Suspicious Pop Up Removal

Hels_Here · Oct 6, 2008

Hello

Is there anybody available to help me remove pop up windows? Every time I log on to the Internet, I keep on getting pop ups that relate to anything from Moneysupermarket.com to Car Insurance. This keeps on happening whenever I change the site i am viewing.

I have pasted a copy of my HJT log file, please can you help?

Thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02:29, on 06/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winpr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\winsrtv32.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Helen Bennett\Desktop\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Evesham Technology
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [Windows DNS Controller] winmn32.exe
O4 - HKLM\..\Run: [Microsoft Genuine Advantage] winsrtv32.exe
O4 - HKLM\..\Run: [winpr.exe] C:\WINDOWS\system32\winpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [soft the obj send] C:\Documents and Settings\All Users\Application Data\Debug manager soft the\burn tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\RunServices: [Microsoft Genuine Advantage] winsrtv32.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
--
End of file - 10773 bytes

jmw3 · Oct 6, 2008

Welcome Hels_Here

I will be helping you under the guidance of one of our expert coaches.
Please give me a little time to get back to you with instructions.

In the meantime please note the following:

Any recommendations made are for your computer problems only and should NOT be used on any other computer.
Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
If you get stuck or are unsure of something please ask for a further explanation, do not guess.
A lack of symptoms does not necessarily mean your computer is clean.
Continue to respond to this thread until I give you the All Clean!

Please Note: My instructions to you are checked by an expert prior to posting. This may cause a small delay between posts.
Thanks

Create an Uninstall List

Start HijackThis
Click on the Config button
Click on the Misc Tools button
Click on the Open Uninstall Manager button
Click on the Save list... button and specify where you would like to save this file
When you press the Save button a notepad will open with the contents of that file
Copy and paste the contents of that notepad here in your next reply

Hels_Here · Oct 6, 2008

Hi, thank you for responding. As requested, here is the uninstall_list:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Advanced Uninstaller PRO 2006 - version 7
Authentium AntiVirus SDK - 2
Big Fish Games Client
Cake Shop
Cassandra's Journey: The Legacy of Nostradamus
CCleaner (remove only)
Disc2Phone
EA Download Manager
Easy-WebPrint
Enable S3 for USB Device
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Imikimi Plugin
Java(TM) 6 Update 7
Magic Encyclopedia
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Marvell Miniport Driver
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic 2007
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Protection Service
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Live OneCare Resources v1.6.2111.38
Microsoft Windows OneCare Live v1.6.2111.30 Idcrl Install
Microsoft Windows OneCare Live v1.6.2111.38
Microsoft Works
MSN
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
NVIDIA Drivers
OpenAL
OpenOffice.org 2.3
Orange Broadband Uninstall
PC Connectivity Solution
PerfectDisk
Popup Blocker (Windows Live Toolbar)
PPSDKRedistributables
PX Engine
Radialpoint Security Services
Realtek High Definition Audio Driver
Red Cross - Emergency Response Unit
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
SimCity Societies
SimCity Societies
SimCity Societies Destinations
Smart Menus (Windows Live Toolbar)
Sonic Encoders
System Requirements Lab
Tabbed Browsing (Windows Live Toolbar)
TGTTPOACS
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 Apartment Life
The Sims 2 Bon Voyage
The Sims 2 FreeTime
The Sims 2 IKEA® Home Stuff
Turbo Fiesta
Uniblue ProcessQuickLink 2
Uniblue ProcessScanner
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb956080)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update Rollup 2 for Windows XP Media Center Edition 2005
Virgin Broadband advisor 1.5.14
Virgin Broadband PCguard
Windows Desktop Search 3.01
Windows Desktop Search 3.01
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (08/03/2007 3.2)
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (08/08/2007 3.3)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890760
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinZip Self-Extractor
Zoo Vet 2: Endangered Animals

jmw3 · Oct 7, 2008

Hello Hels_Here
Sorry for the late reply.

Upload Files for Scanning
Go to VirusTotal or Jotti
(Just use one or the other. No need to use both.)

If you use VirusTotal click Browse
In the Choose File box that opens navigate to C:\WINDOWS\winmn32.exe, & double click on winmn32.exe
Then click Send File
Wait for scans to finish then copy & paste the results into your next reply
Following the instructions above do the same for:
C:\WINDOWS\system32\winpr.exe
C:\WINDOWS\system32\winsrtv32.exe

If you use Jotti click Browse
In the Choose File box that opens navigate to C:\WINDOWS\winmn32.exe, & double click on winmn32.exe
Then click Submit
Wait for scans to finish then copy & paste the results into your next reply
Following the instructions above do the same for:
C:\WINDOWS\system32\winpr.exe
C:\WINDOWS\system32\winsrtv32.exe

Lop S&D
Download Lop S&D by Eric_71 here and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista
Close/disable all anti virus and anti malware programs so they do not interfere with the running of Lop S&D
A guide to do this can be found here.
The ones that need to be closed/disabled are:
Virgin PC Guard | eTrust Pest Patrol

Double-click Lop S&D.exe
Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window
Type 1, to choose Option 1 (Search) then press Enter
Wait until the end of the scan
A report will be generated, post the contents of it in your next reply.

(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

To post in next reply:
Results from either VirusTotal or Jotti
Lop S&D log

Hels_Here · Oct 8, 2008

Hi there

I used VirusTotal for the first part of your request, I could not locate the first file [Winmn32.exe] but I managed to navigate to Winpr.exe and Winsrtv32
File has already been analysed:

MD5:459c22a9a21cff089e8bc63c360fdab3First received:06.04.2008 19:03:09 (CET)Date:06.04.2008 19:03:09 (CET) [>126D]Results:6/33Permalink:analisis/37157a7ad5e6ae5937756b70eaed4b80

File has already been analysed:

MD5:7e7d05a3bb47c0daf8cf1560663d5d17First received:06.03.2008 13:49:03 (CET)Date:06.05.2008 21:02:22 (CET) [>125D]Results:5/33Permalink:analisis/d0b5f9bea8dcb3a4adc6b8f2377d40ba

Lop S & D File:

--------------------\\ Lop S&D 4.2.4-5 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Helen Bennett ( Administrator )
BOOT : Normal boot
Antivirus : PCguard Anti-Virus 6.0.1 (Not Activated)
Firewall : PCguard Firewall 6.0.1 (Activated)
C:\ (Local Disk) - NTFS - Total : 229 Go Free : 181 Go
D:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( 08/10/2008| 7:28 )

