWare.Win32.ClearSearch.r 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5B0F2CEE Infected: Trojan-Downloader.Win32.Qoologic.be 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5CE53AFE Infected: not-a-virus:AdTool.Win32.WhenU.a 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\61A4151C Infected: not-a-virus:AdWare.Win32.ClearSearch.j 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\61A73F18 Infected: not-a-virus:AdWare.Win32.ClearSearch.s 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\61AA6915 Infected: Trojan-Downloader.Win32.Dyfuca.ep 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\61B71106 Infected: not-a-virus:AdWare.Win32.WinAD.t 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\61CE5FA6 Infected: Trojan.Win32.Dialer.fu 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6419747F Infected: not-a-virus:AdWare.Win32.SearchIt.l 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\65F95ACF Infected: Trojan-Downloader.Win32.Qoologic.ak 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\65FC04CC Infected: Trojan.Win32.Pakes 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\65FF2EC8 Infected: Trojan.Win32.Pakes 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\67434180 Infected: not-a-virus:AdWare.Win32.SaveNow.az 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7536356B Infected: Trojan-Downloader.Win32.IstBar.iu 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7536356B Infected: Trojan-Downloader.Win32.IstBar.nn 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\75395F67 Infected: Trojan-Downloader.Win32.IstBar.iu 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\75395F67 Infected: Trojan-Downloader.Win32.IstBar.nn 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\753C0964 Infected: not-a-virus:AdWare.Win32.180Solutions.g 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\75403360 Infected: not-a-virus:AdWare.Win32.EliteBar.ac 1
    C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7CC12FB9 Infected: Trojan-Downloader.JS.IstBar.b 1
    C:\QooBox\Quarantine\C\WINDOWS\system32\2search.exe.vir Infected: not-a-virus:AdWare.Win32.2Search.c 3
    C:\QooBox\Quarantine\C\WINDOWS\system32\2search.exe.vir Infected: not-a-virus:AdWare.Win32.2Search.f 1
    C:\WINDOWS\system32\InstaFinder_inst245.exe Infected: not-a-virus:AdWare.Win32.InstaFinder.a 1
    C:\ZwinkySetup2.2.60.11.ZJfox000.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc 1

    The selected area was scanned.
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
    Open Notepad and copy and paste the text in the quote box below into it:

    Save the file to you desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]

    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/729509

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice