1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Suspicious Pop Up Removal

Discussion in 'Virus & Other Malware Removal' started by Hels_Here, Oct 6, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Hels_Here

    Hels_Here Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    72
    Hello

    Is there anybody available to help me remove pop up windows? Every time I log on to the Internet, I keep on getting pop ups that relate to anything from Moneysupermarket.com to Car Insurance. This keeps on happening whenever I change the site i am viewing.

    I have pasted a copy of my HJT log file, please can you help? :) Thank you

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:02:29, on 06/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\winpr.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Virgin Broadband\PCguard\Rps.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\winsrtv32.exe
    C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Helen Bennett\Desktop\HijackThis.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Evesham Technology
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
    O4 - HKLM\..\Run: [Windows DNS Controller] winmn32.exe
    O4 - HKLM\..\Run: [Microsoft Genuine Advantage] winsrtv32.exe
    O4 - HKLM\..\Run: [winpr.exe] C:\WINDOWS\system32\winpr.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [soft the obj send] C:\Documents and Settings\All Users\Application Data\Debug manager soft the\burn tray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
    O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
    O4 - HKLM\..\RunServices: [Microsoft Genuine Advantage] winsrtv32.exe
    O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    --
    End of file - 10773 bytes
     
  2. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Welcome Hels_Here

    I will be helping you under the guidance of one of our expert coaches.
    Please give me a little time to get back to you with instructions.

    In the meantime please note the following:
    • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
    • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
      1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
      2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
    • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
    • A lack of symptoms does not necessarily mean your computer is clean.
    • Continue to respond to this thread until I give you the All Clean!
    Please Note: My instructions to you are checked by an expert prior to posting. This may cause a small delay between posts.
    Thanks

    Create an Uninstall List
    • Start HijackThis
    • Click on the Config button
    • Click on the Misc Tools button
    • Click on the Open Uninstall Manager button
    • Click on the Save list... button and specify where you would like to save this file
    • When you press the Save button a notepad will open with the contents of that file
    • Copy and paste the contents of that notepad here in your next reply
     
  3. Hels_Here

    Hels_Here Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    72
    Hi, thank you for responding. As requested, here is the uninstall_list:

    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Adobe Flash Player ActiveX
    Adobe Reader 8.1.2
    Advanced Uninstaller PRO 2006 - version 7
    Authentium AntiVirus SDK - 2
    Big Fish Games Client
    Cake Shop
    Cassandra's Journey: The Legacy of Nostradamus
    CCleaner (remove only)
    Disc2Phone
    EA Download Manager
    Easy-WebPrint
    Enable S3 for USB Device
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Google Updater
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Imikimi Plugin
    Java(TM) 6 Update 7
    Magic Encyclopedia
    Malwarebytes' Anti-Malware
    Map Button (Windows Live Toolbar)
    Marvell Miniport Driver
    Messenger Plus! Live
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Basic 2007
    Microsoft Office Basic 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Protection Service
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Live OneCare Resources v1.6.2111.38
    Microsoft Windows OneCare Live v1.6.2111.30 Idcrl Install
    Microsoft Windows OneCare Live v1.6.2111.38
    Microsoft Works
    MSN
    MSVC80_x86
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    Nokia Connectivity Cable Driver
    Nokia Flashing Cable Driver
    Nokia PC Suite
    Nokia PC Suite
    Nokia Software Updater
    NVIDIA Drivers
    OpenAL
    OpenOffice.org 2.3
    Orange Broadband Uninstall
    PC Connectivity Solution
    PerfectDisk
    Popup Blocker (Windows Live Toolbar)
    PPSDKRedistributables
    PX Engine
    Radialpoint Security Services
    Realtek High Definition Audio Driver
    Red Cross - Emergency Response Unit
    RPS Ad Blocker
    RPS AntiFraud
    RPS AntiSpyware
    RPS AntiVirus
    RPS App Detector
    RPS AsRealtime
    RPS Backup
    RPS Burn
    RPS Diagnostic Utility
    RPS Firewall
    RPS ParentalControl
    RPS Performance Tool
    RPS PopupBlocker
    RPS Privacy Manager
    RPS RpsCore
    RPS Security Cleanup
    RPS Zip
    Security Update for 2007 Microsoft Office System (KB951596)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB951546)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office Word 2007 (KB950113)
    Security Update for Visio 2007 (KB947590)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    SimCity™ Societies
    SimCity™ Societies
    SimCity™ Societies Destinations
    Smart Menus (Windows Live Toolbar)
    Sonic Encoders
    System Requirements Lab
    Tabbed Browsing (Windows Live Toolbar)
    TGTTPOACS
    The Sims 2
    The Sims 2 Family Fun Stuff
    The Sims 2 Open For Business
    The Sims 2 Pets
    The Sims™ 2 Apartment Life
    The Sims™ 2 Bon Voyage
    The Sims™ 2 FreeTime
    The Sims™ 2 IKEA® Home Stuff
    Turbo Fiesta
    Uniblue ProcessQuickLink 2
    Uniblue ProcessScanner
    Update for Microsoft Office Outlook 2007 (KB952142)
    Update for Office 2007 (KB946691)
    Update for Outlook 2007 Junk Email Filter (kb956080)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Virgin Broadband advisor 1.5.14
    Virgin Broadband PCguard
    Windows Desktop Search 3.01
    Windows Desktop Search 3.01
    Windows Driver Package - Nokia Modem (03/05/2008 3.7)
    Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
    Windows Driver Package - Nokia Modem (08/03/2007 3.2)
    Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
    Windows Driver Package - Nokia Modem (08/08/2007 3.3)
    Windows Driver Package - Nokia Modem (10/12/2007 3.6)
    Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    Windows Live Favorites for Windows Live Toolbar
    Windows Live installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Outlook Toolbar (Windows Live Toolbar)
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live Toolbar Feed Detector (Windows Live Toolbar)
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Media Center Edition 2005 KB888316
    Windows XP Media Center Edition 2005 KB890760
    Windows XP Media Center Edition 2005 KB894553
    Windows XP Media Center Edition 2005 KB895678
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Service Pack 3
    WinZip Self-Extractor
    Zoo Vet 2: Endangered Animals
     
  4. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hello Hels_Here
    Sorry for the late reply.

    Upload Files for Scanning
    Go to VirusTotal or Jotti
    (Just use one or the other. No need to use both.)

    If you use VirusTotal click Browse
    In the Choose File box that opens navigate to C:\WINDOWS\winmn32.exe, & double click on winmn32.exe
    Then click Send File
    Wait for scans to finish then copy & paste the results into your next reply
    Following the instructions above do the same for:
    C:\WINDOWS\system32\winpr.exe
    C:\WINDOWS\system32\winsrtv32.exe

    If you use Jotti click Browse
    In the Choose File box that opens navigate to C:\WINDOWS\winmn32.exe, & double click on winmn32.exe
    Then click Submit
    Wait for scans to finish then copy & paste the results into your next reply
    Following the instructions above do the same for:
    C:\WINDOWS\system32\winpr.exe
    C:\WINDOWS\system32\winsrtv32.exe

    Lop S&D
    Download Lop S&D by Eric_71 here and save it to your desktop.
    Lop S&D will only run on Windows XP and Windows Vista
    Close/disable all anti virus and anti malware programs so they do not interfere with the running of Lop S&D
    A guide to do this can be found here.
    The ones that need to be closed/disabled are:
    Virgin PC Guard | eTrust Pest Patrol

    • Double-click Lop S&D.exe
    • Choose the language by typing of the corresponding letter and press Enter
    • Click OK at the informative window
    • Type 1, to choose Option 1 (Search) then press Enter
    • Wait until the end of the scan
    • A report will be generated, post the contents of it in your next reply.
    (Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

    To post in next reply:
    Results from either VirusTotal or Jotti
    Lop S&D log
     
  5. Hels_Here

    Hels_Here Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    72
    Hi there

    I used VirusTotal for the first part of your request, I could not locate the first file [Winmn32.exe] but I managed to navigate to Winpr.exe and Winsrtv32
    File has already been analysed:


    MD5:459c22a9a21cff089e8bc63c360fdab3First received:06.04.2008 19:03:09 (CET)Date:06.04.2008 19:03:09 (CET) [>126D]Results:6/33Permalink:analisis/37157a7ad5e6ae5937756b70eaed4b80

    File has already been analysed:


    MD5:7e7d05a3bb47c0daf8cf1560663d5d17First received:06.03.2008 13:49:03 (CET)Date:06.05.2008 21:02:22 (CET) [>125D]Results:5/33Permalink:analisis/d0b5f9bea8dcb3a4adc6b8f2377d40ba

    Lop S & D File:


    --------------------\\ Lop S&D 4.2.4-5 XP/Vista
    Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : Helen Bennett ( Administrator )
    BOOT : Normal boot
    Antivirus : PCguard Anti-Virus 6.0.1 (Not Activated)
    Firewall : PCguard Firewall 6.0.1 (Activated)
    C:\ (Local Disk) - NTFS - Total : 229 Go Free : 181 Go
    D:\ (CD or DVD)
    "C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
    Option : [1] ( 08/10/2008| 7:28 )