--------------------\\ Listing folders in APPLIC~1
[21/01/2008|21:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[13/04/2008|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\3 Blokes Studios
[21/07/2007|14:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\7Wonders2
[05/06/2008|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/08/2008|22:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[24/05/2008|22:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Astar Games
[30/11/2007|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Awem
[17/06/2008|21:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFish
[07/10/2008|20:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
[11/07/2008|20:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\blg
[23/06/2007|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CaveDays
[28/11/2007|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Christmasville
[01/10/2008|19:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Debug manager soft the
[18/12/2007|20:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DivoGames
[10/10/2007|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eGames
[12/03/2008|20:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EscapeTheMuseum
[27/08/2008|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FarmFrenzy2
[08/10/2007|20:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FireGlow
[27/06/2008|18:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fitn17
[30/05/2008|15:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Flood Light Games
[29/06/2008|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames
[25/07/2008|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
[31/01/2008|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Go Go Gourmet
[20/09/2008|10:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii
[31/05/2008|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii Games
[12/05/2007|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[07/10/2008|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[23/12/2007|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HiddenSecretsNightmare
[11/04/2008|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
[07/08/2008|07:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[27/12/2006|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[18/08/2008|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intenium
[09/02/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[25/06/2007|20:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
[14/03/2008|21:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[13/05/2007|09:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[29/05/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ludia
[28/03/2008|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[25/07/2007|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[28/08/2008|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/09/2008|08:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[01/03/2008|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MonteCristo
[07/10/2008|21:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[14/09/2008|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MysteryChronicles
[18/05/2008|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MythPeople
[03/11/2007|08:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[23/08/2007|18:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[13/09/2008|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
[13/12/2007|21:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PACE Anti-Piracy
[10/09/2008|18:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PBGsavesDirectory
[21/09/2008|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[29/09/2008|21:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[17/03/2008|21:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayPond
[18/09/2008|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Playrix Entertainment
[02/06/2007|20:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
[13/08/2007|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PrettyGoodGames
[20/03/2008|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QB9 S.R.L
[01/10/2008|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raxco
[30/09/2008|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raxco(2)
[20/09/2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[04/01/2008|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[04/08/2008|23:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SimCity Societies
[06/10/2007|08:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[09/08/2008|23:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Slapdash Games
[26/04/2008|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlapdashGames
[27/12/2006|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[24/09/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
[17/03/2008|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[13/03/2008|22:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
[13/03/2008|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[07/10/2008|22:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[18/11/2007|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\The Game Equation
[10/08/2008|07:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TheRace_dev
[21/01/2008|21:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Valusoft
[01/10/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Virgin Broadband
[09/06/2008|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VirtualFarm
[13/05/2007|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[12/05/2007|14:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[26/02/2008|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[09/06/2008|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[23/06/2007|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[18/08/2007|11:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Google
[21/01/2008|21:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[10/10/2007|22:11] C:\DOCUME~1\HELENB~1\APPLIC~1\Abra Academy2
[01/03/2008|21:47] C:\DOCUME~1\HELENB~1\APPLIC~1\Adobe
[07/07/2008|18:04] C:\DOCUME~1\HELENB~1\APPLIC~1\Alawar
[08/08/2008|18:45] C:\DOCUME~1\HELENB~1\APPLIC~1\alot
[26/06/2008|18:47] C:\DOCUME~1\HELENB~1\APPLIC~1\Ancient Quest of Saqqarah__bfg
[03/06/2008|21:38] C:\DOCUME~1\HELENB~1\APPLIC~1\Apple Computer
[03/09/2008|19:46] C:\DOCUME~1\HELENB~1\APPLIC~1\BeachPartyCraze
[23/08/2008|18:12] C:\DOCUME~1\HELENB~1\APPLIC~1\BFG_JanesRealty
[28/08/2008|17:31] C:\DOCUME~1\HELENB~1\APPLIC~1\Big Fish Games
[17/06/2008|21:52] C:\DOCUME~1\HELENB~1\APPLIC~1\BigFish
[17/09/2008|17:52] C:\DOCUME~1\HELENB~1\APPLIC~1\BigFishv1005
[11/07/2008|20:21] C:\DOCUME~1\HELENB~1\APPLIC~1\blg
[12/01/2008|12:23] C:\DOCUME~1\HELENB~1\APPLIC~1\BloodTies
[29/03/2008|13:05] C:\DOCUME~1\HELENB~1\APPLIC~1\Boomzap
[30/01/2008|20:34] C:\DOCUME~1\HELENB~1\APPLIC~1\BVS Solitaire Collection
[08/06/2008|10:20] C:\DOCUME~1\HELENB~1\APPLIC~1\cerasus.media
[01/08/2008|11:56] C:\DOCUME~1\HELENB~1\APPLIC~1\DeepVoyage
[10/10/2007|18:23] C:\DOCUME~1\HELENB~1\APPLIC~1\eGames
[01/10/2008|21:22] C:\DOCUME~1\HELENB~1\APPLIC~1\EleFun Games
[14/07/2008|18:09] C:\DOCUME~1\HELENB~1\APPLIC~1\EnchantedCavern
[23/11/2007|23:24] C:\DOCUME~1\HELENB~1\APPLIC~1\ErrorSmart
[02/12/2007|13:31] C:\DOCUME~1\HELENB~1\APPLIC~1\Eyeblaster
[12/07/2008|09:10] C:\DOCUME~1\HELENB~1\APPLIC~1\FarmerJane
[30/05/2008|15:20] C:\DOCUME~1\HELENB~1\APPLIC~1\Flood Light Games
[12/09/2007|21:21] C:\DOCUME~1\HELENB~1\APPLIC~1\ForgottenRiddles
[18/07/2008|17:27] C:\DOCUME~1\HELENB~1\APPLIC~1\ForgottenRiddles2
[19/03/2008|21:18] C:\DOCUME~1\HELENB~1\APPLIC~1\Friday's games
[10/02/2008|15:38] C:\DOCUME~1\HELENB~1\APPLIC~1\FrimaStudio
[31/07/2008|12:04] C:\DOCUME~1\HELENB~1\APPLIC~1\Gaijin Ent
[05/07/2007|20:25] C:\DOCUME~1\HELENB~1\APPLIC~1\Gamelab
[09/05/2008|06:07] C:\DOCUME~1\HELENB~1\APPLIC~1\Games
[31/05/2008|15:24] C:\DOCUME~1\HELENB~1\APPLIC~1\Gogii Games
[14/08/2008|20:37] C:\DOCUME~1\HELENB~1\APPLIC~1\Go-Go Gourmet Chef of the Year
[21/01/2008|22:40] C:\DOCUME~1\HELENB~1\APPLIC~1\Google
[04/09/2008|19:22] C:\DOCUME~1\HELENB~1\APPLIC~1\Home Sweet Home 2
[06/09/2008|09:11] C:\DOCUME~1\HELENB~1\APPLIC~1\Identities
[14/08/2007|18:40] C:\DOCUME~1\HELENB~1\APPLIC~1\IM-Names
[01/10/2008|18:23] C:\DOCUME~1\HELENB~1\APPLIC~1\InstallShield
[26/05/2008|09:53] C:\DOCUME~1\HELENB~1\APPLIC~1\ITTNord
[21/06/2008|12:33] C:\DOCUME~1\HELENB~1\APPLIC~1\iWin
[21/09/2007|18:34] C:\DOCUME~1\HELENB~1\APPLIC~1\Jane s Hotel
[02/10/2008|18:38] C:\DOCUME~1\HELENB~1\APPLIC~1\JoyBits
[09/09/2007|21:20] C:\DOCUME~1\HELENB~1\APPLIC~1\LimeWire
[29/05/2008|10:38] C:\DOCUME~1\HELENB~1\APPLIC~1\Ludia
[12/08/2007|08:17] C:\DOCUME~1\HELENB~1\APPLIC~1\Macromedia
[08/07/2007|16:10] C:\DOCUME~1\HELENB~1\APPLIC~1\Magic Academy
[14/02/2008|19:22] C:\DOCUME~1\HELENB~1\APPLIC~1\Magic Seeds
[05/08/2007|19:33] C:\DOCUME~1\HELENB~1\APPLIC~1\Magus
[28/03/2008|17:08] C:\DOCUME~1\HELENB~1\APPLIC~1\Malwarebytes
[05/07/2008|11:10] C:\DOCUME~1\HELENB~1\APPLIC~1\Meridian93
[05/10/2008|10:41] C:\DOCUME~1\HELENB~1\APPLIC~1\Microsoft
[09/09/2008|21:05] C:\DOCUME~1\HELENB~1\APPLIC~1\MysteryStudio
[15/08/2007|17:47] C:\DOCUME~1\HELENB~1\APPLIC~1\Mysteryville2
[09/03/2008|11:21] C:\DOCUME~1\HELENB~1\APPLIC~1\Nokia
[21/11/2007|20:32] C:\DOCUME~1\HELENB~1\APPLIC~1\Nokia Multimedia Player
[13/09/2008|10:43] C:\DOCUME~1\HELENB~1\APPLIC~1\Oberon Games
[08/06/2007|18:12] C:\DOCUME~1\HELENB~1\APPLIC~1\Ohana Games
[09/09/2008|17:45] C:\DOCUME~1\HELENB~1\APPLIC~1\OpenOffice.org2
[13/12/2007|21:23] C:\DOCUME~1\HELENB~1\APPLIC~1\PACE Anti-Piracy
[03/11/2007|08:42] C:\DOCUME~1\HELENB~1\APPLIC~1\PC Suite
[12/09/2008|21:25] C:\DOCUME~1\HELENB~1\APPLIC~1\Pi Eye Games
[15/03/2008|00:23] C:\DOCUME~1\HELENB~1\APPLIC~1\Pirateville
[19/04/2008|23:29] C:\DOCUME~1\HELENB~1\APPLIC~1\pixelStorm
[29/09/2008|21:08] C:\DOCUME~1\HELENB~1\APPLIC~1\PlayFirst
[22/06/2008|20:49] C:\DOCUME~1\HELENB~1\APPLIC~1\Playrix Entertainment
[29/07/2008|12:29] C:\DOCUME~1\HELENB~1\APPLIC~1\Pogo Games
[26/08/2008|22:32] C:\DOCUME~1\HELENB~1\APPLIC~1\Purple Patch Games
[09/05/2008|14:38] C:\DOCUME~1\HELENB~1\APPLIC~1\Restorer
[22/08/2008|20:59] C:\DOCUME~1\HELENB~1\APPLIC~1\Righteous Kill
[16/11/2007|08:07] C:\DOCUME~1\HELENB~1\APPLIC~1\Roxio
[20/06/2007|20:14] C:\DOCUME~1\HELENB~1\APPLIC~1\Sandlot Games
[25/07/2008|16:02] C:\DOCUME~1\HELENB~1\APPLIC~1\SecuROM
[24/07/2008|07:19] C:\DOCUME~1\HELENB~1\APPLIC~1\Sony Ericsson
[28/03/2008|22:44] C:\DOCUME~1\HELENB~1\APPLIC~1\SprillBermudeEng
[26/07/2008|21:06] C:\DOCUME~1\HELENB~1\APPLIC~1\Sudden Games
[07/06/2008|13:30] C:\DOCUME~1\HELENB~1\APPLIC~1\SultansLabyrinth
[13/05/2007|09:56] C:\DOCUME~1\HELENB~1\APPLIC~1\Sun
[14/03/2008|23:20] C:\DOCUME~1\HELENB~1\APPLIC~1\SUPERAntiSpyware.com
[07/10/2007|09:28] C:\DOCUME~1\HELENB~1\APPLIC~1\Super-Cow
[08/08/2008|22:14] C:\DOCUME~1\HELENB~1\APPLIC~1\Teleca
[13/05/2007|09:00] C:\DOCUME~1\HELENB~1\APPLIC~1\Template
[24/08/2008|11:39] C:\DOCUME~1\HELENB~1\APPLIC~1\TMInc
[15/03/2008|13:30] C:\DOCUME~1\HELENB~1\APPLIC~1\Uniblue
[09/01/2008|18:53] C:\DOCUME~1\HELENB~1\APPLIC~1\Valusoft
[23/08/2007|20:59] C:\DOCUME~1\HELENB~1\APPLIC~1\VeniceMysteryData
[06/06/2008|18:51] C:\DOCUME~1\HELENB~1\APPLIC~1\ViquaSoft
[01/10/2008|18:05] C:\DOCUME~1\HELENB~1\APPLIC~1\Virgin Broadband
[02/06/2007|22:25] C:\DOCUME~1\HELENB~1\APPLIC~1\Windows Desktop Search
[28/03/2008|22:13] C:\DOCUME~1\HELENB~1\APPLIC~1\Yatec Games
[06/09/2008|09:11] C:\DOCUME~1\HELENB~1\APPLIC~1\Zylom
[05/10/2007|18:49] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Google
[21/01/2008|21:46] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Identities
[05/10/2007|18:49] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Macromedia
[21/01/2008|21:47] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Microsoft
[04/11/2007|11:08] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\PC Suite
[17/10/2007|18:27] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Virgin Broadband
[02/07/2007|17:06] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Windows Desktop Search
[29/08/2008|10:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/12/2007|16:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[02/06/2007|21:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Roxio

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[07/10/2008 22:00][--ah-----] C:\WINDOWS\tasks\B470549491B3FF60.job
[07/10/2008 22:00][--a------] C:\WINDOWS\tasks\At23.job
[05/10/2008 23:00][--a------] C:\WINDOWS\tasks\At24.job
[07/10/2008 20:00][--a------] C:\WINDOWS\tasks\At21.job
[07/10/2008 19:00][--a------] C:\WINDOWS\tasks\At20.job
[07/10/2008 21:00][--a------] C:\WINDOWS\tasks\At22.job
[06/10/2008 17:00][--a------] C:\WINDOWS\tasks\At18.job
[06/10/2008 16:00][--a------] C:\WINDOWS\tasks\At17.job
[06/10/2008 18:00][--a------] C:\WINDOWS\tasks\At19.job
[06/10/2008 15:00][--a------] C:\WINDOWS\tasks\At16.job
[06/10/2008 14:00][--a------] C:\WINDOWS\tasks\At15.job
[06/10/2008 13:00][--a------] C:\WINDOWS\tasks\At14.job
[06/10/2008 12:00][--a------] C:\WINDOWS\tasks\At13.job
[06/10/2008 10:00][--a------] C:\WINDOWS\tasks\At11.job
[06/10/2008 09:00][--a------] C:\WINDOWS\tasks\At10.job
[06/10/2008 11:00][--a------] C:\WINDOWS\tasks\At12.job
[07/10/2008 07:00][--a------] C:\WINDOWS\tasks\At8.job
[03/10/2008 06:00][--a------] C:\WINDOWS\tasks\At7.job
[06/10/2008 08:00][--a------] C:\WINDOWS\tasks\At9.job
[03/10/2008 05:00][--a------] C:\WINDOWS\tasks\At6.job
[03/10/2008 04:00][--a------] C:\WINDOWS\tasks\At5.job
[03/10/2008 02:00][--a------] C:\WINDOWS\tasks\At3.job
[03/10/2008 01:00][--a------] C:\WINDOWS\tasks\At2.job
[05/10/2008 00:34][--a------] C:\WINDOWS\tasks\At1.job
[03/10/2008 03:00][--a------] C:\WINDOWS\tasks\At4.job
[06/10/2008 18:00][--a------] C:\WINDOWS\tasks\System Restore.job
[13/05/2007 17:13][--a------] C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
[07/10/2008 22:10][--a------] C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[10/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
[08/10/2008 07:13][--ah-----] C:\WINDOWS\tasks\SA.DAT
( B470549491B3FF60.job )=( c:\docume~1\emmabe~1\applic~1\freemore\Safeelseboob.exe )
--------------------\\ Listing Folders in C:\Program Files
[05/06/2008|17:39] C:\Program Files\Adobe
[14/07/2007|12:03] C:\Program Files\ArcSoft
[27/10/2007|09:47] C:\Program Files\BearShare Applications
[09/09/2008|17:40] C:\Program Files\bfgclient
[01/10/2008|18:25] C:\Program Files\CA
[01/10/2008|18:24] C:\Program Files\Cake Shop
[25/11/2007|12:05] C:\Program Files\Canon
[02/10/2008|18:38] C:\Program Files\Cassandra's Journey - The Legacy of Nostradamus
[23/12/2007|15:25] C:\Program Files\CCleaner
[03/09/2008|20:15] C:\Program Files\Circle Developement
[01/10/2008|18:25] C:\Program Files\Common Files
[01/10/2008|18:25] C:\Program Files\ComPlus Applications
[30/09/2008|20:22] C:\Program Files\Cooking Dash
[17/08/2008|21:51] C:\Program Files\Deirdra Kiai Productions
[03/11/2007|08:11] C:\Program Files\DIFX
[13/05/2007|20:00] C:\Program Files\directx
[23/07/2008|12:07] C:\Program Files\Disc2Phone
[05/09/2008|21:11] C:\Program Files\EA GAMES
[04/08/2008|22:49] C:\Program Files\Electronic Arts
[23/11/2007|23:26] C:\Program Files\ErrorSmart
[13/12/2007|21:06] C:\Program Files\Farm Frenzy
[14/08/2007|18:40] C:\Program Files\Fever Frenzy
[14/08/2007|18:40] C:\Program Files\Feyruna - Fairy Forest
[08/08/2008|18:48] C:\Program Files\filehippo.com
[01/10/2008|19:30] C:\Program Files\FreeMore
[27/12/2006|21:12] C:\Program Files\Gigabyte
[06/09/2007|06:58] C:\Program Files\Google
[10/08/2008|08:30] C:\Program Files\HandMade Game
[27/12/2006|21:12] C:\Program Files\helpcentre
[09/02/2008|11:01] C:\Program Files\Imikimi
[22/08/2007|10:04] C:\Program Files\Infogrames
[17/07/2007|21:51] C:\Program Files\Innovative Solutions
[31/08/2008|14:41] C:\Program Files\InstallShield Installation Information
[27/12/2006|21:12] C:\Program Files\Intel
[01/10/2008|22:19] C:\Program Files\Internet Explorer
[06/10/2008|18:04] C:\Program Files\Java
[25/06/2007|20:37] C:\Program Files\Kontiki
[14/08/2007|18:40] C:\Program Files\Lifetime R.S.V.P
[18/05/2008|11:16] C:\Program Files\Lighthouse Interactive
[26/09/2008|17:14] C:\Program Files\Lost Secrets - Bermuda Triangle
[23/08/2007|19:43] C:\Program Files\Macrogaming
[18/09/2008|21:48] C:\Program Files\Magic Encyclopedia
[06/10/2008|17:24] C:\Program Files\Malwarebytes' Anti-Malware
[27/12/2006|21:12] C:\Program Files\Marvell
[08/05/2008|20:48] C:\Program Files\McDonaldsFairies
[28/08/2008|18:31] C:\Program Files\Messenger
[03/09/2008|20:15] C:\Program Files\Messenger Plus! Live
[13/05/2007|11:43] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[27/12/2006|21:12] C:\Program Files\microsoft frontpage
[28/05/2007|16:13] C:\Program Files\Microsoft Office
[02/06/2007|21:58] C:\Program Files\Microsoft Visual Studio
[10/09/2008|08:01] C:\Program Files\Microsoft Works
[02/06/2007|21:58] C:\Program Files\Microsoft.NET
[28/08/2008|18:08] C:\Program Files\Movie Maker
[12/05/2007|14:03] C:\Program Files\MSN
[17/03/2008|22:57] C:\Program Files\MSN Games
[27/12/2006|21:12] C:\Program Files\MSN Gaming Zone
[28/03/2008|16:05] C:\Program Files\MSN Messenger
[13/05/2007|11:40] C:\Program Files\MSXML 4.0
[17/07/2008|19:43] C:\Program Files\MSXML 6.0
[08/08/2008|22:39] C:\Program Files\Nancy Drew
[28/08/2008|18:04] C:\Program Files\NetMeeting
[17/07/2008|19:46] C:\Program Files\Nokia
[27/12/2006|21:12] C:\Program Files\Online Services
[21/12/2007|21:35] C:\Program Files\OpenAL
[22/09/2008|18:32] C:\Program Files\OpenOffice.org 2.3
[27/12/2006|21:12] C:\Program Files\Orange
[12/08/2007|09:52] C:\Program Files\otron.net
[28/08/2008|18:31] C:\Program Files\Outlook Express
[07/08/2008|07:38] C:\Program Files\PC Connectivity Solution
[11/09/2008|07:21] C:\Program Files\QuickTime
[01/10/2008|18:35] C:\Program Files\Raxco
[27/12/2006|21:12] C:\Program Files\Realtek
[05/10/2008|10:49] C:\Program Files\Red Cross - Emergency Response Unit
[23/09/2008|22:17] C:\Program Files\RighteousKill_at
[07/10/2008|21:15] C:\Program Files\Samantha Swift and the Hidden Roses of Athena
[14/08/2007|18:40] C:\Program Files\Spyde Solitaire
[14/03/2008|23:20] C:\Program Files\SUPERAntiSpyware
[16/02/2008|22:35] C:\Program Files\SystemRequirementsLab
[09/08/2008|15:16] C:\Program Files\The Adventure Company
[13/09/2008|10:29] C:\Program Files\Turbo Fiesta
[15/03/2008|14:10] C:\Program Files\Uniblue
[27/12/2006|21:13] C:\Program Files\Uninstall Information
[01/10/2008|18:24] C:\Program Files\Virgin Broadband
[09/10/2007|16:57] C:\Program Files\Virgin Media Games
[07/10/2007|18:59] C:\Program Files\Vivendi Universal Games
[02/06/2007|22:16] C:\Program Files\Windows Desktop Search
[26/02/2008|21:51] C:\Program Files\Windows Live
[30/11/2007|19:14] C:\Program Files\Windows Live Favorites
[30/10/2007|17:20] C:\Program Files\Windows Live Safety Center
[30/11/2007|19:15] C:\Program Files\Windows Live Toolbar
[22/07/2007|08:45] C:\Program Files\Windows Media Connect 2
[22/07/2007|08:48] C:\Program Files\Windows Media Player
[28/08/2008|18:04] C:\Program Files\Windows NT
[27/12/2006|21:13] C:\Program Files\Windows Plus
[13/12/2007|21:23] C:\Program Files\WindowsUpdate
[26/07/2007|06:55] C:\Program Files\WinZip Self-Extractor
[27/12/2006|21:13] C:\Program Files\xerox
[08/04/2008|22:25] C:\Program Files\Yahoo!
[11/08/2008|17:53] C:\Program Files\Yard Sale Hidden Treasures - Sunnyville
[04/10/2008|08:58] C:\Program Files\Zoo Vet 2 - Endangered Animals
[08/09/2008|19:35] C:\Program Files\Zylom Games
--------------------\\ Listing Folders in C:\Program Files\Common Files
[05/06/2008|17:39] C:\Program Files\Common Files\Adobe
[01/10/2008|18:25] C:\Program Files\Common Files\Authentium
[29/06/2007|13:12] C:\Program Files\Common Files\Canon
[02/06/2007|21:58] C:\Program Files\Common Files\DESIGNER
[12/05/2008|21:11] C:\Program Files\Common Files\DirectX
[09/09/2007|21:28] C:\Program Files\Common Files\EasyInfo
[13/05/2007|19:59] C:\Program Files\Common Files\InstallShield
[13/05/2007|09:54] C:\Program Files\Common Files\Java
[27/12/2006|21:11] C:\Program Files\Common Files\LightScribe
[21/12/2007|21:38] C:\Program Files\Common Files\Logitech
[26/02/2008|08:38] C:\Program Files\Common Files\Microsoft Shared
[27/12/2006|21:11] C:\Program Files\Common Files\MSSoap
[03/11/2007|08:21] C:\Program Files\Common Files\Nokia
[27/12/2006|21:11] C:\Program Files\Common Files\ODBC
[13/12/2007|21:23] C:\Program Files\Common Files\PACE Anti-Piracy
[03/11/2007|08:12] C:\Program Files\Common Files\PCSuite
[12/06/2007|19:35] C:\Program Files\Common Files\Roxio Shared
[01/10/2008|18:30] C:\Program Files\Common Files\Scanner
[27/12/2006|21:12] C:\Program Files\Common Files\Services
[12/06/2007|19:35] C:\Program Files\Common Files\Sonic Shared
[27/12/2006|21:12] C:\Program Files\Common Files\SpeechEngines
[25/11/2007|08:58] C:\Program Files\Common Files\SWF Studio
[16/09/2007|07:28] C:\Program Files\Common Files\Symantec Shared
[28/08/2008|18:31] C:\Program Files\Common Files\System
[08/08/2008|22:14] C:\Program Files\Common Files\Teleca Shared
[24/02/2008|17:59] C:\Program Files\Common Files\WindowsLiveInstaller
--------------------\\ Process
( 55 Processes )
IEXPLORE.EXE ~ [PID:2320]
--------------------\\ Searching with S_Lop
No Lop folder found !