    --------------------\\ Listing folders in APPLIC~1
    [21/01/2008|21:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [13/04/2008|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\3 Blokes Studios
    [21/07/2007|14:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\7Wonders2
    [05/06/2008|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [08/08/2008|22:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [24/05/2008|22:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Astar Games
    [30/11/2007|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Awem
    [17/06/2008|21:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFish
    [07/10/2008|20:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
    [11/07/2008|20:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\blg
    [23/06/2007|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CaveDays
    [28/11/2007|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Christmasville
    [01/10/2008|19:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Debug manager soft the
    [18/12/2007|20:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DivoGames
    [10/10/2007|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eGames
    [12/03/2008|20:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EscapeTheMuseum
    [27/08/2008|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FarmFrenzy2
    [08/10/2007|20:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FireGlow
    [27/06/2008|18:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fitn17
    [30/05/2008|15:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Flood Light Games
    [29/06/2008|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames
    [25/07/2008|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
    [31/01/2008|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Go Go Gourmet
    [20/09/2008|10:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii
    [31/05/2008|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii Games
    [12/05/2007|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [07/10/2008|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
    [23/12/2007|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HiddenSecretsNightmare
    [11/04/2008|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
    [07/08/2008|07:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
    [27/12/2006|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [18/08/2008|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intenium
    [09/02/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
    [25/06/2007|20:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
    [14/03/2008|21:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
    [13/05/2007|09:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    [29/05/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ludia
    [28/03/2008|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [25/07/2007|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [28/08/2008|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [10/09/2008|08:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [01/03/2008|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MonteCristo
    [07/10/2008|21:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
    [14/09/2008|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MysteryChronicles
    [18/05/2008|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MythPeople
    [03/11/2007|08:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
    [23/08/2007|18:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
    [13/09/2008|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
    [13/12/2007|21:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PACE Anti-Piracy
    [10/09/2008|18:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PBGsavesDirectory
    [21/09/2008|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
    [29/09/2008|21:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
    [17/03/2008|21:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayPond
    [18/09/2008|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Playrix Entertainment
    [02/06/2007|20:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
    [13/08/2007|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PrettyGoodGames
    [20/03/2008|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QB9 S.R.L
    [01/10/2008|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raxco
    [30/09/2008|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raxco(2)
    [20/09/2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
    [04/01/2008|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
    [04/08/2008|23:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SimCity Societies
    [06/10/2007|08:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [09/08/2008|23:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Slapdash Games
    [26/04/2008|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlapdashGames
    [27/12/2006|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
    [24/09/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
    [17/03/2008|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [13/03/2008|22:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
    [13/03/2008|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    [07/10/2008|22:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [18/11/2007|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\The Game Equation
    [10/08/2008|07:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TheRace_dev
    [21/01/2008|21:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Valusoft
    [01/10/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Virgin Broadband
    [09/06/2008|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VirtualFarm
    [13/05/2007|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [12/05/2007|14:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [26/02/2008|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [09/06/2008|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    [23/06/2007|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
    [18/08/2007|11:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Google
    [21/01/2008|21:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [10/10/2007|22:11] C:\DOCUME~1\HELENB~1\APPLIC~1\Abra Academy2
    [01/03/2008|21:47] C:\DOCUME~1\HELENB~1\APPLIC~1\Adobe
    [07/07/2008|18:04] C:\DOCUME~1\HELENB~1\APPLIC~1\Alawar
    [08/08/2008|18:45] C:\DOCUME~1\HELENB~1\APPLIC~1\alot
    [26/06/2008|18:47] C:\DOCUME~1\HELENB~1\APPLIC~1\Ancient Quest of Saqqarah__bfg
    [03/06/2008|21:38] C:\DOCUME~1\HELENB~1\APPLIC~1\Apple Computer
    [03/09/2008|19:46] C:\DOCUME~1\HELENB~1\APPLIC~1\BeachPartyCraze
    [23/08/2008|18:12] C:\DOCUME~1\HELENB~1\APPLIC~1\BFG_JanesRealty
    [28/08/2008|17:31] C:\DOCUME~1\HELENB~1\APPLIC~1\Big Fish Games
    [17/06/2008|21:52] C:\DOCUME~1\HELENB~1\APPLIC~1\BigFish
    [17/09/2008|17:52] C:\DOCUME~1\HELENB~1\APPLIC~1\BigFishv1005
    [11/07/2008|20:21] C:\DOCUME~1\HELENB~1\APPLIC~1\blg
    [12/01/2008|12:23] C:\DOCUME~1\HELENB~1\APPLIC~1\BloodTies
    [29/03/2008|13:05] C:\DOCUME~1\HELENB~1\APPLIC~1\Boomzap
    [30/01/2008|20:34] C:\DOCUME~1\HELENB~1\APPLIC~1\BVS Solitaire Collection
    [08/06/2008|10:20] C:\DOCUME~1\HELENB~1\APPLIC~1\cerasus.media
    [01/08/2008|11:56] C:\DOCUME~1\HELENB~1\APPLIC~1\DeepVoyage
    [10/10/2007|18:23] C:\DOCUME~1\HELENB~1\APPLIC~1\eGames
    [01/10/2008|21:22] C:\DOCUME~1\HELENB~1\APPLIC~1\EleFun Games
    [14/07/2008|18:09] C:\DOCUME~1\HELENB~1\APPLIC~1\EnchantedCavern
    [23/11/2007|23:24] C:\DOCUME~1\HELENB~1\APPLIC~1\ErrorSmart
    [02/12/2007|13:31] C:\DOCUME~1\HELENB~1\APPLIC~1\Eyeblaster
    [12/07/2008|09:10] C:\DOCUME~1\HELENB~1\APPLIC~1\FarmerJane
    [30/05/2008|15:20] C:\DOCUME~1\HELENB~1\APPLIC~1\Flood Light Games
    [12/09/2007|21:21] C:\DOCUME~1\HELENB~1\APPLIC~1\ForgottenRiddles
    [18/07/2008|17:27] C:\DOCUME~1\HELENB~1\APPLIC~1\ForgottenRiddles2
    [19/03/2008|21:18] C:\DOCUME~1\HELENB~1\APPLIC~1\Friday's games
    [10/02/2008|15:38] C:\DOCUME~1\HELENB~1\APPLIC~1\FrimaStudio
    [31/07/2008|12:04] C:\DOCUME~1\HELENB~1\APPLIC~1\Gaijin Ent
    [05/07/2007|20:25] C:\DOCUME~1\HELENB~1\APPLIC~1\Gamelab
    [09/05/2008|06:07] C:\DOCUME~1\HELENB~1\APPLIC~1\Games
    [31/05/2008|15:24] C:\DOCUME~1\HELENB~1\APPLIC~1\Gogii Games
    [14/08/2008|20:37] C:\DOCUME~1\HELENB~1\APPLIC~1\Go-Go Gourmet Chef of the Year
    [21/01/2008|22:40] C:\DOCUME~1\HELENB~1\APPLIC~1\Google
    [04/09/2008|19:22] C:\DOCUME~1\HELENB~1\APPLIC~1\Home Sweet Home 2
    [06/09/2008|09:11] C:\DOCUME~1\HELENB~1\APPLIC~1\Identities
    [14/08/2007|18:40] C:\DOCUME~1\HELENB~1\APPLIC~1\IM-Names
    [01/10/2008|18:23] C:\DOCUME~1\HELENB~1\APPLIC~1\InstallShield
    [26/05/2008|09:53] C:\DOCUME~1\HELENB~1\APPLIC~1\ITTNord
    [21/06/2008|12:33] C:\DOCUME~1\HELENB~1\APPLIC~1\iWin
    [21/09/2007|18:34] C:\DOCUME~1\HELENB~1\APPLIC~1\Jane s Hotel
    [02/10/2008|18:38] C:\DOCUME~1\HELENB~1\APPLIC~1\JoyBits
    [09/09/2007|21:20] C:\DOCUME~1\HELENB~1\APPLIC~1\LimeWire
    [29/05/2008|10:38] C:\DOCUME~1\HELENB~1\APPLIC~1\Ludia
    [12/08/2007|08:17] C:\DOCUME~1\HELENB~1\APPLIC~1\Macromedia
    [08/07/2007|16:10] C:\DOCUME~1\HELENB~1\APPLIC~1\Magic Academy
    [14/02/2008|19:22] C:\DOCUME~1\HELENB~1\APPLIC~1\Magic Seeds
    [05/08/2007|19:33] C:\DOCUME~1\HELENB~1\APPLIC~1\Magus
    [28/03/2008|17:08] C:\DOCUME~1\HELENB~1\APPLIC~1\Malwarebytes
    [05/07/2008|11:10] C:\DOCUME~1\HELENB~1\APPLIC~1\Meridian93
    [05/10/2008|10:41] C:\DOCUME~1\HELENB~1\APPLIC~1\Microsoft
    [09/09/2008|21:05] C:\DOCUME~1\HELENB~1\APPLIC~1\MysteryStudio
    [15/08/2007|17:47] C:\DOCUME~1\HELENB~1\APPLIC~1\Mysteryville2
    [09/03/2008|11:21] C:\DOCUME~1\HELENB~1\APPLIC~1\Nokia
    [21/11/2007|20:32] C:\DOCUME~1\HELENB~1\APPLIC~1\Nokia Multimedia Player
    [13/09/2008|10:43] C:\DOCUME~1\HELENB~1\APPLIC~1\Oberon Games
    [08/06/2007|18:12] C:\DOCUME~1\HELENB~1\APPLIC~1\Ohana Games
    [09/09/2008|17:45] C:\DOCUME~1\HELENB~1\APPLIC~1\OpenOffice.org2
    [13/12/2007|21:23] C:\DOCUME~1\HELENB~1\APPLIC~1\PACE Anti-Piracy
    [03/11/2007|08:42] C:\DOCUME~1\HELENB~1\APPLIC~1\PC Suite
    [12/09/2008|21:25] C:\DOCUME~1\HELENB~1\APPLIC~1\Pi Eye Games
    [15/03/2008|00:23] C:\DOCUME~1\HELENB~1\APPLIC~1\Pirateville
    [19/04/2008|23:29] C:\DOCUME~1\HELENB~1\APPLIC~1\pixelStorm
    [29/09/2008|21:08] C:\DOCUME~1\HELENB~1\APPLIC~1\PlayFirst
    [22/06/2008|20:49] C:\DOCUME~1\HELENB~1\APPLIC~1\Playrix Entertainment
    [29/07/2008|12:29] C:\DOCUME~1\HELENB~1\APPLIC~1\Pogo Games
    [26/08/2008|22:32] C:\DOCUME~1\HELENB~1\APPLIC~1\Purple Patch Games
    [09/05/2008|14:38] C:\DOCUME~1\HELENB~1\APPLIC~1\Restorer
    [22/08/2008|20:59] C:\DOCUME~1\HELENB~1\APPLIC~1\Righteous Kill
    [16/11/2007|08:07] C:\DOCUME~1\HELENB~1\APPLIC~1\Roxio
    [20/06/2007|20:14] C:\DOCUME~1\HELENB~1\APPLIC~1\Sandlot Games
    [25/07/2008|16:02] C:\DOCUME~1\HELENB~1\APPLIC~1\SecuROM
    [24/07/2008|07:19] C:\DOCUME~1\HELENB~1\APPLIC~1\Sony Ericsson
    [28/03/2008|22:44] C:\DOCUME~1\HELENB~1\APPLIC~1\SprillBermudeEng
    [26/07/2008|21:06] C:\DOCUME~1\HELENB~1\APPLIC~1\Sudden Games
    [07/06/2008|13:30] C:\DOCUME~1\HELENB~1\APPLIC~1\SultansLabyrinth
    [13/05/2007|09:56] C:\DOCUME~1\HELENB~1\APPLIC~1\Sun
    [14/03/2008|23:20] C:\DOCUME~1\HELENB~1\APPLIC~1\SUPERAntiSpyware.com
    [07/10/2007|09:28] C:\DOCUME~1\HELENB~1\APPLIC~1\Super-Cow
    [08/08/2008|22:14] C:\DOCUME~1\HELENB~1\APPLIC~1\Teleca
    [13/05/2007|09:00] C:\DOCUME~1\HELENB~1\APPLIC~1\Template
    [24/08/2008|11:39] C:\DOCUME~1\HELENB~1\APPLIC~1\TMInc
    [15/03/2008|13:30] C:\DOCUME~1\HELENB~1\APPLIC~1\Uniblue
    [09/01/2008|18:53] C:\DOCUME~1\HELENB~1\APPLIC~1\Valusoft
    [23/08/2007|20:59] C:\DOCUME~1\HELENB~1\APPLIC~1\VeniceMysteryData
    [06/06/2008|18:51] C:\DOCUME~1\HELENB~1\APPLIC~1\ViquaSoft
    [01/10/2008|18:05] C:\DOCUME~1\HELENB~1\APPLIC~1\Virgin Broadband
    [02/06/2007|22:25] C:\DOCUME~1\HELENB~1\APPLIC~1\Windows Desktop Search
    [28/03/2008|22:13] C:\DOCUME~1\HELENB~1\APPLIC~1\Yatec Games
    [06/09/2008|09:11] C:\DOCUME~1\HELENB~1\APPLIC~1\Zylom
    [05/10/2007|18:49] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Google
    [21/01/2008|21:46] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Identities
    [05/10/2007|18:49] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Macromedia
    [21/01/2008|21:47] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Microsoft
    [04/11/2007|11:08] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\PC Suite
    [17/10/2007|18:27] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Virgin Broadband
    [02/07/2007|17:06] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Windows Desktop Search
    [29/08/2008|10:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [02/12/2007|16:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
    [02/06/2007|21:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Roxio