--------------------\\ Searching for Lop Files - Folders
C:\Program Files\freemore
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
C:\WINDOWS\Tasks\B470549491B3FF60.job

--------------------\\ Searching within the Registry
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-08 07:28:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

[F:30][D:2]-> C:\DOCUME~1\HELENB~1\LOCALS~1\Temp
[F:36][D:0]-> C:\DOCUME~1\HELENB~1\Cookies
[F:1279][D:12]-> C:\DOCUME~1\HELENB~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 08/10/2008| 7:29 - Option : [1]
--------------------\\ Scan completed at 7:29:56

jmw3 · Oct 10, 2008

Hello Hels_Here
One of the infections on your pc is the LOP infection. It comes bundled with certain programs, one of which is present on your computer - Messenger Plus! Live. I would strongly recommend you uninstall it.

Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove this program by clicking Remove

Messenger Plus! Live

LopScript
Highlight the contents of the Code Box below, then right-click and choose Copy

Code:

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
C:\DOCUME~1\HELENB~1\APPLIC~1\ErrorSmart
c:\docume~1\emmabe~1\applic~1\freemore
C:\DOCUME~1\HELENB~1\APPLIC~1\LimeWire
C:\Program Files\BearShare Applications
C:\Program Files\Circle Developement
C:\Program Files\ErrorSmart
C:\Program Files\FreeMore
C:\Program Files\Messenger Plus! Live
C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
C:\WINDOWS\Tasks\B470549491B3FF60.job
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

Double click LopSD.exe to start the program.

Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window
Type 4 to choose Option 4 (LopScript), then press Enter
A blank page will be opened, right-click it and choose Paste
Close the page, you'll be asked to save it, click Save
Don't close the window during suppression!
Wait until the end of the scan
A report will be generated, post the contents of it in your next reply.

(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

ComboFix
Please visit this webpage for download links, and instructions for running the tool:
How To Use Combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed.

Continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix
A guide to do this can be found here.
The ones that need to be closed/disabled are:
Virgin PC Guard | eTrust Pest Patrol

Click Yes to allow ComboFix to continue scanning for malware
When the tool is finished, it will produce a report for you

Include the following reports for further review so we may continue cleaning the system:
Lop S&D log
C:\ComboFix.txt
New HijackThis log.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall

Hels_Here · Oct 12, 2008

Hello, Sorry it's taken me a while, I was a little scared about running the xp restore, but I've done it now and I shouldn't have been worried.

Here are the log files as requested: **I will send the ComboFix Log and HijackThis Log in a separate reply as this reply is more than the 3000 characters allowed**

Lop S&D log
--------------------\\ Lop S&D 4.2.4-5 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Helen Bennett ( Administrator )
BOOT : Normal boot
Antivirus : PCguard Anti-Virus 6.0.1 (Not Activated)
Firewall : PCguard Firewall 6.0.1 (Not Activated)
C:\ (Local Disk) - NTFS - Total : 229 Go Free : 180 Go
D:\ (CD or DVD) - CDFS - Total : 2 Go Free : 0 Go
"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [4] ( 12/10/2008|14:08 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
C:\DOCUME~1\HELENB~1\APPLIC~1\ErrorSmart
c:\docume~1\emmabe~1\applic~1\freemore
C:\DOCUME~1\HELENB~1\APPLIC~1\LimeWire
C:\Program Files\BearShare Applications
C:\Program Files\Circle Developement
C:\Program Files\ErrorSmart
C:\Program Files\FreeMore
C:\Program Files\Messenger Plus! Live
C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
C:\WINDOWS\Tasks\B470549491B3FF60.job
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX
... C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt -> does not exist !
Deleted! - C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
... C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt -> does not exist !
... C:\WINDOWS\Tasks\B470549491B3FF60.job -> does not exist !
... C:\WINDOWS\Tasks\At1.job -> does not exist !
... C:\WINDOWS\Tasks\At10.job -> does not exist !
... C:\WINDOWS\Tasks\At11.job -> does not exist !
... C:\WINDOWS\Tasks\At12.job -> does not exist !
... C:\WINDOWS\Tasks\At13.job -> does not exist !
... C:\WINDOWS\Tasks\At14.job -> does not exist !
... C:\WINDOWS\Tasks\At15.job -> does not exist !
... C:\WINDOWS\Tasks\At16.job -> does not exist !
... C:\WINDOWS\Tasks\At17.job -> does not exist !
... C:\WINDOWS\Tasks\At18.job -> does not exist !
... C:\WINDOWS\Tasks\At19.job -> does not exist !
... C:\WINDOWS\Tasks\At2.job -> does not exist !
... C:\WINDOWS\Tasks\At20.job -> does not exist !
... C:\WINDOWS\Tasks\At21.job -> does not exist !
... C:\WINDOWS\Tasks\At22.job -> does not exist !
... C:\WINDOWS\Tasks\At23.job -> does not exist !
... C:\WINDOWS\Tasks\At24.job -> does not exist !
... C:\WINDOWS\Tasks\At3.job -> does not exist !
... C:\WINDOWS\Tasks\At4.job -> does not exist !
... C:\WINDOWS\Tasks\At5.job -> does not exist !
... C:\WINDOWS\Tasks\At6.job -> does not exist !
... C:\WINDOWS\Tasks\At7.job -> does not exist !
... C:\WINDOWS\Tasks\At8.job -> does not exist !
... C:\WINDOWS\Tasks\At9.job -> does not exist !
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
... C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap -> does not exist !
... C:\DOCUME~1\HELENB~1\APPLIC~1\ErrorSmart -> does not exist !
... c:\docume~1\emmabe~1\applic~1\freemore -> does not exist !
... C:\DOCUME~1\HELENB~1\APPLIC~1\LimeWire -> does not exist !
... C:\Program Files\BearShare Applications -> does not exist !
... C:\Program Files\Circle Developement -> does not exist !
... C:\Program Files\ErrorSmart -> does not exist !
... C:\Program Files\FreeMore -> does not exist !
Deleted! - C:\Program Files\Messenger Plus! Live
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing folders in APPLIC~1
[21/01/2008|21:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[13/04/2008|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\3 Blokes Studios
[21/07/2007|14:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\7Wonders2
[05/06/2008|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/08/2008|22:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[24/05/2008|22:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Astar Games
[30/11/2007|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Awem
[17/06/2008|21:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFish
[11/10/2008|17:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
[11/07/2008|20:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\blg
[23/06/2007|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CaveDays
[28/11/2007|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Christmasville
[01/10/2008|19:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Debug manager soft the
[18/12/2007|20:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DivoGames
[10/10/2007|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eGames
[12/03/2008|20:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EscapeTheMuseum
[27/08/2008|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FarmFrenzy2
[08/10/2007|20:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FireGlow
[27/06/2008|18:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fitn17
[30/05/2008|15:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Flood Light Games
[29/06/2008|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames
[25/07/2008|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
[31/01/2008|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Go Go Gourmet
[20/09/2008|10:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii
[31/05/2008|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii Games
[12/05/2007|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[11/10/2008|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[23/12/2007|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HiddenSecretsNightmare
[11/04/2008|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
[07/08/2008|07:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[27/12/2006|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[18/08/2008|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intenium
[09/02/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[25/06/2007|20:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
[14/03/2008|21:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[13/05/2007|09:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[29/05/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ludia
[28/03/2008|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[11/10/2008|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/09/2008|08:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[01/03/2008|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MonteCristo
[07/10/2008|21:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[14/09/2008|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MysteryChronicles
[18/05/2008|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MythPeople
[03/11/2007|08:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[23/08/2007|18:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[13/09/2008|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
[13/12/2007|21:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PACE Anti-Piracy
[10/09/2008|18:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PBGsavesDirectory
[21/09/2008|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[29/09/2008|21:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[17/03/2008|21:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayPond
[18/09/2008|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Playrix Entertainment
[13/08/2007|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PrettyGoodGames
[20/03/2008|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QB9 S.R.L
[01/10/2008|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raxco
[30/09/2008|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raxco(2)
[20/09/2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[04/01/2008|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[04/08/2008|23:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SimCity Societies
[06/10/2007|08:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[09/08/2008|23:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Slapdash Games
[26/04/2008|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlapdashGames
[27/12/2006|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[24/09/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
[17/03/2008|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[13/03/2008|22:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
[13/03/2008|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[11/10/2008|09:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[18/11/2007|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\The Game Equation
[10/08/2008|07:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TheRace_dev
[21/01/2008|21:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Valusoft
[01/10/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Virgin Broadband
[09/06/2008|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VirtualFarm
[13/05/2007|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[12/05/2007|14:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[26/02/2008|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[09/06/2008|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[23/06/2007|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[18/08/2007|11:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Google
[21/01/2008|21:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[10/10/2007|22:11] C:\DOCUME~1\HELENB~1\APPLIC~1\Abra Academy2
[01/03/2008|21:47] C:\DOCUME~1\HELENB~1\APPLIC~1\Adobe
[07/07/2008|18:04] C:\DOCUME~1\HELENB~1\APPLIC~1\Alawar
[08/08/2008|18:45] C:\DOCUME~1\HELENB~1\APPLIC~1\alot
[26/06/2008|18:47] C:\DOCUME~1\HELENB~1\APPLIC~1\Ancient Quest of Saqqarah__bfg
[03/06/2008|21:38] C:\DOCUME~1\HELENB~1\APPLIC~1\Apple Computer
[03/09/2008|19:46] C:\DOCUME~1\HELENB~1\APPLIC~1\BeachPartyCraze
[23/08/2008|18:12] C:\DOCUME~1\HELENB~1\APPLIC~1\BFG_JanesRealty
[28/08/2008|17:31] C:\DOCUME~1\HELENB~1\APPLIC~1\Big Fish Games
[17/06/2008|21:52] C:\DOCUME~1\HELENB~1\APPLIC~1\BigFish
[17/09/2008|17:52] C:\DOCUME~1\HELENB~1\APPLIC~1\BigFishv1005
[11/07/2008|20:21] C:\DOCUME~1\HELENB~1\APPLIC~1\blg
[12/01/2008|12:23] C:\DOCUME~1\HELENB~1\APPLIC~1\BloodTies
[29/03/2008|13:05] C:\DOCUME~1\HELENB~1\APPLIC~1\Boomzap
[30/01/2008|20:34] C:\DOCUME~1\HELENB~1\APPLIC~1\BVS Solitaire Collection
[08/06/2008|10:20] C:\DOCUME~1\HELENB~1\APPLIC~1\cerasus.media
[01/08/2008|11:56] C:\DOCUME~1\HELENB~1\APPLIC~1\DeepVoyage
[10/10/2007|18:23] C:\DOCUME~1\HELENB~1\APPLIC~1\eGames
[01/10/2008|21:22] C:\DOCUME~1\HELENB~1\APPLIC~1\EleFun Games
[14/07/2008|18:09] C:\DOCUME~1\HELENB~1\APPLIC~1\EnchantedCavern
[02/12/2007|13:31] C:\DOCUME~1\HELENB~1\APPLIC~1\Eyeblaster
[12/07/2008|09:10] C:\DOCUME~1\HELENB~1\APPLIC~1\FarmerJane
[30/05/2008|15:20] C:\DOCUME~1\HELENB~1\APPLIC~1\Flood Light Games
[12/09/2007|21:21] C:\DOCUME~1\HELENB~1\APPLIC~1\ForgottenRiddles
[18/07/2008|17:27] C:\DOCUME~1\HELENB~1\APPLIC~1\ForgottenRiddles2
[19/03/2008|21:18] C:\DOCUME~1\HELENB~1\APPLIC~1\Friday's games
[10/02/2008|15:38] C:\DOCUME~1\HELENB~1\APPLIC~1\FrimaStudio
[31/07/2008|12:04] C:\DOCUME~1\HELENB~1\APPLIC~1\Gaijin Ent
[05/07/2007|20:25] C:\DOCUME~1\HELENB~1\APPLIC~1\Gamelab
[09/05/2008|06:07] C:\DOCUME~1\HELENB~1\APPLIC~1\Games
[31/05/2008|15:24] C:\DOCUME~1\HELENB~1\APPLIC~1\Gogii Games
[14/08/2008|20:37] C:\DOCUME~1\HELENB~1\APPLIC~1\Go-Go Gourmet Chef of the Year
[21/01/2008|22:40] C:\DOCUME~1\HELENB~1\APPLIC~1\Google
[04/09/2008|19:22] C:\DOCUME~1\HELENB~1\APPLIC~1\Home Sweet Home 2
[06/09/2008|09:11] C:\DOCUME~1\HELENB~1\APPLIC~1\Identities
[14/08/2007|18:40] C:\DOCUME~1\HELENB~1\APPLIC~1\IM-Names
[01/10/2008|18:23] C:\DOCUME~1\HELENB~1\APPLIC~1\InstallShield
[26/05/2008|09:53] C:\DOCUME~1\HELENB~1\APPLIC~1\ITTNord
[21/06/2008|12:33] C:\DOCUME~1\HELENB~1\APPLIC~1\iWin
[21/09/2007|18:34] C:\DOCUME~1\HELENB~1\APPLIC~1\Jane s Hotel
[02/10/2008|18:38] C:\DOCUME~1\HELENB~1\APPLIC~1\JoyBits
[29/05/2008|10:38] C:\DOCUME~1\HELENB~1\APPLIC~1\Ludia
[12/08/2007|08:17] C:\DOCUME~1\HELENB~1\APPLIC~1\Macromedia
[08/07/2007|16:10] C:\DOCUME~1\HELENB~1\APPLIC~1\Magic Academy
[14/02/2008|19:22] C:\DOCUME~1\HELENB~1\APPLIC~1\Magic Seeds
[05/08/2007|19:33] C:\DOCUME~1\HELENB~1\APPLIC~1\Magus
[28/03/2008|17:08] C:\DOCUME~1\HELENB~1\APPLIC~1\Malwarebytes
[05/07/2008|11:10] C:\DOCUME~1\HELENB~1\APPLIC~1\Meridian93
[05/10/2008|10:41] C:\DOCUME~1\HELENB~1\APPLIC~1\Microsoft
[09/09/2008|21:05] C:\DOCUME~1\HELENB~1\APPLIC~1\MysteryStudio
[15/08/2007|17:47] C:\DOCUME~1\HELENB~1\APPLIC~1\Mysteryville2
[09/03/2008|11:21] C:\DOCUME~1\HELENB~1\APPLIC~1\Nokia
[21/11/2007|20:32] C:\DOCUME~1\HELENB~1\APPLIC~1\Nokia Multimedia Player
[13/09/2008|10:43] C:\DOCUME~1\HELENB~1\APPLIC~1\Oberon Games
[08/06/2007|18:12] C:\DOCUME~1\HELENB~1\APPLIC~1\Ohana Games
[09/09/2008|17:45] C:\DOCUME~1\HELENB~1\APPLIC~1\OpenOffice.org2
[13/12/2007|21:23] C:\DOCUME~1\HELENB~1\APPLIC~1\PACE Anti-Piracy
[10/10/2008|18:22] C:\DOCUME~1\HELENB~1\APPLIC~1\panoramik
[03/11/2007|08:42] C:\DOCUME~1\HELENB~1\APPLIC~1\PC Suite
[12/09/2008|21:25] C:\DOCUME~1\HELENB~1\APPLIC~1\Pi Eye Games
[15/03/2008|00:23] C:\DOCUME~1\HELENB~1\APPLIC~1\Pirateville
[19/04/2008|23:29] C:\DOCUME~1\HELENB~1\APPLIC~1\pixelStorm
[29/09/2008|21:08] C:\DOCUME~1\HELENB~1\APPLIC~1\PlayFirst
[22/06/2008|20:49] C:\DOCUME~1\HELENB~1\APPLIC~1\Playrix Entertainment
[29/07/2008|12:29] C:\DOCUME~1\HELENB~1\APPLIC~1\Pogo Games
[26/08/2008|22:32] C:\DOCUME~1\HELENB~1\APPLIC~1\Purple Patch Games
[09/05/2008|14:38] C:\DOCUME~1\HELENB~1\APPLIC~1\Restorer
[22/08/2008|20:59] C:\DOCUME~1\HELENB~1\APPLIC~1\Righteous Kill
[16/11/2007|08:07] C:\DOCUME~1\HELENB~1\APPLIC~1\Roxio
[20/06/2007|20:14] C:\DOCUME~1\HELENB~1\APPLIC~1\Sandlot Games
[25/07/2008|16:02] C:\DOCUME~1\HELENB~1\APPLIC~1\SecuROM
[24/07/2008|07:19] C:\DOCUME~1\HELENB~1\APPLIC~1\Sony Ericsson
[28/03/2008|22:44] C:\DOCUME~1\HELENB~1\APPLIC~1\SprillBermudeEng
[26/07/2008|21:06] C:\DOCUME~1\HELENB~1\APPLIC~1\Sudden Games
[07/06/2008|13:30] C:\DOCUME~1\HELENB~1\APPLIC~1\SultansLabyrinth
[13/05/2007|09:56] C:\DOCUME~1\HELENB~1\APPLIC~1\Sun
[14/03/2008|23:20] C:\DOCUME~1\HELENB~1\APPLIC~1\SUPERAntiSpyware.com
[07/10/2007|09:28] C:\DOCUME~1\HELENB~1\APPLIC~1\Super-Cow
[08/08/2008|22:14] C:\DOCUME~1\HELENB~1\APPLIC~1\Teleca
[13/05/2007|09:00] C:\DOCUME~1\HELENB~1\APPLIC~1\Template
[24/08/2008|11:39] C:\DOCUME~1\HELENB~1\APPLIC~1\TMInc
[15/03/2008|13:30] C:\DOCUME~1\HELENB~1\APPLIC~1\Uniblue
[09/01/2008|18:53] C:\DOCUME~1\HELENB~1\APPLIC~1\Valusoft
[23/08/2007|20:59] C:\DOCUME~1\HELENB~1\APPLIC~1\VeniceMysteryData
[06/06/2008|18:51] C:\DOCUME~1\HELENB~1\APPLIC~1\ViquaSoft
[01/10/2008|18:05] C:\DOCUME~1\HELENB~1\APPLIC~1\Virgin Broadband
[02/06/2007|22:25] C:\DOCUME~1\HELENB~1\APPLIC~1\Windows Desktop Search
[28/03/2008|22:13] C:\DOCUME~1\HELENB~1\APPLIC~1\Yatec Games
[06/09/2008|09:11] C:\DOCUME~1\HELENB~1\APPLIC~1\Zylom
[05/10/2007|18:49] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Google
[21/01/2008|21:46] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Identities
[05/10/2007|18:49] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Macromedia
[21/01/2008|21:47] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Microsoft
[04/11/2007|11:08] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\PC Suite
[17/10/2007|18:27] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Virgin Broadband
[02/07/2007|17:06] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Windows Desktop Search
[29/08/2008|10:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/12/2007|16:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[02/06/2007|21:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Roxio