    --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
    [07/10/2008 22:00][--ah-----] C:\WINDOWS\tasks\B470549491B3FF60.job
    [07/10/2008 22:00][--a------] C:\WINDOWS\tasks\At23.job
    [05/10/2008 23:00][--a------] C:\WINDOWS\tasks\At24.job
    [07/10/2008 20:00][--a------] C:\WINDOWS\tasks\At21.job
    [07/10/2008 19:00][--a------] C:\WINDOWS\tasks\At20.job
    [07/10/2008 21:00][--a------] C:\WINDOWS\tasks\At22.job
    [06/10/2008 17:00][--a------] C:\WINDOWS\tasks\At18.job
    [06/10/2008 16:00][--a------] C:\WINDOWS\tasks\At17.job
    [06/10/2008 18:00][--a------] C:\WINDOWS\tasks\At19.job
    [06/10/2008 15:00][--a------] C:\WINDOWS\tasks\At16.job
    [06/10/2008 14:00][--a------] C:\WINDOWS\tasks\At15.job
    [06/10/2008 13:00][--a------] C:\WINDOWS\tasks\At14.job
    [06/10/2008 12:00][--a------] C:\WINDOWS\tasks\At13.job
    [06/10/2008 10:00][--a------] C:\WINDOWS\tasks\At11.job
    [06/10/2008 09:00][--a------] C:\WINDOWS\tasks\At10.job
    [06/10/2008 11:00][--a------] C:\WINDOWS\tasks\At12.job
    [07/10/2008 07:00][--a------] C:\WINDOWS\tasks\At8.job
    [03/10/2008 06:00][--a------] C:\WINDOWS\tasks\At7.job
    [06/10/2008 08:00][--a------] C:\WINDOWS\tasks\At9.job
    [03/10/2008 05:00][--a------] C:\WINDOWS\tasks\At6.job
    [03/10/2008 04:00][--a------] C:\WINDOWS\tasks\At5.job
    [03/10/2008 02:00][--a------] C:\WINDOWS\tasks\At3.job
    [03/10/2008 01:00][--a------] C:\WINDOWS\tasks\At2.job
    [05/10/2008 00:34][--a------] C:\WINDOWS\tasks\At1.job
    [03/10/2008 03:00][--a------] C:\WINDOWS\tasks\At4.job
    [06/10/2008 18:00][--a------] C:\WINDOWS\tasks\System Restore.job
    [13/05/2007 17:13][--a------] C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
    [07/10/2008 22:10][--a------] C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
    [10/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
    [08/10/2008 07:13][--ah-----] C:\WINDOWS\tasks\SA.DAT
    ( B470549491B3FF60.job )=( c:\docume~1\emmabe~1\applic~1\freemore\Safeelseboob.exe )
    --------------------\\ Listing Folders in C:\Program Files
    [05/06/2008|17:39] C:\Program Files\Adobe
    [14/07/2007|12:03] C:\Program Files\ArcSoft
    [27/10/2007|09:47] C:\Program Files\BearShare Applications
    [09/09/2008|17:40] C:\Program Files\bfgclient
    [01/10/2008|18:25] C:\Program Files\CA
    [01/10/2008|18:24] C:\Program Files\Cake Shop
    [25/11/2007|12:05] C:\Program Files\Canon
    [02/10/2008|18:38] C:\Program Files\Cassandra's Journey - The Legacy of Nostradamus
    [23/12/2007|15:25] C:\Program Files\CCleaner
    [03/09/2008|20:15] C:\Program Files\Circle Developement
    [01/10/2008|18:25] C:\Program Files\Common Files
    [01/10/2008|18:25] C:\Program Files\ComPlus Applications
    [30/09/2008|20:22] C:\Program Files\Cooking Dash
    [17/08/2008|21:51] C:\Program Files\Deirdra Kiai Productions
    [03/11/2007|08:11] C:\Program Files\DIFX
    [13/05/2007|20:00] C:\Program Files\directx
    [23/07/2008|12:07] C:\Program Files\Disc2Phone
    [05/09/2008|21:11] C:\Program Files\EA GAMES
    [04/08/2008|22:49] C:\Program Files\Electronic Arts
    [23/11/2007|23:26] C:\Program Files\ErrorSmart
    [13/12/2007|21:06] C:\Program Files\Farm Frenzy
    [14/08/2007|18:40] C:\Program Files\Fever Frenzy
    [14/08/2007|18:40] C:\Program Files\Feyruna - Fairy Forest
    [08/08/2008|18:48] C:\Program Files\filehippo.com
    [01/10/2008|19:30] C:\Program Files\FreeMore
    [27/12/2006|21:12] C:\Program Files\Gigabyte
    [06/09/2007|06:58] C:\Program Files\Google
    [10/08/2008|08:30] C:\Program Files\HandMade Game
    [27/12/2006|21:12] C:\Program Files\helpcentre
    [09/02/2008|11:01] C:\Program Files\Imikimi
    [22/08/2007|10:04] C:\Program Files\Infogrames
    [17/07/2007|21:51] C:\Program Files\Innovative Solutions
    [31/08/2008|14:41] C:\Program Files\InstallShield Installation Information
    [27/12/2006|21:12] C:\Program Files\Intel
    [01/10/2008|22:19] C:\Program Files\Internet Explorer
    [06/10/2008|18:04] C:\Program Files\Java
    [25/06/2007|20:37] C:\Program Files\Kontiki
    [14/08/2007|18:40] C:\Program Files\Lifetime R.S.V.P
    [18/05/2008|11:16] C:\Program Files\Lighthouse Interactive
    [26/09/2008|17:14] C:\Program Files\Lost Secrets - Bermuda Triangle
    [23/08/2007|19:43] C:\Program Files\Macrogaming
    [18/09/2008|21:48] C:\Program Files\Magic Encyclopedia
    [06/10/2008|17:24] C:\Program Files\Malwarebytes' Anti-Malware
    [27/12/2006|21:12] C:\Program Files\Marvell
    [08/05/2008|20:48] C:\Program Files\McDonaldsFairies
    [28/08/2008|18:31] C:\Program Files\Messenger
    [03/09/2008|20:15] C:\Program Files\Messenger Plus! Live
    [13/05/2007|11:43] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [27/12/2006|21:12] C:\Program Files\microsoft frontpage
    [28/05/2007|16:13] C:\Program Files\Microsoft Office
    [02/06/2007|21:58] C:\Program Files\Microsoft Visual Studio
    [10/09/2008|08:01] C:\Program Files\Microsoft Works
    [02/06/2007|21:58] C:\Program Files\Microsoft.NET
    [28/08/2008|18:08] C:\Program Files\Movie Maker
    [12/05/2007|14:03] C:\Program Files\MSN
    [17/03/2008|22:57] C:\Program Files\MSN Games
    [27/12/2006|21:12] C:\Program Files\MSN Gaming Zone
    [28/03/2008|16:05] C:\Program Files\MSN Messenger
    [13/05/2007|11:40] C:\Program Files\MSXML 4.0
    [17/07/2008|19:43] C:\Program Files\MSXML 6.0
    [08/08/2008|22:39] C:\Program Files\Nancy Drew
    [28/08/2008|18:04] C:\Program Files\NetMeeting
    [17/07/2008|19:46] C:\Program Files\Nokia
    [27/12/2006|21:12] C:\Program Files\Online Services
    [21/12/2007|21:35] C:\Program Files\OpenAL
    [22/09/2008|18:32] C:\Program Files\OpenOffice.org 2.3
    [27/12/2006|21:12] C:\Program Files\Orange
    [12/08/2007|09:52] C:\Program Files\otron.net
    [28/08/2008|18:31] C:\Program Files\Outlook Express
    [07/08/2008|07:38] C:\Program Files\PC Connectivity Solution
    [11/09/2008|07:21] C:\Program Files\QuickTime
    [01/10/2008|18:35] C:\Program Files\Raxco
    [27/12/2006|21:12] C:\Program Files\Realtek
    [05/10/2008|10:49] C:\Program Files\Red Cross - Emergency Response Unit
    [23/09/2008|22:17] C:\Program Files\RighteousKill_at
    [07/10/2008|21:15] C:\Program Files\Samantha Swift and the Hidden Roses of Athena
    [14/08/2007|18:40] C:\Program Files\Spyde Solitaire
    [14/03/2008|23:20] C:\Program Files\SUPERAntiSpyware
    [16/02/2008|22:35] C:\Program Files\SystemRequirementsLab
    [09/08/2008|15:16] C:\Program Files\The Adventure Company
    [13/09/2008|10:29] C:\Program Files\Turbo Fiesta
    [15/03/2008|14:10] C:\Program Files\Uniblue
    [27/12/2006|21:13] C:\Program Files\Uninstall Information
    [01/10/2008|18:24] C:\Program Files\Virgin Broadband
    [09/10/2007|16:57] C:\Program Files\Virgin Media Games
    [07/10/2007|18:59] C:\Program Files\Vivendi Universal Games
    [02/06/2007|22:16] C:\Program Files\Windows Desktop Search
    [26/02/2008|21:51] C:\Program Files\Windows Live
    [30/11/2007|19:14] C:\Program Files\Windows Live Favorites
    [30/10/2007|17:20] C:\Program Files\Windows Live Safety Center
    [30/11/2007|19:15] C:\Program Files\Windows Live Toolbar
    [22/07/2007|08:45] C:\Program Files\Windows Media Connect 2
    [22/07/2007|08:48] C:\Program Files\Windows Media Player
    [28/08/2008|18:04] C:\Program Files\Windows NT
    [27/12/2006|21:13] C:\Program Files\Windows Plus
    [13/12/2007|21:23] C:\Program Files\WindowsUpdate
    [26/07/2007|06:55] C:\Program Files\WinZip Self-Extractor
    [27/12/2006|21:13] C:\Program Files\xerox
    [08/04/2008|22:25] C:\Program Files\Yahoo!
    [11/08/2008|17:53] C:\Program Files\Yard Sale Hidden Treasures - Sunnyville
    [04/10/2008|08:58] C:\Program Files\Zoo Vet 2 - Endangered Animals
    [08/09/2008|19:35] C:\Program Files\Zylom Games
    --------------------\\ Listing Folders in C:\Program Files\Common Files
    [05/06/2008|17:39] C:\Program Files\Common Files\Adobe
    [01/10/2008|18:25] C:\Program Files\Common Files\Authentium
    [29/06/2007|13:12] C:\Program Files\Common Files\Canon
    [02/06/2007|21:58] C:\Program Files\Common Files\DESIGNER
    [12/05/2008|21:11] C:\Program Files\Common Files\DirectX
    [09/09/2007|21:28] C:\Program Files\Common Files\EasyInfo
    [13/05/2007|19:59] C:\Program Files\Common Files\InstallShield
    [13/05/2007|09:54] C:\Program Files\Common Files\Java
    [27/12/2006|21:11] C:\Program Files\Common Files\LightScribe
    [21/12/2007|21:38] C:\Program Files\Common Files\Logitech
    [26/02/2008|08:38] C:\Program Files\Common Files\Microsoft Shared
    [27/12/2006|21:11] C:\Program Files\Common Files\MSSoap
    [03/11/2007|08:21] C:\Program Files\Common Files\Nokia
    [27/12/2006|21:11] C:\Program Files\Common Files\ODBC
    [13/12/2007|21:23] C:\Program Files\Common Files\PACE Anti-Piracy
    [03/11/2007|08:12] C:\Program Files\Common Files\PCSuite
    [12/06/2007|19:35] C:\Program Files\Common Files\Roxio Shared
    [01/10/2008|18:30] C:\Program Files\Common Files\Scanner
    [27/12/2006|21:12] C:\Program Files\Common Files\Services
    [12/06/2007|19:35] C:\Program Files\Common Files\Sonic Shared
    [27/12/2006|21:12] C:\Program Files\Common Files\SpeechEngines
    [25/11/2007|08:58] C:\Program Files\Common Files\SWF Studio
    [16/09/2007|07:28] C:\Program Files\Common Files\Symantec Shared
    [28/08/2008|18:31] C:\Program Files\Common Files\System
    [08/08/2008|22:14] C:\Program Files\Common Files\Teleca Shared
    [24/02/2008|17:59] C:\Program Files\Common Files\WindowsLiveInstaller
    --------------------\\ Process
    ( 55 Processes )
    IEXPLORE.EXE ~ [PID:2320]
    --------------------\\ Searching with S_Lop
    No Lop folder found !