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[11/10/2008 18:00][--a------] C:\WINDOWS\tasks\System Restore.job
[13/05/2007 17:13][--a------] C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
[12/10/2008 13:10][--a------] C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[10/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
[12/10/2008 14:04][--ah-----] C:\WINDOWS\tasks\SA.DAT
--------------------\\ Listing Folders in C:\Program Files
[05/06/2008|17:39] C:\Program Files\Adobe
[14/07/2007|12:03] C:\Program Files\ArcSoft
[09/09/2008|17:40] C:\Program Files\bfgclient
[01/10/2008|18:25] C:\Program Files\CA
[25/11/2007|12:05] C:\Program Files\Canon
[02/10/2008|18:38] C:\Program Files\Cassandra's Journey - The Legacy of Nostradamus
[23/12/2007|15:25] C:\Program Files\CCleaner
[12/10/2008|13:59] C:\Program Files\Common Files
[01/10/2008|18:25] C:\Program Files\ComPlus Applications
[30/09/2008|20:22] C:\Program Files\Cooking Dash
[17/08/2008|21:51] C:\Program Files\Deirdra Kiai Productions
[03/11/2007|08:11] C:\Program Files\DIFX
[13/05/2007|20:00] C:\Program Files\directx
[23/07/2008|12:07] C:\Program Files\Disc2Phone
[11/10/2008|19:59] C:\Program Files\EA GAMES
[04/08/2008|22:49] C:\Program Files\Electronic Arts
[13/12/2007|21:06] C:\Program Files\Farm Frenzy
[14/08/2007|18:40] C:\Program Files\Fever Frenzy
[14/08/2007|18:40] C:\Program Files\Feyruna - Fairy Forest
[08/08/2008|18:48] C:\Program Files\filehippo.com
[27/12/2006|21:12] C:\Program Files\Gigabyte
[06/09/2007|06:58] C:\Program Files\Google
[10/08/2008|08:30] C:\Program Files\HandMade Game
[27/12/2006|21:12] C:\Program Files\helpcentre
[09/02/2008|11:01] C:\Program Files\Imikimi
[22/08/2007|10:04] C:\Program Files\Infogrames
[17/07/2007|21:51] C:\Program Files\Innovative Solutions
[31/08/2008|14:41] C:\Program Files\InstallShield Installation Information
[27/12/2006|21:12] C:\Program Files\Intel
[01/10/2008|22:19] C:\Program Files\Internet Explorer
[06/10/2008|18:04] C:\Program Files\Java
[25/06/2007|20:37] C:\Program Files\Kontiki
[14/08/2007|18:40] C:\Program Files\Lifetime R.S.V.P
[18/05/2008|11:16] C:\Program Files\Lighthouse Interactive
[26/09/2008|17:14] C:\Program Files\Lost Secrets - Bermuda Triangle
[23/08/2007|19:43] C:\Program Files\Macrogaming
[18/09/2008|21:48] C:\Program Files\Magic Encyclopedia
[06/10/2008|17:24] C:\Program Files\Malwarebytes' Anti-Malware
[27/12/2006|21:12] C:\Program Files\Marvell
[08/05/2008|20:48] C:\Program Files\McDonaldsFairies
[28/08/2008|18:31] C:\Program Files\Messenger
[13/05/2007|11:43] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[27/12/2006|21:12] C:\Program Files\microsoft frontpage
[28/05/2007|16:13] C:\Program Files\Microsoft Office
[02/06/2007|21:58] C:\Program Files\Microsoft Visual Studio
[10/09/2008|08:01] C:\Program Files\Microsoft Works
[02/06/2007|21:58] C:\Program Files\Microsoft.NET
[28/08/2008|18:08] C:\Program Files\Movie Maker
[12/05/2007|14:03] C:\Program Files\MSN
[17/03/2008|22:57] C:\Program Files\MSN Games
[27/12/2006|21:12] C:\Program Files\MSN Gaming Zone
[28/03/2008|16:05] C:\Program Files\MSN Messenger
[13/05/2007|11:40] C:\Program Files\MSXML 4.0
[17/07/2008|19:43] C:\Program Files\MSXML 6.0
[08/08/2008|22:39] C:\Program Files\Nancy Drew
[28/08/2008|18:04] C:\Program Files\NetMeeting
[17/07/2008|19:46] C:\Program Files\Nokia
[27/12/2006|21:12] C:\Program Files\Online Services
[21/12/2007|21:35] C:\Program Files\OpenAL
[22/09/2008|18:32] C:\Program Files\OpenOffice.org 2.3
[27/12/2006|21:12] C:\Program Files\Orange
[12/08/2007|09:52] C:\Program Files\otron.net
[11/10/2008|21:17] C:\Program Files\Outlook Express
[07/08/2008|07:38] C:\Program Files\PC Connectivity Solution
[11/09/2008|07:21] C:\Program Files\QuickTime
[01/10/2008|18:35] C:\Program Files\Raxco
[27/12/2006|21:12] C:\Program Files\Realtek
[23/09/2008|22:17] C:\Program Files\RighteousKill_at
[07/10/2008|21:15] C:\Program Files\Samantha Swift and the Hidden Roses of Athena
[14/08/2007|18:40] C:\Program Files\Spyde Solitaire
[14/03/2008|23:20] C:\Program Files\SUPERAntiSpyware
[16/02/2008|22:35] C:\Program Files\SystemRequirementsLab
[09/08/2008|15:16] C:\Program Files\The Adventure Company
[13/09/2008|10:29] C:\Program Files\Turbo Fiesta
[15/03/2008|14:10] C:\Program Files\Uniblue
[27/12/2006|21:13] C:\Program Files\Uninstall Information
[01/10/2008|18:24] C:\Program Files\Virgin Broadband
[09/10/2007|16:57] C:\Program Files\Virgin Media Games
[07/10/2007|18:59] C:\Program Files\Vivendi Universal Games
[02/06/2007|22:16] C:\Program Files\Windows Desktop Search
[26/02/2008|21:51] C:\Program Files\Windows Live
[30/11/2007|19:14] C:\Program Files\Windows Live Favorites
[30/10/2007|17:20] C:\Program Files\Windows Live Safety Center
[30/11/2007|19:15] C:\Program Files\Windows Live Toolbar
[22/07/2007|08:45] C:\Program Files\Windows Media Connect 2
[22/07/2007|08:48] C:\Program Files\Windows Media Player
[28/08/2008|18:04] C:\Program Files\Windows NT
[27/12/2006|21:13] C:\Program Files\Windows Plus
[13/12/2007|21:23] C:\Program Files\WindowsUpdate
[26/07/2007|06:55] C:\Program Files\WinZip Self-Extractor
[27/12/2006|21:13] C:\Program Files\xerox
[08/04/2008|22:25] C:\Program Files\Yahoo!
[11/08/2008|17:53] C:\Program Files\Yard Sale Hidden Treasures - Sunnyville
[08/09/2008|19:35] C:\Program Files\Zylom Games
--------------------\\ Listing Folders in C:\Program Files\Common Files
[05/06/2008|17:39] C:\Program Files\Common Files\Adobe
[01/10/2008|18:25] C:\Program Files\Common Files\Authentium
[29/06/2007|13:12] C:\Program Files\Common Files\Canon
[02/06/2007|21:58] C:\Program Files\Common Files\DESIGNER
[12/05/2008|21:11] C:\Program Files\Common Files\DirectX
[09/09/2007|21:28] C:\Program Files\Common Files\EasyInfo
[13/05/2007|19:59] C:\Program Files\Common Files\InstallShield
[13/05/2007|09:54] C:\Program Files\Common Files\Java
[27/12/2006|21:11] C:\Program Files\Common Files\LightScribe
[21/12/2007|21:38] C:\Program Files\Common Files\Logitech
[26/02/2008|08:38] C:\Program Files\Common Files\Microsoft Shared
[27/12/2006|21:11] C:\Program Files\Common Files\MSSoap
[03/11/2007|08:21] C:\Program Files\Common Files\Nokia
[27/12/2006|21:11] C:\Program Files\Common Files\ODBC
[13/12/2007|21:23] C:\Program Files\Common Files\PACE Anti-Piracy
[03/11/2007|08:12] C:\Program Files\Common Files\PCSuite
[12/06/2007|19:35] C:\Program Files\Common Files\Roxio Shared
[01/10/2008|18:30] C:\Program Files\Common Files\Scanner
[27/12/2006|21:12] C:\Program Files\Common Files\Services
[12/06/2007|19:35] C:\Program Files\Common Files\Sonic Shared
[27/12/2006|21:12] C:\Program Files\Common Files\SpeechEngines
[25/11/2007|08:58] C:\Program Files\Common Files\SWF Studio
[16/09/2007|07:28] C:\Program Files\Common Files\Symantec Shared
[28/08/2008|18:31] C:\Program Files\Common Files\System
[08/08/2008|22:14] C:\Program Files\Common Files\Teleca Shared
[24/02/2008|17:59] C:\Program Files\Common Files\WindowsLiveInstaller
--------------------\\ Process
( 70 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !

--------------------\\ Searching for Lop Files - Folders
C:\DOCUME~1\HELENB~1\Cookies\[email protected][2].txt
C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
C:\DOCUME~1\HELENB~1\Cookies\[email protected][2].txt
C:\DOCUME~1\HELENB~1\Cookies\[email protected][2].txt

--------------------\\ Searching within the Registry

..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 14:08:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

No other infections found !
[F:2][D:1]-> C:\DOCUME~1\HELENB~1\LOCALS~1\Temp
[F:67][D:0]-> C:\DOCUME~1\HELENB~1\Cookies
[F:5][D:1]-> C:\DOCUME~1\HELENB~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 08/10/2008| 7:29 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 10/10/2008|20:09 - Option : [4]
3 - "C:\Lop SD\LopR_3.txt" - 12/10/2008|14:09 - Option : [4]
--------------------\\ Scan completed at 14:09:39