    --------------------\\ Searching for Lop Files - Folders
    C:\Program Files\freemore
    C:\Program Files\Circle Developement
    C:\Program Files\Circle Developement\Uninstall.exe
    C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
    C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
    C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
    C:\WINDOWS\Tasks\B470549491B3FF60.job

    --------------------\\ Searching within the Registry
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    ..... OK !
    --------------------\\ Checking the Hosts file
    Hosts file CLEAN

    --------------------\\ Searching for hidden files with Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-08 07:28:50
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Searching for other infections
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At10.job
    C:\WINDOWS\Tasks\At11.job
    C:\WINDOWS\Tasks\At12.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At16.job
    C:\WINDOWS\Tasks\At17.job
    C:\WINDOWS\Tasks\At18.job
    C:\WINDOWS\Tasks\At19.job
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At20.job
    C:\WINDOWS\Tasks\At21.job
    C:\WINDOWS\Tasks\At22.job
    C:\WINDOWS\Tasks\At23.job
    C:\WINDOWS\Tasks\At24.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At9.job

    [F:30][D:2]-> C:\DOCUME~1\HELENB~1\LOCALS~1\Temp
    [F:36][D:0]-> C:\DOCUME~1\HELENB~1\Cookies
    [F:1279][D:12]-> C:\DOCUME~1\HELENB~1\LOCALS~1\TEMPOR~1\content.IE5
    1 - "C:\Lop SD\LopR_1.txt" - 08/10/2008| 7:29 - Option : [1]
    --------------------\\ Scan completed at 7:29:56
     
  6. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hello Hels_Here
    One of the infections on your pc is the LOP infection. It comes bundled with certain programs, one of which is present on your computer - Messenger Plus! Live. I would strongly recommend you uninstall it.

    Remove Programs
    Click Start > Control Panel > Add/Remove Programs
    Remove this program by clicking Remove

    Messenger Plus! Live

    LopScript
    Highlight the contents of the Code Box below, then right-click and choose Copy
    Code:
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
    C:\DOCUME~1\HELENB~1\APPLIC~1\ErrorSmart
    c:\docume~1\emmabe~1\applic~1\freemore
    C:\DOCUME~1\HELENB~1\APPLIC~1\LimeWire
    C:\Program Files\BearShare Applications
    C:\Program Files\Circle Developement
    C:\Program Files\ErrorSmart
    C:\Program Files\FreeMore
    C:\Program Files\Messenger Plus! Live
    C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
    C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
    C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
    C:\WINDOWS\Tasks\B470549491B3FF60.job
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At10.job
    C:\WINDOWS\Tasks\At11.job
    C:\WINDOWS\Tasks\At12.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At16.job
    C:\WINDOWS\Tasks\At17.job
    C:\WINDOWS\Tasks\At18.job
    C:\WINDOWS\Tasks\At19.job
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At20.job
    C:\WINDOWS\Tasks\At21.job
    C:\WINDOWS\Tasks\At22.job
    C:\WINDOWS\Tasks\At23.job
    C:\WINDOWS\Tasks\At24.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At9.job
    Double click LopSD.exe to start the program.
    • Choose the language by typing of the corresponding letter and press Enter
    • Click OK at the informative window
    • Type 4 to choose Option 4 (LopScript), then press Enter
    • A blank page will be opened, right-click it and choose Paste
    • Close the page, you'll be asked to save it, click Save
    • Don't close the window during suppression!
    • Wait until the end of the scan
    • A report will be generated, post the contents of it in your next reply.
    (Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

    ComboFix
    Please visit this webpage for download links, and instructions for running the tool:
    How To Use Combofix

    Please ensure you read this guide carefully and install the Recovery Console first.
    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
    Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed.

    Continue as follows:
    Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix
    A guide to do this can be found here.
    The ones that need to be closed/disabled are:
    Virgin PC Guard | eTrust Pest Patrol

    • Click Yes to allow ComboFix to continue scanning for malware
    • When the tool is finished, it will produce a report for you
    Include the following reports for further review so we may continue cleaning the system:
    Lop S&D log
    C:\ComboFix.txt
    New HijackThis log.

    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall
     
  7. Hels_Here

    Hels_Here Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    72
    Hello, Sorry it's taken me a while, I was a little scared about running the xp restore, but I've done it now and I shouldn't have been worried.

    Here are the log files as requested: **I will send the ComboFix Log and HijackThis Log in a separate reply as this reply is more than the 3000 characters allowed**

    Lop S&D log
    --------------------\\ Lop S&D 4.2.4-5 XP/Vista
    Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : Helen Bennett ( Administrator )
    BOOT : Normal boot
    Antivirus : PCguard Anti-Virus 6.0.1 (Not Activated)
    Firewall : PCguard Firewall 6.0.1 (Not Activated)
    C:\ (Local Disk) - NTFS - Total : 229 Go Free : 180 Go
    D:\ (CD or DVD) - CDFS - Total : 2 Go Free : 0 Go
    "C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
    Option : [4] ( 12/10/2008|14:08 )
    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
    C:\DOCUME~1\HELENB~1\APPLIC~1\ErrorSmart
    c:\docume~1\emmabe~1\applic~1\freemore
    C:\DOCUME~1\HELENB~1\APPLIC~1\LimeWire
    C:\Program Files\BearShare Applications
    C:\Program Files\Circle Developement
    C:\Program Files\ErrorSmart
    C:\Program Files\FreeMore
    C:\Program Files\Messenger Plus! Live
    C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
    C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
    C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
    C:\WINDOWS\Tasks\B470549491B3FF60.job
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At10.job
    C:\WINDOWS\Tasks\At11.job
    C:\WINDOWS\Tasks\At12.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At16.job
    C:\WINDOWS\Tasks\At17.job
    C:\WINDOWS\Tasks\At18.job
    C:\WINDOWS\Tasks\At19.job
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At20.job
    C:\WINDOWS\Tasks\At21.job
    C:\WINDOWS\Tasks\At22.job
    C:\WINDOWS\Tasks\At23.job
    C:\WINDOWS\Tasks\At24.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At9.job

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX
    ... C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt -> does not exist !
    Deleted! - C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
    ... C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt -> does not exist !
    ... C:\WINDOWS\Tasks\B470549491B3FF60.job -> does not exist !
    ... C:\WINDOWS\Tasks\At1.job -> does not exist !
    ... C:\WINDOWS\Tasks\At10.job -> does not exist !
    ... C:\WINDOWS\Tasks\At11.job -> does not exist !
    ... C:\WINDOWS\Tasks\At12.job -> does not exist !
    ... C:\WINDOWS\Tasks\At13.job -> does not exist !
    ... C:\WINDOWS\Tasks\At14.job -> does not exist !
    ... C:\WINDOWS\Tasks\At15.job -> does not exist !
    ... C:\WINDOWS\Tasks\At16.job -> does not exist !
    ... C:\WINDOWS\Tasks\At17.job -> does not exist !
    ... C:\WINDOWS\Tasks\At18.job -> does not exist !
    ... C:\WINDOWS\Tasks\At19.job -> does not exist !
    ... C:\WINDOWS\Tasks\At2.job -> does not exist !
    ... C:\WINDOWS\Tasks\At20.job -> does not exist !
    ... C:\WINDOWS\Tasks\At21.job -> does not exist !
    ... C:\WINDOWS\Tasks\At22.job -> does not exist !
    ... C:\WINDOWS\Tasks\At23.job -> does not exist !
    ... C:\WINDOWS\Tasks\At24.job -> does not exist !
    ... C:\WINDOWS\Tasks\At3.job -> does not exist !
    ... C:\WINDOWS\Tasks\At4.job -> does not exist !
    ... C:\WINDOWS\Tasks\At5.job -> does not exist !
    ... C:\WINDOWS\Tasks\At6.job -> does not exist !
    ... C:\WINDOWS\Tasks\At7.job -> does not exist !
    ... C:\WINDOWS\Tasks\At8.job -> does not exist !
    ... C:\WINDOWS\Tasks\At9.job -> does not exist !
    Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap -> does not exist !
    ... C:\DOCUME~1\HELENB~1\APPLIC~1\ErrorSmart -> does not exist !
    ... c:\docume~1\emmabe~1\applic~1\freemore -> does not exist !
    ... C:\DOCUME~1\HELENB~1\APPLIC~1\LimeWire -> does not exist !
    ... C:\Program Files\BearShare Applications -> does not exist !
    ... C:\Program Files\Circle Developement -> does not exist !
    ... C:\Program Files\ErrorSmart -> does not exist !
    ... C:\Program Files\FreeMore -> does not exist !
    Deleted! - C:\Program Files\Messenger Plus! Live
    -
    [ Hosts file ] .. Restored!

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing folders in APPLIC~1
    [21/01/2008|21:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [13/04/2008|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\3 Blokes Studios
    [21/07/2007|14:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\7Wonders2
    [05/06/2008|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [08/08/2008|22:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [24/05/2008|22:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Astar Games
    [30/11/2007|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Awem
    [17/06/2008|21:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFish
    [11/10/2008|17:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
    [11/07/2008|20:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\blg
    [23/06/2007|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CaveDays
    [28/11/2007|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Christmasville
    [01/10/2008|19:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Debug manager soft the
    [18/12/2007|20:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DivoGames
    [10/10/2007|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eGames
    [12/03/2008|20:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EscapeTheMuseum
    [27/08/2008|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FarmFrenzy2
    [08/10/2007|20:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FireGlow
    [27/06/2008|18:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fitn17
    [30/05/2008|15:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Flood Light Games
    [29/06/2008|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames
    [25/07/2008|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
    [31/01/2008|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Go Go Gourmet
    [20/09/2008|10:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii
    [31/05/2008|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii Games
    [12/05/2007|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [11/10/2008|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
    [23/12/2007|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HiddenSecretsNightmare
    [11/04/2008|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
    [07/08/2008|07:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
    [27/12/2006|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [18/08/2008|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intenium
    [09/02/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
    [25/06/2007|20:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
    [14/03/2008|21:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
    [13/05/2007|09:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    [29/05/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ludia
    [28/03/2008|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [11/10/2008|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [10/09/2008|08:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [01/03/2008|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MonteCristo
    [07/10/2008|21:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
    [14/09/2008|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MysteryChronicles
    [18/05/2008|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MythPeople
    [03/11/2007|08:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
    [23/08/2007|18:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
    [13/09/2008|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
    [13/12/2007|21:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PACE Anti-Piracy
    [10/09/2008|18:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PBGsavesDirectory
    [21/09/2008|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
    [29/09/2008|21:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
    [17/03/2008|21:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayPond
    [18/09/2008|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Playrix Entertainment
    [13/08/2007|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PrettyGoodGames
    [20/03/2008|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QB9 S.R.L
    [01/10/2008|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raxco
    [30/09/2008|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raxco(2)
    [20/09/2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
    [04/01/2008|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
    [04/08/2008|23:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SimCity Societies
    [06/10/2007|08:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [09/08/2008|23:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Slapdash Games
    [26/04/2008|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlapdashGames
    [27/12/2006|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
    [24/09/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
    [17/03/2008|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [13/03/2008|22:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
    [13/03/2008|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    [11/10/2008|09:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [18/11/2007|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\The Game Equation
    [10/08/2008|07:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TheRace_dev
    [21/01/2008|21:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Valusoft
    [01/10/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Virgin Broadband
    [09/06/2008|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VirtualFarm
    [13/05/2007|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [12/05/2007|14:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [26/02/2008|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [09/06/2008|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    [23/06/2007|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
    [18/08/2007|11:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Google
    [21/01/2008|21:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [10/10/2007|22:11] C:\DOCUME~1\HELENB~1\APPLIC~1\Abra Academy2
    [01/03/2008|21:47] C:\DOCUME~1\HELENB~1\APPLIC~1\Adobe
    [07/07/2008|18:04] C:\DOCUME~1\HELENB~1\APPLIC~1\Alawar
    [08/08/2008|18:45] C:\DOCUME~1\HELENB~1\APPLIC~1\alot
    [26/06/2008|18:47] C:\DOCUME~1\HELENB~1\APPLIC~1\Ancient Quest of Saqqarah__bfg
    [03/06/2008|21:38] C:\DOCUME~1\HELENB~1\APPLIC~1\Apple Computer
    [03/09/2008|19:46] C:\DOCUME~1\HELENB~1\APPLIC~1\BeachPartyCraze
    [23/08/2008|18:12] C:\DOCUME~1\HELENB~1\APPLIC~1\BFG_JanesRealty
    [28/08/2008|17:31] C:\DOCUME~1\HELENB~1\APPLIC~1\Big Fish Games
    [17/06/2008|21:52] C:\DOCUME~1\HELENB~1\APPLIC~1\BigFish
    [17/09/2008|17:52] C:\DOCUME~1\HELENB~1\APPLIC~1\BigFishv1005
    [11/07/2008|20:21] C:\DOCUME~1\HELENB~1\APPLIC~1\blg
    [12/01/2008|12:23] C:\DOCUME~1\HELENB~1\APPLIC~1\BloodTies
    [29/03/2008|13:05] C:\DOCUME~1\HELENB~1\APPLIC~1\Boomzap
    [30/01/2008|20:34] C:\DOCUME~1\HELENB~1\APPLIC~1\BVS Solitaire Collection
    [08/06/2008|10:20] C:\DOCUME~1\HELENB~1\APPLIC~1\cerasus.media
    [01/08/2008|11:56] C:\DOCUME~1\HELENB~1\APPLIC~1\DeepVoyage
    [10/10/2007|18:23] C:\DOCUME~1\HELENB~1\APPLIC~1\eGames
    [01/10/2008|21:22] C:\DOCUME~1\HELENB~1\APPLIC~1\EleFun Games
    [14/07/2008|18:09] C:\DOCUME~1\HELENB~1\APPLIC~1\EnchantedCavern
    [02/12/2007|13:31] C:\DOCUME~1\HELENB~1\APPLIC~1\Eyeblaster
    [12/07/2008|09:10] C:\DOCUME~1\HELENB~1\APPLIC~1\FarmerJane
    [30/05/2008|15:20] C:\DOCUME~1\HELENB~1\APPLIC~1\Flood Light Games
    [12/09/2007|21:21] C:\DOCUME~1\HELENB~1\APPLIC~1\ForgottenRiddles
    [18/07/2008|17:27] C:\DOCUME~1\HELENB~1\APPLIC~1\ForgottenRiddles2
    [19/03/2008|21:18] C:\DOCUME~1\HELENB~1\APPLIC~1\Friday's games
    [10/02/2008|15:38] C:\DOCUME~1\HELENB~1\APPLIC~1\FrimaStudio
    [31/07/2008|12:04] C:\DOCUME~1\HELENB~1\APPLIC~1\Gaijin Ent
    [05/07/2007|20:25] C:\DOCUME~1\HELENB~1\APPLIC~1\Gamelab
    [09/05/2008|06:07] C:\DOCUME~1\HELENB~1\APPLIC~1\Games
    [31/05/2008|15:24] C:\DOCUME~1\HELENB~1\APPLIC~1\Gogii Games
    [14/08/2008|20:37] C:\DOCUME~1\HELENB~1\APPLIC~1\Go-Go Gourmet Chef of the Year
    [21/01/2008|22:40] C:\DOCUME~1\HELENB~1\APPLIC~1\Google
    [04/09/2008|19:22] C:\DOCUME~1\HELENB~1\APPLIC~1\Home Sweet Home 2
    [06/09/2008|09:11] C:\DOCUME~1\HELENB~1\APPLIC~1\Identities
    [14/08/2007|18:40] C:\DOCUME~1\HELENB~1\APPLIC~1\IM-Names
    [01/10/2008|18:23] C:\DOCUME~1\HELENB~1\APPLIC~1\InstallShield
    [26/05/2008|09:53] C:\DOCUME~1\HELENB~1\APPLIC~1\ITTNord
    [21/06/2008|12:33] C:\DOCUME~1\HELENB~1\APPLIC~1\iWin
    [21/09/2007|18:34] C:\DOCUME~1\HELENB~1\APPLIC~1\Jane s Hotel
    [02/10/2008|18:38] C:\DOCUME~1\HELENB~1\APPLIC~1\JoyBits
    [29/05/2008|10:38] C:\DOCUME~1\HELENB~1\APPLIC~1\Ludia
    [12/08/2007|08:17] C:\DOCUME~1\HELENB~1\APPLIC~1\Macromedia
    [08/07/2007|16:10] C:\DOCUME~1\HELENB~1\APPLIC~1\Magic Academy
    [14/02/2008|19:22] C:\DOCUME~1\HELENB~1\APPLIC~1\Magic Seeds
    [05/08/2007|19:33] C:\DOCUME~1\HELENB~1\APPLIC~1\Magus
    [28/03/2008|17:08] C:\DOCUME~1\HELENB~1\APPLIC~1\Malwarebytes
    [05/07/2008|11:10] C:\DOCUME~1\HELENB~1\APPLIC~1\Meridian93
    [05/10/2008|10:41] C:\DOCUME~1\HELENB~1\APPLIC~1\Microsoft
    [09/09/2008|21:05] C:\DOCUME~1\HELENB~1\APPLIC~1\MysteryStudio
    [15/08/2007|17:47] C:\DOCUME~1\HELENB~1\APPLIC~1\Mysteryville2
    [09/03/2008|11:21] C:\DOCUME~1\HELENB~1\APPLIC~1\Nokia
    [21/11/2007|20:32] C:\DOCUME~1\HELENB~1\APPLIC~1\Nokia Multimedia Player
    [13/09/2008|10:43] C:\DOCUME~1\HELENB~1\APPLIC~1\Oberon Games
    [08/06/2007|18:12] C:\DOCUME~1\HELENB~1\APPLIC~1\Ohana Games
    [09/09/2008|17:45] C:\DOCUME~1\HELENB~1\APPLIC~1\OpenOffice.org2
    [13/12/2007|21:23] C:\DOCUME~1\HELENB~1\APPLIC~1\PACE Anti-Piracy
    [10/10/2008|18:22] C:\DOCUME~1\HELENB~1\APPLIC~1\panoramik
    [03/11/2007|08:42] C:\DOCUME~1\HELENB~1\APPLIC~1\PC Suite
    [12/09/2008|21:25] C:\DOCUME~1\HELENB~1\APPLIC~1\Pi Eye Games
    [15/03/2008|00:23] C:\DOCUME~1\HELENB~1\APPLIC~1\Pirateville
    [19/04/2008|23:29] C:\DOCUME~1\HELENB~1\APPLIC~1\pixelStorm
    [29/09/2008|21:08] C:\DOCUME~1\HELENB~1\APPLIC~1\PlayFirst
    [22/06/2008|20:49] C:\DOCUME~1\HELENB~1\APPLIC~1\Playrix Entertainment
    [29/07/2008|12:29] C:\DOCUME~1\HELENB~1\APPLIC~1\Pogo Games
    [26/08/2008|22:32] C:\DOCUME~1\HELENB~1\APPLIC~1\Purple Patch Games
    [09/05/2008|14:38] C:\DOCUME~1\HELENB~1\APPLIC~1\Restorer
    [22/08/2008|20:59] C:\DOCUME~1\HELENB~1\APPLIC~1\Righteous Kill
    [16/11/2007|08:07] C:\DOCUME~1\HELENB~1\APPLIC~1\Roxio
    [20/06/2007|20:14] C:\DOCUME~1\HELENB~1\APPLIC~1\Sandlot Games
    [25/07/2008|16:02] C:\DOCUME~1\HELENB~1\APPLIC~1\SecuROM
    [24/07/2008|07:19] C:\DOCUME~1\HELENB~1\APPLIC~1\Sony Ericsson
    [28/03/2008|22:44] C:\DOCUME~1\HELENB~1\APPLIC~1\SprillBermudeEng
    [26/07/2008|21:06] C:\DOCUME~1\HELENB~1\APPLIC~1\Sudden Games
    [07/06/2008|13:30] C:\DOCUME~1\HELENB~1\APPLIC~1\SultansLabyrinth
    [13/05/2007|09:56] C:\DOCUME~1\HELENB~1\APPLIC~1\Sun
    [14/03/2008|23:20] C:\DOCUME~1\HELENB~1\APPLIC~1\SUPERAntiSpyware.com
    [07/10/2007|09:28] C:\DOCUME~1\HELENB~1\APPLIC~1\Super-Cow
    [08/08/2008|22:14] C:\DOCUME~1\HELENB~1\APPLIC~1\Teleca
    [13/05/2007|09:00] C:\DOCUME~1\HELENB~1\APPLIC~1\Template
    [24/08/2008|11:39] C:\DOCUME~1\HELENB~1\APPLIC~1\TMInc
    [15/03/2008|13:30] C:\DOCUME~1\HELENB~1\APPLIC~1\Uniblue
    [09/01/2008|18:53] C:\DOCUME~1\HELENB~1\APPLIC~1\Valusoft
    [23/08/2007|20:59] C:\DOCUME~1\HELENB~1\APPLIC~1\VeniceMysteryData
    [06/06/2008|18:51] C:\DOCUME~1\HELENB~1\APPLIC~1\ViquaSoft
    [01/10/2008|18:05] C:\DOCUME~1\HELENB~1\APPLIC~1\Virgin Broadband
    [02/06/2007|22:25] C:\DOCUME~1\HELENB~1\APPLIC~1\Windows Desktop Search
    [28/03/2008|22:13] C:\DOCUME~1\HELENB~1\APPLIC~1\Yatec Games
    [06/09/2008|09:11] C:\DOCUME~1\HELENB~1\APPLIC~1\Zylom
    [05/10/2007|18:49] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Google
    [21/01/2008|21:46] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Identities
    [05/10/2007|18:49] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Macromedia
    [21/01/2008|21:47] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Microsoft
    [04/11/2007|11:08] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\PC Suite
    [17/10/2007|18:27] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Virgin Broadband
    [02/07/2007|17:06] C:\DOCUME~1\HOLLIE~1.HEL\APPLIC~1\Windows Desktop Search
    [29/08/2008|10:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [02/12/2007|16:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
    [02/06/2007|21:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Roxio