Hels_Here · Oct 12, 2008

ComboFix Log

ComboFix 08-10-11.02 - Helen Bennett 2008-10-12 13:56:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.604 [GMT 1:00]
Running from: C:\Documents and Settings\Helen Bennett\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\3.exe
C:\f.exe
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
.
((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.
2008-10-12 09:01 . 2008-10-12 09:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-11 19:08 . 2008-10-11 19:08 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-10-10 18:22 . 2008-10-10 18:22 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\panoramik
2008-10-08 07:25 . 2008-10-10 20:09 <DIR> d-------- C:\Lop SD
2008-10-07 21:14 . 2008-10-07 21:15 <DIR> d-------- C:\Program Files\Samantha Swift and the Hidden Roses of Athena
2008-10-06 17:23 . 2008-10-06 17:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-06 17:23 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-06 17:23 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-02 18:38 . 2008-10-02 18:38 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\JoyBits
2008-10-02 18:33 . 2008-10-02 18:38 <DIR> d-------- C:\Program Files\Cassandra's Journey - The Legacy of Nostradamus
2008-10-01 18:35 . 2008-10-01 18:35 <DIR> d-------- C:\Program Files\Raxco
2008-10-01 18:35 . 2008-10-01 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-10-01 18:25 . 2008-10-01 18:30 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-10-01 18:25 . 2008-10-01 18:25 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-10-01 18:25 . 2008-10-01 18:34 53,192 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-10-01 18:25 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-10-01 18:23 . 2008-10-01 18:23 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\InstallShield
2008-09-30 21:19 . 2008-09-30 21:19 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-09-29 17:55 . 2008-09-30 20:22 <DIR> d-------- C:\Program Files\Cooking Dash
2008-09-26 20:46 . 2008-09-30 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco(2)
2008-09-26 20:45 . 2008-09-26 20:45 <DIR> d-------- C:\Documents and Settings\Emma Bennett\Application Data\InstallShield
2008-09-26 17:13 . 2008-09-26 17:14 <DIR> d-------- C:\Program Files\Lost Secrets - Bermuda Triangle
2008-09-22 19:31 . 2008-10-12 09:01 <DIR> d-------- C:\Documents and Settings\Emma Bennett\Application Data\OpenOffice.org2
2008-09-22 18:25 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-18 22:39 . 2008-09-18 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
2008-09-18 20:43 . 2008-09-18 21:48 <DIR> d-------- C:\Program Files\Magic Encyclopedia
2008-09-17 17:52 . 2008-09-17 17:52 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\BigFishv1005
2008-09-13 10:28 . 2008-09-13 10:29 <DIR> d-------- C:\Program Files\Turbo Fiesta
2008-09-12 21:32 . 2008-09-23 22:17 <DIR> d-------- C:\Program Files\RighteousKill_at
2008-09-12 21:25 . 2008-09-12 21:25 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\Pi Eye Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 21:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-11 18:59 --------- d-----w C:\Program Files\EA GAMES
2008-10-11 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-10-11 08:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-07 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-10-06 17:04 --------- d-----w C:\Program Files\Java
2008-10-02 21:02 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-10-02 21:02 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-10-01 20:22 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\EleFun Games
2008-10-01 18:31 --------- d-----w C:\Documents and Settings\Emma Bennett\Application Data\FreeMore
2008-10-01 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Debug manager soft the
2008-10-01 17:25 --------- d-----w C:\Program Files\CA
2008-10-01 17:24 --------- d-----w C:\Program Files\Virgin Broadband
2008-10-01 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-10-01 17:05 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Virgin Broadband
2008-09-29 20:08 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\PlayFirst
2008-09-29 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-09-24 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-09-22 17:32 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-09-21 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-09-20 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-20 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
2008-09-14 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\MysteryChronicles
2008-09-13 09:43 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Oberon Games
2008-09-13 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-09-11 06:21 --------- d-----w C:\Program Files\QuickTime
2008-09-10 17:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
2008-09-10 07:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-10 07:01 --------- d-----w C:\Program Files\Microsoft Works
2008-09-09 20:05 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\MysteryStudio
2008-09-09 19:18 0 ----a-w C:\Documents and Settings\Emma Bennett\Application Data\wklnhst.dat
2008-09-09 19:18 --------- d-----w C:\Documents and Settings\Emma Bennett\Application Data\Template
2008-09-09 16:45 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\OpenOffice.org2
2008-09-09 16:40 --------- d-----w C:\Program Files\bfgclient
2008-09-08 18:35 --------- d-----w C:\Program Files\Zylom Games
2008-09-06 08:11 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Zylom
2008-09-05 20:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-04 18:22 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Home Sweet Home 2
2008-09-03 18:46 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\BeachPartyCraze
2008-08-31 13:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 16:31 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Big Fish Games
2008-08-27 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
2008-08-26 21:32 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Purple Patch Games
2008-08-24 10:39 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\TMInc
2008-08-23 17:12 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\BFG_JanesRealty
2008-08-22 19:59 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Righteous Kill
2008-08-18 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intenium
2008-08-17 20:51 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2008-08-17 20:51 --------- d-----w C:\Program Files\Deirdra Kiai Productions
2008-08-14 19:37 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Go-Go Gourmet Chef of the Year
2008-07-25 14:15 4,632 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-12 14:17 29,760 ----a-w C:\WINDOWS\system32\O0JgCl87.exe
2008-03-18 20:40 24,540 ----a-w C:\Program Files\HIJACKTHIS[1].EXE-032D5DCC.pf
2008-03-01 09:53 0 ----a-w C:\Program Files\temp01
2007-11-23 23:18 812 ----a-w C:\Documents and Settings\Helen Bennett\Application Data\wklnhst.dat
2007-06-13 11:26 204,804 --sh--r C:\WINDOWS\system32\winsrtv32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 68856]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"winpr.exe"="C:\WINDOWS\system32\winpr.exe" [2008-06-04 36868]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"soft the obj send"="C:\Documents and Settings\All Users\Application Data\Debug manager soft the\burn tray.exe" [2008-10-12 8866304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-11 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 2061552]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 310000]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"Protect"="SHVRTF.EXE" [2005-02-04 C:\WINDOWS\system32\SHVRTF.EXE]
"Microsoft Genuine Advantage"="winsrtv32.exe" [2007-06-13 C:\WINDOWS\system32\winsrtv32.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Genuine Advantage"="winsrtv32.exe" [2007-06-13 C:\WINDOWS\system32\winsrtv32.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\bfgclient\\bfggameservices.exe"=
"C:\\Program Files\\bfgclient\\bfgprocess.exe"=
"C:\\Program Files\\bfgclient\\bfgclient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
S3 bDMusicb;bDMusicb;C:\DOCUME~1\EMMABE~1\LOCALS~1\Temp\bDMusicb.sys [ ]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2008-04-14 5120]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E2F7A3FF-3F65-97D6-882B-4CFA04A2DFCA}]
C:\WINDOWS\system32\winpr.exe
.
Contents of the 'Scheduled Tasks' folder
2008-10-12 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
2007-05-13 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe []
2008-10-11 C:\WINDOWS\Tasks\System Restore.job
- C:\WINDOWS\system32\Restore\rstrui.exe [2008-04-14 01:12]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Windows DNS Controller - winmn32.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://news.bbc.co.uk/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.evesham.com/
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 14:01:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
winpr.exe = C:\WINDOWS\system32\winpr.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\EMMABE~1\LOCALS~1\Temp\mc23D.tmp"
.
Completion time: 2008-10-12 14:04:10
ComboFix-quarantined-files.txt 2008-10-12 13:04:05
Pre-Run: 193,323,909,120 bytes free
Post-Run: 193,669,664,768 bytes free
220 --- E O F --- 2008-09-10 07:04:12

Hels_Here · Oct 12, 2008

HiJack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10:11, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\winpr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\winsrtv32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Helen Bennett\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [Microsoft Genuine Advantage] winsrtv32.exe
O4 - HKLM\..\Run: [winpr.exe] C:\WINDOWS\system32\winpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [soft the obj send] C:\Documents and Settings\All Users\Application Data\Debug manager soft the\burn tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\RunServices: [Microsoft Genuine Advantage] winsrtv32.exe
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\HELENB~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Emma Bennett')
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Emma Bennett')
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Emma Bennett')
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Emma Bennett')
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Emma Bennett')
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe (User 'Emma Bennett')
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Emma Bennett')
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [cast up] C:\DOCUME~1\EMMABE~1\APPLIC~1\FreeMore\BoltLies.exe (User 'Emma Bennett')
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe" (User 'Emma Bennett')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
--
End of file - 11649 bytes

jmw3 · Oct 13, 2008

Hello Hels_Here
Sorry for the late reply.

ATF Cleaner
Download ATF Cleaner here by Atribune.

Double-click ATF-Cleaner.exe to run the program
Under Main choose: Select All
Click the Empty Selected button

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button
NOTE: If you would like to keep your saved passwords, please click No at the prompt

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button
NOTE: If you would like to keep your saved passwords, please click No at the prompt

Click Exit on the Main menu to close the program.

Fix HiJackThis Entries

Open HiJackThis
Click on Do a system scan only
Place a checkmark next to these lines(if still present):

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\HELENB~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [cast up] C:\DOCUME~1\EMMABE~1\APPLIC~1\FreeMore\BoltLies.exe (User 'Emma Bennett')

Close all windows except Hijackthis and click Fix Checked
Click Yes when prompted
Close HijackThis.

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code:

Driver::
bDMusicb
mchInjDrv

File::
C:\WINDOWS\system32\O0JgCl87.exe
C:\WINDOWS\system32\winsrtv32.exe
C:\WINDOWS\system32\winpr.exe
C:\DOCUME~1\EMMABE~1\LOCALS~1\Temp\mc23D.tmp
C:\DOCUME~1\EMMABE~1\LOCALS~1\Temp\bDMusicb.sys

Folder::
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Program Files\Messenger Plus! Live
C:\Documents and Settings\Emma Bennett\Application Data\FreeMore
C:\Documents and Settings\All Users\Application Data\Debug manager soft the
C:\Program Files\temp01

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winpr.exe"=-
"soft the obj send"=-
"Microsoft Genuine Advantage"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Genuine Advantage"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E2F7A3FF-3F65-97D6-882B-4CFA04A2DFCA}]

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

To post in next reply:
Combofix log
New HijackThis log

Hels_Here · Oct 14, 2008

Hi, all actions completed as requested, HijackThis log to follow in a seperate reply

ComboFix 08-10-12.01 - Helen Bennett 2008-10-14 17:38:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.593 [GMT 1:00]
Running from: C:\Documents and Settings\Helen Bennett\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Helen Bennett\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\DOCUME~1\EMMABE~1\LOCALS~1\Temp\bDMusicb.sys
C:\DOCUME~1\EMMABE~1\LOCALS~1\Temp\mc23D.tmp
C:\WINDOWS\system32\O0JgCl87.exe
C:\WINDOWS\system32\winpr.exe
C:\WINDOWS\system32\winsrtv32.exe
.
/wow section - STAGE 10
The handle could not be duplicated
during redirection of handle 1.
The system cannot find the path specified.
The process cannot access the file because it is being used by another process.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Debug manager soft the
C:\Documents and Settings\All Users\Application Data\Debug manager soft the\Beep face.exe
C:\Documents and Settings\All Users\Application Data\Debug manager soft the\Part Idol.exe
C:\Documents and Settings\All Users\Application Data\Debug manager soft the\Window Defy.exe
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Program Files\Messenger Plus! Live
C:\Program Files\Messenger Plus! Live\Detoured.dll
C:\Program Files\Messenger Plus! Live\Events Style Sheet.xsl
C:\Program Files\Messenger Plus! Live\lame_enc.dll
C:\Program Files\Messenger Plus! Live\Languages\Lng_Arabic.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_ChineseSimplified.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_ChineseTraditional.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Danish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Default.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Dutch.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Estonian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Finnish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_French.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_German.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Hebrew.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Hungarian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Italian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Japanese.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Korean.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Norwegian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Portuguese.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Spanish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Swedish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Thai.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Turkish.ini
C:\Program Files\Messenger Plus! Live\libsndfile.dll
C:\Program Files\Messenger Plus! Live\Log Viewer.exe
C:\Program Files\Messenger Plus! Live\MPScripts.dll
C:\Program Files\Messenger Plus! Live\MPSkins.dll
C:\Program Files\Messenger Plus! Live\MPTools.exe
C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll
C:\Program Files\Messenger Plus! Live\MsgPlusLoader.dll
C:\Program Files\Messenger Plus! Live\Uninstall.exe
C:\Program Files\temp01\
C:\WINDOWS\system32\O0JgCl87.exe
C:\WINDOWS\system32\winpr.exe
C:\WINDOWS\system32\winsrtv32.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BDMUSICB
-------\Legacy_MCHINJDRV
-------\Service_bDMusicb