    --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
    [11/10/2008 18:00][--a------] C:\WINDOWS\tasks\System Restore.job
    [13/05/2007 17:13][--a------] C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
    [12/10/2008 13:10][--a------] C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
    [10/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
    [12/10/2008 14:04][--ah-----] C:\WINDOWS\tasks\SA.DAT
    --------------------\\ Listing Folders in C:\Program Files
    [05/06/2008|17:39] C:\Program Files\Adobe
    [14/07/2007|12:03] C:\Program Files\ArcSoft
    [09/09/2008|17:40] C:\Program Files\bfgclient
    [01/10/2008|18:25] C:\Program Files\CA
    [25/11/2007|12:05] C:\Program Files\Canon
    [02/10/2008|18:38] C:\Program Files\Cassandra's Journey - The Legacy of Nostradamus
    [23/12/2007|15:25] C:\Program Files\CCleaner
    [12/10/2008|13:59] C:\Program Files\Common Files
    [01/10/2008|18:25] C:\Program Files\ComPlus Applications
    [30/09/2008|20:22] C:\Program Files\Cooking Dash
    [17/08/2008|21:51] C:\Program Files\Deirdra Kiai Productions
    [03/11/2007|08:11] C:\Program Files\DIFX
    [13/05/2007|20:00] C:\Program Files\directx
    [23/07/2008|12:07] C:\Program Files\Disc2Phone
    [11/10/2008|19:59] C:\Program Files\EA GAMES
    [04/08/2008|22:49] C:\Program Files\Electronic Arts
    [13/12/2007|21:06] C:\Program Files\Farm Frenzy
    [14/08/2007|18:40] C:\Program Files\Fever Frenzy
    [14/08/2007|18:40] C:\Program Files\Feyruna - Fairy Forest
    [08/08/2008|18:48] C:\Program Files\filehippo.com
    [27/12/2006|21:12] C:\Program Files\Gigabyte
    [06/09/2007|06:58] C:\Program Files\Google
    [10/08/2008|08:30] C:\Program Files\HandMade Game
    [27/12/2006|21:12] C:\Program Files\helpcentre
    [09/02/2008|11:01] C:\Program Files\Imikimi
    [22/08/2007|10:04] C:\Program Files\Infogrames
    [17/07/2007|21:51] C:\Program Files\Innovative Solutions
    [31/08/2008|14:41] C:\Program Files\InstallShield Installation Information
    [27/12/2006|21:12] C:\Program Files\Intel
    [01/10/2008|22:19] C:\Program Files\Internet Explorer
    [06/10/2008|18:04] C:\Program Files\Java
    [25/06/2007|20:37] C:\Program Files\Kontiki
    [14/08/2007|18:40] C:\Program Files\Lifetime R.S.V.P
    [18/05/2008|11:16] C:\Program Files\Lighthouse Interactive
    [26/09/2008|17:14] C:\Program Files\Lost Secrets - Bermuda Triangle
    [23/08/2007|19:43] C:\Program Files\Macrogaming
    [18/09/2008|21:48] C:\Program Files\Magic Encyclopedia
    [06/10/2008|17:24] C:\Program Files\Malwarebytes' Anti-Malware
    [27/12/2006|21:12] C:\Program Files\Marvell
    [08/05/2008|20:48] C:\Program Files\McDonaldsFairies
    [28/08/2008|18:31] C:\Program Files\Messenger
    [13/05/2007|11:43] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [27/12/2006|21:12] C:\Program Files\microsoft frontpage
    [28/05/2007|16:13] C:\Program Files\Microsoft Office
    [02/06/2007|21:58] C:\Program Files\Microsoft Visual Studio
    [10/09/2008|08:01] C:\Program Files\Microsoft Works
    [02/06/2007|21:58] C:\Program Files\Microsoft.NET
    [28/08/2008|18:08] C:\Program Files\Movie Maker
    [12/05/2007|14:03] C:\Program Files\MSN
    [17/03/2008|22:57] C:\Program Files\MSN Games
    [27/12/2006|21:12] C:\Program Files\MSN Gaming Zone
    [28/03/2008|16:05] C:\Program Files\MSN Messenger
    [13/05/2007|11:40] C:\Program Files\MSXML 4.0
    [17/07/2008|19:43] C:\Program Files\MSXML 6.0
    [08/08/2008|22:39] C:\Program Files\Nancy Drew
    [28/08/2008|18:04] C:\Program Files\NetMeeting
    [17/07/2008|19:46] C:\Program Files\Nokia
    [27/12/2006|21:12] C:\Program Files\Online Services
    [21/12/2007|21:35] C:\Program Files\OpenAL
    [22/09/2008|18:32] C:\Program Files\OpenOffice.org 2.3
    [27/12/2006|21:12] C:\Program Files\Orange
    [12/08/2007|09:52] C:\Program Files\otron.net
    [11/10/2008|21:17] C:\Program Files\Outlook Express
    [07/08/2008|07:38] C:\Program Files\PC Connectivity Solution
    [11/09/2008|07:21] C:\Program Files\QuickTime
    [01/10/2008|18:35] C:\Program Files\Raxco
    [27/12/2006|21:12] C:\Program Files\Realtek
    [23/09/2008|22:17] C:\Program Files\RighteousKill_at
    [07/10/2008|21:15] C:\Program Files\Samantha Swift and the Hidden Roses of Athena
    [14/08/2007|18:40] C:\Program Files\Spyde Solitaire
    [14/03/2008|23:20] C:\Program Files\SUPERAntiSpyware
    [16/02/2008|22:35] C:\Program Files\SystemRequirementsLab
    [09/08/2008|15:16] C:\Program Files\The Adventure Company
    [13/09/2008|10:29] C:\Program Files\Turbo Fiesta
    [15/03/2008|14:10] C:\Program Files\Uniblue
    [27/12/2006|21:13] C:\Program Files\Uninstall Information
    [01/10/2008|18:24] C:\Program Files\Virgin Broadband
    [09/10/2007|16:57] C:\Program Files\Virgin Media Games
    [07/10/2007|18:59] C:\Program Files\Vivendi Universal Games
    [02/06/2007|22:16] C:\Program Files\Windows Desktop Search
    [26/02/2008|21:51] C:\Program Files\Windows Live
    [30/11/2007|19:14] C:\Program Files\Windows Live Favorites
    [30/10/2007|17:20] C:\Program Files\Windows Live Safety Center
    [30/11/2007|19:15] C:\Program Files\Windows Live Toolbar
    [22/07/2007|08:45] C:\Program Files\Windows Media Connect 2
    [22/07/2007|08:48] C:\Program Files\Windows Media Player
    [28/08/2008|18:04] C:\Program Files\Windows NT
    [27/12/2006|21:13] C:\Program Files\Windows Plus
    [13/12/2007|21:23] C:\Program Files\WindowsUpdate
    [26/07/2007|06:55] C:\Program Files\WinZip Self-Extractor
    [27/12/2006|21:13] C:\Program Files\xerox
    [08/04/2008|22:25] C:\Program Files\Yahoo!
    [11/08/2008|17:53] C:\Program Files\Yard Sale Hidden Treasures - Sunnyville
    [08/09/2008|19:35] C:\Program Files\Zylom Games
    --------------------\\ Listing Folders in C:\Program Files\Common Files
    [05/06/2008|17:39] C:\Program Files\Common Files\Adobe
    [01/10/2008|18:25] C:\Program Files\Common Files\Authentium
    [29/06/2007|13:12] C:\Program Files\Common Files\Canon
    [02/06/2007|21:58] C:\Program Files\Common Files\DESIGNER
    [12/05/2008|21:11] C:\Program Files\Common Files\DirectX
    [09/09/2007|21:28] C:\Program Files\Common Files\EasyInfo
    [13/05/2007|19:59] C:\Program Files\Common Files\InstallShield
    [13/05/2007|09:54] C:\Program Files\Common Files\Java
    [27/12/2006|21:11] C:\Program Files\Common Files\LightScribe
    [21/12/2007|21:38] C:\Program Files\Common Files\Logitech
    [26/02/2008|08:38] C:\Program Files\Common Files\Microsoft Shared
    [27/12/2006|21:11] C:\Program Files\Common Files\MSSoap
    [03/11/2007|08:21] C:\Program Files\Common Files\Nokia
    [27/12/2006|21:11] C:\Program Files\Common Files\ODBC
    [13/12/2007|21:23] C:\Program Files\Common Files\PACE Anti-Piracy
    [03/11/2007|08:12] C:\Program Files\Common Files\PCSuite
    [12/06/2007|19:35] C:\Program Files\Common Files\Roxio Shared
    [01/10/2008|18:30] C:\Program Files\Common Files\Scanner
    [27/12/2006|21:12] C:\Program Files\Common Files\Services
    [12/06/2007|19:35] C:\Program Files\Common Files\Sonic Shared
    [27/12/2006|21:12] C:\Program Files\Common Files\SpeechEngines
    [25/11/2007|08:58] C:\Program Files\Common Files\SWF Studio
    [16/09/2007|07:28] C:\Program Files\Common Files\Symantec Shared
    [28/08/2008|18:31] C:\Program Files\Common Files\System
    [08/08/2008|22:14] C:\Program Files\Common Files\Teleca Shared
    [24/02/2008|17:59] C:\Program Files\Common Files\WindowsLiveInstaller
    --------------------\\ Process
    ( 70 Processes )
    ... OK !
    --------------------\\ Searching with S_Lop
    No Lop folder found !

    --------------------\\ Searching for Lop Files - Folders
    C:\DOCUME~1\HELENB~1\Cookies\[email protected][2].txt
    C:\DOCUME~1\HELENB~1\Cookies\[email protected][1].txt
    C:\DOCUME~1\HELENB~1\Cookies\[email protected][2].txt
    C:\DOCUME~1\HELENB~1\Cookies\[email protected][2].txt

    --------------------\\ Searching within the Registry

    ..... OK !
    --------------------\\ Checking the Hosts file
    Hosts file CLEAN

    --------------------\\ Searching for hidden files with Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-12 14:08:56
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Searching for other infections

    No other infections found !
    [F:2][D:1]-> C:\DOCUME~1\HELENB~1\LOCALS~1\Temp
    [F:67][D:0]-> C:\DOCUME~1\HELENB~1\Cookies
    [F:5][D:1]-> C:\DOCUME~1\HELENB~1\LOCALS~1\TEMPOR~1\content.IE5
    1 - "C:\Lop SD\LopR_1.txt" - 08/10/2008| 7:29 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 10/10/2008|20:09 - Option : [4]
    3 - "C:\Lop SD\LopR_3.txt" - 12/10/2008|14:09 - Option : [4]
    --------------------\\ Scan completed at 14:09:39
     
  8. Hels_Here

    Hels_Here Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    72
    ComboFix Log