((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.
2008-10-12 16:33 . 2008-10-12 16:33 <DIR> d-------- C:\Program Files\FreeMore
2008-10-12 16:32 . 2008-10-12 16:32 <DIR> d-------- C:\Program Files\Circle Developement
2008-10-10 18:22 . 2008-10-10 18:22 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\panoramik
2008-10-08 07:25 . 2008-10-12 14:09 <DIR> d-------- C:\Lop SD
2008-10-07 21:14 . 2008-10-07 21:15 <DIR> d-------- C:\Program Files\Samantha Swift and the Hidden Roses of Athena
2008-10-06 17:23 . 2008-10-06 17:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-06 17:23 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-06 17:23 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-02 18:38 . 2008-10-02 18:38 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\JoyBits
2008-10-02 18:33 . 2008-10-02 18:38 <DIR> d-------- C:\Program Files\Cassandra's Journey - The Legacy of Nostradamus
2008-10-01 18:35 . 2008-10-01 18:35 <DIR> d-------- C:\Program Files\Raxco
2008-10-01 18:35 . 2008-10-01 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-10-01 18:25 . 2008-10-01 18:30 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-10-01 18:25 . 2008-10-01 18:25 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-10-01 18:25 . 2008-10-01 18:34 53,192 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-10-01 18:25 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-10-01 18:23 . 2008-10-01 18:23 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\InstallShield
2008-09-30 21:19 . 2008-09-30 21:19 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-09-29 17:55 . 2008-09-30 20:22 <DIR> d-------- C:\Program Files\Cooking Dash
2008-09-26 20:46 . 2008-09-30 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco(2)
2008-09-26 17:13 . 2008-09-26 17:14 <DIR> d-------- C:\Program Files\Lost Secrets - Bermuda Triangle
2008-09-22 18:25 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-18 22:39 . 2008-09-18 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
2008-09-18 20:43 . 2008-09-18 21:48 <DIR> d-------- C:\Program Files\Magic Encyclopedia
2008-09-17 17:52 . 2008-09-17 17:52 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\BigFishv1005
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-12 15:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-11 18:59 --------- d-----w C:\Program Files\EA GAMES
2008-10-11 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-10-07 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-10-06 17:04 --------- d-----w C:\Program Files\Java
2008-10-02 21:02 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-10-02 21:02 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-10-01 20:22 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\EleFun Games
2008-10-01 17:25 --------- d-----w C:\Program Files\CA
2008-10-01 17:24 --------- d-----w C:\Program Files\Virgin Broadband
2008-10-01 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-10-01 17:05 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Virgin Broadband
2008-09-29 20:08 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\PlayFirst
2008-09-29 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-09-24 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-09-23 21:17 --------- d-----w C:\Program Files\RighteousKill_at
2008-09-22 17:32 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-09-21 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-09-20 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-20 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
2008-09-14 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\MysteryChronicles
2008-09-13 09:43 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Oberon Games
2008-09-13 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-09-13 09:29 --------- d-----w C:\Program Files\Turbo Fiesta
2008-09-12 20:25 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Pi Eye Games
2008-09-11 06:21 --------- d-----w C:\Program Files\QuickTime
2008-09-10 17:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
2008-09-10 07:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-10 07:01 --------- d-----w C:\Program Files\Microsoft Works
2008-09-09 20:05 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\MysteryStudio
2008-09-09 16:45 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\OpenOffice.org2
2008-09-09 16:40 --------- d-----w C:\Program Files\bfgclient
2008-09-08 18:35 --------- d-----w C:\Program Files\Zylom Games
2008-09-06 08:11 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Zylom
2008-09-05 20:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-04 18:22 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Home Sweet Home 2
2008-09-03 18:46 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\BeachPartyCraze
2008-08-31 13:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 16:31 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Big Fish Games
2008-08-27 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
2008-08-26 21:32 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Purple Patch Games
2008-08-24 10:39 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\TMInc
2008-08-23 17:12 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\BFG_JanesRealty
2008-08-22 19:59 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Righteous Kill
2008-08-18 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intenium
2008-08-17 20:51 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2008-08-17 20:51 --------- d-----w C:\Program Files\Deirdra Kiai Productions
2008-08-14 19:37 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Go-Go Gourmet Chef of the Year
2008-07-25 14:15 4,632 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-03-18 20:40 24,540 ----a-w C:\Program Files\HIJACKTHIS[1].EXE-032D5DCC.pf
2008-03-01 09:53 0 ----a-w C:\Program Files\temp01
2007-11-23 23:18 812 ----a-w C:\Documents and Settings\Helen Bennett\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((( [email protected]_14.03.47.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
- 2008-10-01 18:31:15 2,097,152 ---ha-w C:\WINDOWS\system32\VSS\Documents and Settings\Administrator\NTUSER.DAT
+ 2008-10-12 15:33:34 2,097,152 ---ha-w C:\WINDOWS\system32\VSS\Documents and Settings\Administrator\NTUSER.DAT
- 2008-10-11 23:42:42 6,815,744 ----a-w C:\WINDOWS\system32\VSS\Documents and Settings\Emma Bennett\NTUSER.DAT
+ 2008-10-12 22:02:24 6,815,744 ----a-w C:\WINDOWS\system32\VSS\Documents and Settings\Emma Bennett\NTUSER.DAT
- 2008-10-11 23:41:39 5,767,168 ----a-w C:\WINDOWS\system32\VSS\Documents and Settings\Helen Bennett\NTUSER.DAT
+ 2008-10-13 22:25:06 5,767,168 ----a-w C:\WINDOWS\system32\VSS\Documents and Settings\Helen Bennett\NTUSER.DAT
- 2008-10-11 23:42:42 237,568 ----a-w C:\WINDOWS\system32\VSS\Documents and Settings\LocalService\NTUSER.DAT
+ 2008-10-13 22:25:06 237,568 ----a-w C:\WINDOWS\system32\VSS\Documents and Settings\LocalService\NTUSER.DAT
- 2008-10-11 23:42:42 237,568 ----a-w C:\WINDOWS\system32\VSS\Documents and Settings\NetworkService\NTUSER.DAT
+ 2008-10-13 22:25:06 237,568 ----a-w C:\WINDOWS\system32\VSS\Documents and Settings\NetworkService\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 68856]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-11 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 2061552]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 310000]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"Protect"="SHVRTF.EXE" [2005-02-04 C:\WINDOWS\system32\SHVRTF.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\bfgclient\\bfggameservices.exe"=
"C:\\Program Files\\bfgclient\\bfgprocess.exe"=
"C:\\Program Files\\bfgclient\\bfgclient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2008-04-14 5120]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]
.
Contents of the 'Scheduled Tasks' folder
2008-10-14 C:\WINDOWS\Tasks\A2A2F78791856AB3.job
- c:\docume~1\emmabe~1\applic~1\freemore\Safeelseboob.exe []
2008-10-14 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
2007-05-13 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe []
2008-10-13 C:\WINDOWS\Tasks\System Restore.job
- C:\WINDOWS\system32\Restore\rstrui.exe [2008-04-14 01:12]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 18:12:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
.
**************************************************************************
.
Completion time: 2008-10-14 18:19:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-14 17:19:24
ComboFix2.txt 2008-10-12 13:04:10
Pre-Run: 194,369,736,704 bytes free
Post-Run: 194,241,568,768 bytes free
278 --- E O F --- 2008-09-10 07:04:12

Hels_Here · Oct 14, 2008

Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:08, on 14/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\WINDOWS\explorer.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Virgin Broadband\PCguard\RPS.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Helen Bennett\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [soft the obj send] C:\Documents and Settings\All Users\Application Data\Debug manager soft the\Cast That.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Emma Bennett')
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Emma Bennett')
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Emma Bennett')
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Emma Bennett')
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Emma Bennett')
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe (User 'Emma Bennett')
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Emma Bennett')
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [cast up] C:\DOCUME~1\EMMABE~1\APPLIC~1\FreeMore\BoltLies.exe (User 'Emma Bennett')
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe" (User 'Emma Bennett')
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" (User 'Emma Bennett')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
--
End of file - 11662 bytes

jmw3 · Oct 16, 2008

Hello Hels_Here
I apologise for the late reply.

Fix HiJackThis Entries

Open HiJackThis
Click on Do a system scan only
Place a checkmark next to these lines(if still present):

O4 - HKLM\..\Run: [soft the obj send] C:\Documents and Settings\All Users\Application Data\Debug manager soft the\Cast That.exe
O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [cast up] C:\DOCUME~1\EMMABE~1\APPLIC~1\FreeMore\BoltLies.exe (User 'Emma Bennett')

Close all windows except Hijackthis and click Fix Checked
Click Yes when prompted
Close HijackThis.

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code:

File::
C:\WINDOWS\Tasks\A2A2F78791856AB3.job

Folder::
C:\Documents and Settings\Emma Bennett\Application Data\freemore
C:\Program Files\Circle Developement
C:\Program Files\FreeMore

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

To post in next reply:
Combofix log
New HijackThis log

Hels_Here · Oct 17, 2008

Hello

Here is my HijackThis new report. Combo Fix Log to follow in separate reply. I couldn't locat the second 04 line that you mentioned for removal from HijackThis.

Thank you again for your help with this problem.

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:49, on 17/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Helen Bennett\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
--
End of file - 9296 bytes

Hels_Here · Oct 17, 2008

Hi, I have had to attach my Combo Fix Log as it was too long for the allowed file length. Hope this is okay.

Thank you

Suspicious Pop Up Removal

Hels_Here

jmw3

Hels_Here

jmw3

Hels_Here

jmw3

Hels_Here

Hels_Here

Hels_Here

jmw3

Hels_Here

Hels_Here

jmw3

Hels_Here

Hels_Here

Attachments

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

Welcome to Tech Support Guy!

Latest posts

Staff online

Members online