    ComboFix 08-10-11.02 - Helen Bennett 2008-10-12 13:56:12.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.604 [GMT 1:00]
    Running from: C:\Documents and Settings\Helen Bennett\Desktop\ComboFix.exe
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\3.exe
    C:\f.exe
    C:\WINDOWS\Downloaded Program Files\ODCTOOLS
    .
    ((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
    .
    2008-10-12 09:01 . 2008-10-12 09:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-10-11 19:08 . 2008-10-11 19:08 <DIR> d-------- C:\Program Files\Messenger Plus! Live
    2008-10-10 18:22 . 2008-10-10 18:22 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\panoramik
    2008-10-08 07:25 . 2008-10-10 20:09 <DIR> d-------- C:\Lop SD
    2008-10-07 21:14 . 2008-10-07 21:15 <DIR> d-------- C:\Program Files\Samantha Swift and the Hidden Roses of Athena
    2008-10-06 17:23 . 2008-10-06 17:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-06 17:23 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-06 17:23 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-02 18:38 . 2008-10-02 18:38 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\JoyBits
    2008-10-02 18:33 . 2008-10-02 18:38 <DIR> d-------- C:\Program Files\Cassandra's Journey - The Legacy of Nostradamus
    2008-10-01 18:35 . 2008-10-01 18:35 <DIR> d-------- C:\Program Files\Raxco
    2008-10-01 18:35 . 2008-10-01 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
    2008-10-01 18:25 . 2008-10-01 18:30 <DIR> d-------- C:\Program Files\Common Files\Scanner
    2008-10-01 18:25 . 2008-10-01 18:25 <DIR> d-------- C:\Program Files\Common Files\Authentium
    2008-10-01 18:25 . 2008-10-01 18:34 53,192 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
    2008-10-01 18:25 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
    2008-10-01 18:23 . 2008-10-01 18:23 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\InstallShield
    2008-09-30 21:19 . 2008-09-30 21:19 7,680 --ahs---- C:\WINDOWS\Thumbs.db
    2008-09-29 17:55 . 2008-09-30 20:22 <DIR> d-------- C:\Program Files\Cooking Dash
    2008-09-26 20:46 . 2008-09-30 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco(2)
    2008-09-26 20:45 . 2008-09-26 20:45 <DIR> d-------- C:\Documents and Settings\Emma Bennett\Application Data\InstallShield
    2008-09-26 17:13 . 2008-09-26 17:14 <DIR> d-------- C:\Program Files\Lost Secrets - Bermuda Triangle
    2008-09-22 19:31 . 2008-10-12 09:01 <DIR> d-------- C:\Documents and Settings\Emma Bennett\Application Data\OpenOffice.org2
    2008-09-22 18:25 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-09-18 22:39 . 2008-09-18 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
    2008-09-18 20:43 . 2008-09-18 21:48 <DIR> d-------- C:\Program Files\Magic Encyclopedia
    2008-09-17 17:52 . 2008-09-17 17:52 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\BigFishv1005
    2008-09-13 10:28 . 2008-09-13 10:29 <DIR> d-------- C:\Program Files\Turbo Fiesta
    2008-09-12 21:32 . 2008-09-23 22:17 <DIR> d-------- C:\Program Files\RighteousKill_at
    2008-09-12 21:25 . 2008-09-12 21:25 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\Pi Eye Games
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-11 21:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-10-11 18:59 --------- d-----w C:\Program Files\EA GAMES
    2008-10-11 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
    2008-10-11 08:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-07 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
    2008-10-06 17:04 --------- d-----w C:\Program Files\Java
    2008-10-02 21:02 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
    2008-10-02 21:02 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
    2008-10-01 20:22 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\EleFun Games
    2008-10-01 18:31 --------- d-----w C:\Documents and Settings\Emma Bennett\Application Data\FreeMore
    2008-10-01 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Debug manager soft the
    2008-10-01 17:25 --------- d-----w C:\Program Files\CA
    2008-10-01 17:24 --------- d-----w C:\Program Files\Virgin Broadband
    2008-10-01 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband
    2008-10-01 17:05 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Virgin Broadband
    2008-09-29 20:08 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\PlayFirst
    2008-09-29 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
    2008-09-24 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
    2008-09-22 17:32 --------- d-----w C:\Program Files\OpenOffice.org 2.3
    2008-09-21 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
    2008-09-20 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
    2008-09-20 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
    2008-09-14 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\MysteryChronicles
    2008-09-13 09:43 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Oberon Games
    2008-09-13 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
    2008-09-11 06:21 --------- d-----w C:\Program Files\QuickTime
    2008-09-10 17:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
    2008-09-10 07:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-09-10 07:01 --------- d-----w C:\Program Files\Microsoft Works
    2008-09-09 20:05 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\MysteryStudio
    2008-09-09 19:18 0 ----a-w C:\Documents and Settings\Emma Bennett\Application Data\wklnhst.dat
    2008-09-09 19:18 --------- d-----w C:\Documents and Settings\Emma Bennett\Application Data\Template
    2008-09-09 16:45 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\OpenOffice.org2
    2008-09-09 16:40 --------- d-----w C:\Program Files\bfgclient
    2008-09-08 18:35 --------- d-----w C:\Program Files\Zylom Games
    2008-09-06 08:11 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Zylom
    2008-09-05 20:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-09-04 18:22 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Home Sweet Home 2
    2008-09-03 18:46 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\BeachPartyCraze
    2008-08-31 13:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-28 16:31 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Big Fish Games
    2008-08-27 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
    2008-08-26 21:32 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Purple Patch Games
    2008-08-24 10:39 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\TMInc
    2008-08-23 17:12 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\BFG_JanesRealty
    2008-08-22 19:59 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Righteous Kill
    2008-08-18 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intenium
    2008-08-17 20:51 796,672 ----a-w C:\WINDOWS\GPInstall.exe
    2008-08-17 20:51 --------- d-----w C:\Program Files\Deirdra Kiai Productions
    2008-08-14 19:37 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Go-Go Gourmet Chef of the Year
    2008-07-25 14:15 4,632 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
    2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-12 14:17 29,760 ----a-w C:\WINDOWS\system32\O0JgCl87.exe
    2008-03-18 20:40 24,540 ----a-w C:\Program Files\HIJACKTHIS[1].EXE-032D5DCC.pf
    2008-03-01 09:53 0 ----a-w C:\Program Files\temp01
    2007-11-23 23:18 812 ----a-w C:\Documents and Settings\Helen Bennett\Application Data\wklnhst.dat
    2007-06-13 11:26 204,804 --sh--r C:\WINDOWS\system32\winsrtv32.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 68856]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
    "ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
    "ISUSScheduler"="c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
    "winpr.exe"="C:\WINDOWS\system32\winpr.exe" [2008-06-04 36868]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
    "soft the obj send"="C:\Documents and Settings\All Users\Application Data\Debug manager soft the\burn tray.exe" [2008-10-12 8866304]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-11 413696]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 2061552]
    "PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 310000]
    "-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552]
    "nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
    "Protect"="SHVRTF.EXE" [2005-02-04 C:\WINDOWS\system32\SHVRTF.EXE]
    "Microsoft Genuine Advantage"="winsrtv32.exe" [2007-06-13 C:\WINDOWS\system32\winsrtv32.exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Microsoft Genuine Advantage"="winsrtv32.exe" [2007-06-13 C:\WINDOWS\system32\winsrtv32.exe]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\bfgclient\\bfggameservices.exe"=
    "C:\\Program Files\\bfgclient\\bfgprocess.exe"=
    "C:\\Program Files\\bfgclient\\bfgclient.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    S3 bDMusicb;bDMusicb;C:\DOCUME~1\EMMABE~1\LOCALS~1\Temp\bDMusicb.sys [ ]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
    S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2008-04-14 5120]
    S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
    S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
    S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
    S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
    S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]
    S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
    S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]
    *Newly Created Service* - PROCEXP90
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E2F7A3FF-3F65-97D6-882B-4CFA04A2DFCA}]
    C:\WINDOWS\system32\winpr.exe
    .
    Contents of the 'Scheduled Tasks' folder
    2008-10-12 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
    2007-05-13 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
    - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe []
    2008-10-11 C:\WINDOWS\Tasks\System Restore.job
    - C:\WINDOWS\system32\Restore\rstrui.exe [2008-04-14 01:12]
    .
    - - - - ORPHANS REMOVED - - - -
    HKLM-Run-Windows DNS Controller - winmn32.exe

    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://news.bbc.co.uk/
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
    R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.evesham.com/
    O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    .
    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-12 14:01:57
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    winpr.exe = C:\WINDOWS\system32\winpr.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\EMMABE~1\LOCALS~1\Temp\mc23D.tmp"
    .
    Completion time: 2008-10-12 14:04:10
    ComboFix-quarantined-files.txt 2008-10-12 13:04:05
    Pre-Run: 193,323,909,120 bytes free
    Post-Run: 193,669,664,768 bytes free
    220 --- E O F --- 2008-09-10 07:04:12
     
  9. Hels_Here

    Hels_Here Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    72
    HiJack This Log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:10:11, on 12/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\winpr.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\winsrtv32.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Helen Bennett\Desktop\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
    O4 - HKLM\..\Run: [Microsoft Genuine Advantage] winsrtv32.exe
    O4 - HKLM\..\Run: [winpr.exe] C:\WINDOWS\system32\winpr.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [soft the obj send] C:\Documents and Settings\All Users\Application Data\Debug manager soft the\burn tray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
    O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
    O4 - HKLM\..\RunServices: [Microsoft Genuine Advantage] winsrtv32.exe
    O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\HELENB~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Emma Bennett')
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Emma Bennett')
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Emma Bennett')
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Emma Bennett')
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Emma Bennett')
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe (User 'Emma Bennett')
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Emma Bennett')
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [cast up] C:\DOCUME~1\EMMABE~1\APPLIC~1\FreeMore\BoltLies.exe (User 'Emma Bennett')
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe" (User 'Emma Bennett')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    --
    End of file - 11649 bytes
     
  10. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hello Hels_Here
    Sorry for the late reply.

    ATF Cleaner
    Download ATF Cleaner here by Atribune.
    • Double-click ATF-Cleaner.exe to run the program
      Under Main choose: Select All
      Click the Empty Selected button
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button
      NOTE: If you would like to keep your saved passwords, please click No at the prompt
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button
      NOTE: If you would like to keep your saved passwords, please click No at the prompt
    Click Exit on the Main menu to close the program.

    Fix HiJackThis Entries
    • Open HiJackThis
    • Click on Do a system scan only
    • Place a checkmark next to these lines(if still present):
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\HELENB~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [cast up] C:\DOCUME~1\EMMABE~1\APPLIC~1\FreeMore\BoltLies.exe (User 'Emma Bennett')


    • Close all windows except Hijackthis and click Fix Checked
    • Click Yes when prompted
    • Close HijackThis.

    CFScript
    Close any open browsers.
    Open notepad and copy/paste the text in the code box below into it:

    Code:
    Driver::
    bDMusicb
    mchInjDrv
    
    File::
    C:\WINDOWS\system32\O0JgCl87.exe
    C:\WINDOWS\system32\winsrtv32.exe
    C:\WINDOWS\system32\winpr.exe
    C:\DOCUME~1\EMMABE~1\LOCALS~1\Temp\mc23D.tmp
    C:\DOCUME~1\EMMABE~1\LOCALS~1\Temp\bDMusicb.sys
    
    Folder::
    C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    C:\Program Files\Messenger Plus! Live
    C:\Documents and Settings\Emma Bennett\Application Data\FreeMore
    C:\Documents and Settings\All Users\Application Data\Debug manager soft the
    C:\Program Files\temp01
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "winpr.exe"=-
    "soft the obj send"=-
    "Microsoft Genuine Advantage"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Microsoft Genuine Advantage"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E2F7A3FF-3F65-97D6-882B-4CFA04A2DFCA}]
    Save this as CFScript.txt, in the same location as ComboFix.exe

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe
    When finished, it shall produce a log for you at "C:\ComboFix.txt"
    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    To post in next reply:
    Combofix log
    New HijackThis log
     
  11. Hels_Here

    Hels_Here Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    72
    Hi, all actions completed as requested, HijackThis log to follow in a seperate reply

    ComboFix 08-10-12.01 - Helen Bennett 2008-10-14 17:38:14.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.593 [GMT 1:00]
    Running from: C:\Documents and Settings\Helen Bennett\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Helen Bennett\Desktop\CFScript.txt
    * Created a new restore point
    FILE ::
    C:\DOCUME~1\EMMABE~1\LOCALS~1\Temp\bDMusicb.sys
    C:\DOCUME~1\EMMABE~1\LOCALS~1\Temp\mc23D.tmp
    C:\WINDOWS\system32\O0JgCl87.exe
    C:\WINDOWS\system32\winpr.exe
    C:\WINDOWS\system32\winsrtv32.exe
    .
    /wow section - STAGE 10
    The handle could not be duplicated
    during redirection of handle 1.
    The system cannot find the path specified.
    The process cannot access the file because it is being used by another process.

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Documents and Settings\All Users\Application Data\Debug manager soft the
    C:\Documents and Settings\All Users\Application Data\Debug manager soft the\Beep face.exe
    C:\Documents and Settings\All Users\Application Data\Debug manager soft the\Part Idol.exe
    C:\Documents and Settings\All Users\Application Data\Debug manager soft the\Window Defy.exe
    C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    C:\Program Files\Messenger Plus! Live
    C:\Program Files\Messenger Plus! Live\Detoured.dll
    C:\Program Files\Messenger Plus! Live\Events Style Sheet.xsl
    C:\Program Files\Messenger Plus! Live\lame_enc.dll
    C:\Program Files\Messenger Plus! Live\Languages\Lng_Arabic.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_ChineseSimplified.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_ChineseTraditional.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_Danish.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_Default.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_Dutch.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_Estonian.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_Finnish.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_French.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_German.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_Hebrew.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_Hungarian.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_Italian.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_Japanese.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_Korean.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_Norwegian.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_Portuguese.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_Spanish.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_Swedish.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_Thai.ini
    C:\Program Files\Messenger Plus! Live\Languages\Lng_Turkish.ini
    C:\Program Files\Messenger Plus! Live\libsndfile.dll
    C:\Program Files\Messenger Plus! Live\Log Viewer.exe
    C:\Program Files\Messenger Plus! Live\MPScripts.dll
    C:\Program Files\Messenger Plus! Live\MPSkins.dll
    C:\Program Files\Messenger Plus! Live\MPTools.exe
    C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
    C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll
    C:\Program Files\Messenger Plus! Live\MsgPlusLoader.dll
    C:\Program Files\Messenger Plus! Live\Uninstall.exe
    C:\Program Files\temp01\
    C:\WINDOWS\system32\O0JgCl87.exe
    C:\WINDOWS\system32\winpr.exe
    C:\WINDOWS\system32\winsrtv32.exe
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_BDMUSICB
    -------\Legacy_MCHINJDRV
    -------\Service_bDMusicb

    ((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
    .
    2008-10-12 16:33 . 2008-10-12 16:33 <DIR> d-------- C:\Program Files\FreeMore
    2008-10-12 16:32 . 2008-10-12 16:32 <DIR> d-------- C:\Program Files\Circle Developement
    2008-10-10 18:22 . 2008-10-10 18:22 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\panoramik
    2008-10-08 07:25 . 2008-10-12 14:09 <DIR> d-------- C:\Lop SD
    2008-10-07 21:14 . 2008-10-07 21:15 <DIR> d-------- C:\Program Files\Samantha Swift and the Hidden Roses of Athena
    2008-10-06 17:23 . 2008-10-06 17:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-06 17:23 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-06 17:23 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-02 18:38 . 2008-10-02 18:38 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\JoyBits
    2008-10-02 18:33 . 2008-10-02 18:38 <DIR> d-------- C:\Program Files\Cassandra's Journey - The Legacy of Nostradamus
    2008-10-01 18:35 . 2008-10-01 18:35 <DIR> d-------- C:\Program Files\Raxco
    2008-10-01 18:35 . 2008-10-01 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
    2008-10-01 18:25 . 2008-10-01 18:30 <DIR> d-------- C:\Program Files\Common Files\Scanner
    2008-10-01 18:25 . 2008-10-01 18:25 <DIR> d-------- C:\Program Files\Common Files\Authentium
    2008-10-01 18:25 . 2008-10-01 18:34 53,192 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
    2008-10-01 18:25 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
    2008-10-01 18:23 . 2008-10-01 18:23 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\InstallShield
    2008-09-30 21:19 . 2008-09-30 21:19 7,680 --ahs---- C:\WINDOWS\Thumbs.db
    2008-09-29 17:55 . 2008-09-30 20:22 <DIR> d-------- C:\Program Files\Cooking Dash
    2008-09-26 20:46 . 2008-09-30 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco(2)
    2008-09-26 17:13 . 2008-09-26 17:14 <DIR> d-------- C:\Program Files\Lost Secrets - Bermuda Triangle
    2008-09-22 18:25 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-09-18 22:39 . 2008-09-18 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
    2008-09-18 20:43 . 2008-09-18 21:48 <DIR> d-------- C:\Program Files\Magic Encyclopedia
    2008-09-17 17:52 . 2008-09-17 17:52 <DIR> d-------- C:\Documents and Settings\Helen Bennett\Application Data\BigFishv1005
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-14 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-10-12 15:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-11 18:59 --------- d-----w C:\Program Files\EA GAMES
    2008-10-11 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
    2008-10-07 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
    2008-10-06 17:04 --------- d-----w C:\Program Files\Java
    2008-10-02 21:02 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
    2008-10-02 21:02 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
    2008-10-01 20:22 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\EleFun Games
    2008-10-01 17:25 --------- d-----w C:\Program Files\CA
    2008-10-01 17:24 --------- d-----w C:\Program Files\Virgin Broadband
    2008-10-01 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband
    2008-10-01 17:05 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Virgin Broadband
    2008-09-29 20:08 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\PlayFirst
    2008-09-29 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
    2008-09-24 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
    2008-09-23 21:17 --------- d-----w C:\Program Files\RighteousKill_at
    2008-09-22 17:32 --------- d-----w C:\Program Files\OpenOffice.org 2.3
    2008-09-21 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
    2008-09-20 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
    2008-09-20 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
    2008-09-14 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\MysteryChronicles
    2008-09-13 09:43 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Oberon Games
    2008-09-13 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
    2008-09-13 09:29 --------- d-----w C:\Program Files\Turbo Fiesta
    2008-09-12 20:25 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Pi Eye Games
    2008-09-11 06:21 --------- d-----w C:\Program Files\QuickTime
    2008-09-10 17:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
    2008-09-10 07:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-09-10 07:01 --------- d-----w C:\Program Files\Microsoft Works
    2008-09-09 20:05 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\MysteryStudio
    2008-09-09 16:45 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\OpenOffice.org2
    2008-09-09 16:40 --------- d-----w C:\Program Files\bfgclient
    2008-09-08 18:35 --------- d-----w C:\Program Files\Zylom Games
    2008-09-06 08:11 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Zylom
    2008-09-05 20:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-09-04 18:22 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Home Sweet Home 2
    2008-09-03 18:46 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\BeachPartyCraze
    2008-08-31 13:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-28 16:31 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Big Fish Games
    2008-08-27 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
    2008-08-26 21:32 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Purple Patch Games
    2008-08-24 10:39 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\TMInc
    2008-08-23 17:12 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\BFG_JanesRealty
    2008-08-22 19:59 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Righteous Kill
    2008-08-18 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intenium
    2008-08-17 20:51 796,672 ----a-w C:\WINDOWS\GPInstall.exe
    2008-08-17 20:51 --------- d-----w C:\Program Files\Deirdra Kiai Productions
    2008-08-14 19:37 --------- d-----w C:\Documents and Settings\Helen Bennett\Application Data\Go-Go Gourmet Chef of the Year
    2008-07-25 14:15 4,632 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
    2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-03-18 20:40 24,540 ----a-w C:\Program Files\HIJACKTHIS[1].EXE-032D5DCC.pf
    2008-03-01 09:53 0 ----a-w C:\Program Files\temp01
    2007-11-23 23:18 812 ----a-w C:\Documents and Settings\Helen Bennett\Application Data\wklnhst.dat
    .
    ((((((((((((((((((((((((((((( [email protected]_14.03.47.45 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
    - 2008-10-01 18:31:15 2,097,152 ---ha-w C:\WINDOWS\system32\VSS\Documents and Settings\Administrator\NTUSER.DAT
    + 2008-10-12 15:33:34 2,097,152 ---ha-w C:\WINDOWS\system32\VSS\Documents and Settings\Administrator\NTUSER.DAT
    - 2008-10-11 23:42:42 6,815,744 ----a-w C:\WINDOWS\system32\VSS\Documents and Settings\Emma Bennett\NTUSER.DAT
    + 2008-10-12 22:02:24 6,815,744 ----a-w C:\WINDOWS\system32\VSS\Documents and Settings\Emma Bennett\NTUSER.DAT
    - 2008-10-11 23:41:39 5,767,168 ----a-w C:\WINDOWS\system32\VSS\Documents and Settings\Helen Bennett\NTUSER.DAT
    + 2008-10-13 22:25:06 5,767,168 ----a-w C:\WINDOWS\system32\VSS\Documents and Settings\Helen Bennett\NTUSER.DAT
    - 2008-10-11 23:42:42 237,568 ----a-w C:\WINDOWS\system32\VSS\Documents and Settings\LocalService\NTUSER.DAT
    + 2008-10-13 22:25:06 237,568 ----a-w C:\WINDOWS\system32\VSS\Documents and Settings\LocalService\NTUSER.DAT
    - 2008-10-11 23:42:42 237,568 ----a-w C:\WINDOWS\system32\VSS\Documents and Settings\NetworkService\NTUSER.DAT
    + 2008-10-13 22:25:06 237,568 ----a-w C:\WINDOWS\system32\VSS\Documents and Settings\NetworkService\NTUSER.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 68856]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
    "ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
    "ISUSScheduler"="c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-11 413696]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 2061552]
    "PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 310000]
    "-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552]
    "nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
    "Protect"="SHVRTF.EXE" [2005-02-04 C:\WINDOWS\system32\SHVRTF.EXE]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\bfgclient\\bfggameservices.exe"=
    "C:\\Program Files\\bfgclient\\bfgprocess.exe"=
    "C:\\Program Files\\bfgclient\\bfgclient.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
    S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2008-04-14 5120]
    S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
    S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
    S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
    S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
    S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]
    S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
    S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]
    .
    Contents of the 'Scheduled Tasks' folder
    2008-10-14 C:\WINDOWS\Tasks\A2A2F78791856AB3.job
    - c:\docume~1\emmabe~1\applic~1\freemore\Safeelseboob.exe []
    2008-10-14 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
    2007-05-13 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
    - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe []
    2008-10-13 C:\WINDOWS\Tasks\System Restore.job
    - C:\WINDOWS\system32\Restore\rstrui.exe [2008-04-14 01:12]
    .
    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-14 18:12:31
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\searchindexer.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
    C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-14 18:19:32 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-14 17:19:24
    ComboFix2.txt 2008-10-12 13:04:10
    Pre-Run: 194,369,736,704 bytes free
    Post-Run: 194,241,568,768 bytes free
    278 --- E O F --- 2008-09-10 07:04:12
     
  12. Hels_Here

    Hels_Here Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    72
    Hijack This Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:47:08, on 14/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    C:\WINDOWS\explorer.exe
    c:\program files\common files\installshield\updateservice\isuspm.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Virgin Broadband\PCguard\RPS.exe
    C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Helen Bennett\Desktop\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
    O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
    O4 - HKLM\..\Run: [soft the obj send] C:\Documents and Settings\All Users\Application Data\Debug manager soft the\Cast That.exe
    O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Emma Bennett')
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Emma Bennett')
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Emma Bennett')
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Emma Bennett')
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Emma Bennett')
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe (User 'Emma Bennett')
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Emma Bennett')
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [cast up] C:\DOCUME~1\EMMABE~1\APPLIC~1\FreeMore\BoltLies.exe (User 'Emma Bennett')
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe" (User 'Emma Bennett')
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" (User 'Emma Bennett')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    --
    End of file - 11662 bytes
     
  13. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hello Hels_Here
    I apologise for the late reply.

    Fix HiJackThis Entries
    • Open HiJackThis
    • Click on Do a system scan only
    • Place a checkmark next to these lines(if still present):
    O4 - HKLM\..\Run: [soft the obj send] C:\Documents and Settings\All Users\Application Data\Debug manager soft the\Cast That.exe
    O4 - HKUS\S-1-5-21-1866353594-2383639427-4218813869-1006\..\Run: [cast up] C:\DOCUME~1\EMMABE~1\APPLIC~1\FreeMore\BoltLies.exe (User 'Emma Bennett')


    • Close all windows except Hijackthis and click Fix Checked
    • Click Yes when prompted
    • Close HijackThis.
    CFScript
    Close any open browsers.
    Open notepad and copy/paste the text in the code box below into it:

    Code:
    File::
    C:\WINDOWS\Tasks\A2A2F78791856AB3.job
    
    Folder::
    C:\Documents and Settings\Emma Bennett\Application Data\freemore
    C:\Program Files\Circle Developement
    C:\Program Files\FreeMore
    Save this as CFScript.txt, in the same location as ComboFix.exe

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe
    When finished, it shall produce a log for you at "C:\ComboFix.txt"
    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    To post in next reply:
    Combofix log
    New HijackThis log
     
  14. Hels_Here

    Hels_Here Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    72
    Hello

    Here is my HijackThis new report. Combo Fix Log to follow in separate reply. I couldn't locat the second 04 line that you mentioned for removal from HijackThis.

    Thank you again for your help with this problem.

    HijackThis Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:16:49, on 17/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Helen Bennett\Desktop\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
    O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    --
    End of file - 9296 bytes
     
  15. Hels_Here

    Hels_Here Thread Starter

    Joined:
    Oct 6, 2008
    Messages:
    72
    Hi, I have had to attach my Combo Fix Log as it was too long for the allowed file length. Hope this is okay.

    Thank you
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/756610

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice