Active virus affecting IE by redirecting searches,blocking tools

coopsey · 2008/12/15

[Active] virus affecting IE by redirecting searches,blocking tools

Hi I have a virus thats redirecting web pages and blocking links and tools from working.The only thing Ive been able to run is windows onecare online scanner.Ive just finished using this which told me I had 10 serious infections including trojan.vundo.The scanner told me it had removed all the infections but after restarting my PC everything is still wrong!I have managed to get a HJT log (doesnt always run!).I cant click on any links from here nor do I have another PC available until I can get to the library.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55, on 15/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\eHome\\ehRecvr.exe
C:\\WINDOWS\\eHome\\ehSched.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Common Files\\BitDefender\\BitDefender Communicator\\xcommsvr.exe
C:\\Program Files\\Common Files\\BitDefender\\BitDefender Update Service\\livesrv.exe
C:\\WINDOWS\\system32\\dllhost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\BitDefender\\BitDefender 2008\\bdagent.exe
C:\\Program Files\\internet explorer\\iexplore.exe
C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe

O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'LOCAL SERVICE\')
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...5/&filename=jinstall-6u11-windows-i586-jc.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1150\\Intel 32\\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\\Program Files\\Common Files\\Logitech\\Bluetooth\\LBTSERV.EXE (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\\Program Files\\Common Files\\BitDefender\\BitDefender Update Service\\livesrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\\Program Files\\Spyware Doctor\\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\\Program Files\\Spyware Doctor\\pctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\\Program Files\\BitDefender\\BitDefender 2008\\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\\Program Files\\Common Files\\BitDefender\\BitDefender Communicator\\xcommsvr.exe

--
End of file - 3058 bytes

Thankyou very much for your time.

PeteC · 2008/12/15

Please read this and post the logs requested in this thread.

coopsey · 2008/12/15

Logfile of random\\\'s system information tool 1.04 (written by random/random)
Run by JACQUIE at 2008-12-15 21:44:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 191 GB (80%) free of 238 GB
Total RAM: 2039 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44, on 15/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\\\\WINDOWS\\\\System32\\\\smss.exe
C:\\\\WINDOWS\\\\system32\\\\winlogon.exe
C:\\\\WINDOWS\\\\system32\\\\services.exe
C:\\\\WINDOWS\\\\system32\\\\lsass.exe
C:\\\\WINDOWS\\\\system32\\\\svchost.exe
C:\\\\WINDOWS\\\\System32\\\\svchost.exe
C:\\\\Program Files\\\\Lavasoft\\\\Ad-Aware 2007\\\\aawservice.exe
C:\\\\WINDOWS\\\\system32\\\\spoolsv.exe
C:\\\\WINDOWS\\\\eHome\\\\ehRecvr.exe
C:\\\\WINDOWS\\\\eHome\\\\ehSched.exe
C:\\\\Program Files\\\\Java\\\\jre6\\\\bin\\\\jqs.exe
C:\\\\WINDOWS\\\\system32\\\\svchost.exe
C:\\\\Program Files\\\\Common Files\\\\BitDefender\\\\BitDefender Communicator\\\\xcommsvr.exe
C:\\\\Program Files\\\\Common Files\\\\BitDefender\\\\BitDefender Update Service\\\\livesrv.exe
C:\\\\WINDOWS\\\\system32\\\\dllhost.exe
C:\\\\WINDOWS\\\\System32\\\\svchost.exe
C:\\\\WINDOWS\\\\Explorer.EXE
C:\\\\WINDOWS\\\\system32\\\\ctfmon.exe
C:\\\\Program Files\\\\internet explorer\\\\iexplore.exe
C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Desktop\\\\RSIT.exe
C:\\\\Program Files\\\\Trend Micro\\\\HijackThis\\\\JACQUIE.exe

O4 - HKCU\\\\..\\\\Run: [ctfmon.exe] C:\\\\WINDOWS\\\\system32\\\\ctfmon.exe
O4 - HKUS\\\\S-1-5-19\\\\..\\\\Run: [CTFMON.EXE] C:\\\\WINDOWS\\\\system32\\\\CTFMON.EXE (User \\\'LOCAL SERVICE\\\')
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...5/&filename=jinstall-6u11-windows-i586-jc.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\\\\Program Files\\\\Lavasoft\\\\Ad-Aware 2007\\\\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\\\Program Files\\\\Google\\\\Common\\\\Google Updater\\\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\\\Program Files\\\\Common Files\\\\InstallShield\\\\Driver\\\\1150\\\\Intel 32\\\\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\\\Program Files\\\\Java\\\\jre6\\\\bin\\\\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\\\\Program Files\\\\Common Files\\\\Logitech\\\\Bluetooth\\\\LBTSERV.EXE (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\\\\Program Files\\\\Common Files\\\\BitDefender\\\\BitDefender Update Service\\\\livesrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\\\\Program Files\\\\Spyware Doctor\\\\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\\\\Program Files\\\\Spyware Doctor\\\\pctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\\\\Program Files\\\\BitDefender\\\\BitDefender 2008\\\\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\\\\Program Files\\\\Common Files\\\\BitDefender\\\\BitDefender Communicator\\\\xcommsvr.exe

--
End of file - 3057 bytes

======Scheduled tasks folder======

C:\\\\WINDOWS\\\\tasks\\\\A8E231CB9119A5C7.job
C:\\\\WINDOWS\\\\tasks\\\\AppleSoftwareUpdate.job
C:\\\\WINDOWS\\\\tasks\\\\Check Updates for Windows Live Toolbar.job
C:\\\\WINDOWS\\\\tasks\\\\MP Scheduled Scan.job

======Registry dump======

[HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run]
\\\ "ctfmon.exe\\\ "=C:\\\\WINDOWS\\\\system32\\\\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\Notify\\\\igfxcui]
C:\\\\WINDOWS\\\\system32\\\\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\ShellExecuteHooks]
\\\ "{88485281-8b4b-4f8d-9ede-82e29a064277}\\\ "=C:\\\\PROGRA~1\\\\MarkAny\\\\CONTEN~1\\\\MACSMA~1.DLL [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\SafeBoot\\\\Minimal\\\\aawservice]

[HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\SafeBoot\\\\Minimal\\\\sdauxservice]

[HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\SafeBoot\\\\Minimal\\\\sdcoreservice]

[HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\SafeBoot\\\\network\\\\aawservice]

[HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\SafeBoot\\\\network\\\\sdauxservice]

[HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\SafeBoot\\\\network\\\\sdcoreservice]

[HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System]
\\\ "DisableTaskMgr\\\ "=0

[HKEY_LOCAL_MACHINE\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System]
\\\ "dontdisplaylastusername\\\ "=0
\\\ "legalnoticecaption\\\ "=
\\\ "legalnoticetext\\\ "=
\\\ "shutdownwithoutlogon\\\ "=1
\\\ "undockwithoutlogon\\\ "=1
\\\ "InstallVisualStyle\\\ "=C:\\\\WINDOWS\\\\Resources\\\\Themes\\\\Royale\\\\Royale.msstyles
\\\ "InstallTheme\\\ "=C:\\\\WINDOWS\\\\Resources\\\\Themes\\\\Royale.theme

[HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\explorer]
\\\ "NoDriveTypeAutoRun\\\ "=145
\\\ "NoDrives\\\ "=0

[HKEY_LOCAL_MACHINE\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\explorer]
\\\ "NoDriveAutoRun\\\ "=
\\\ "NoDriveTypeAutoRun\\\ "=
\\\ "NoDrives\\\ "=

[HKEY_LOCAL_MACHINE\\\\system\\\\currentcontrolset\\\\services\\\\sharedaccess\\\\parameters\\\\firewallpolicy\\\\standardprofile\\\\authorizedapplications\\\\list]
\\\ "%windir%\\\\system32\\\\sessmgr.exe\\\ "=\\\ "%windir%\\\\system32\\\\sessmgr.exe:*:enabledxpsp2res.dll,-22019\\\ "
\\\ "%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\\\ "=\\\ "%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000\\\ "
\\\ "C:\\\\Program Files\\\\SopCast\\\\adv\\\\SopAdver.exe\\\ "=\\\ "C:\\\\Program Files\\\\SopCast\\\\adv\\\\SopAdver.exe:*:Enabled:SopCast Adver\\\ "
\\\ "C:\\\\Program Files\\\\SopCast\\\\SopCast.exe\\\ "=\\\ "C:\\\\Program Files\\\\SopCast\\\\SopCast.exe:*:Enabled:SopCast Main Application\\\ "
\\\ "C:\\\\Program Files\\\\uTorrent\\\\uTorrent.exe\\\ "=\\\ "C:\\\\Program Files\\\\uTorrent\\\\uTorrent.exe:*:Enabled:µTorrent\\\ "
\\\ "C:\\\\Ntreev\\\\Grand Chase\\\\main.exe\\\ "=\\\ "C:\\\\Ntreev\\\\Grand Chase\\\\main.exe:*:Enabled:GrandChase\\\ "
\\\ "C:\\\\WINDOWS\\\\system32\\\\muzapp.exe\\\ "=\\\ "C:\\\\WINDOWS\\\\system32\\\\muzapp.exe:*:Enabled:MUZ AOD APP player\\\ "
\\\ "C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\msnmsgr.exe\\\ "=\\\ "C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\msnmsgr.exe:*:Enabled:Windows Live Messenger\\\ "
\\\ "C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\livecall.exe\\\ "=\\\ "C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)\\\ "
\\\ "C:\\\\Program Files\\\\Messenger\\\\msmsgs.exe\\\ "=\\\ "C:\\\\Program Files\\\\Messenger\\\\msmsgs.exe:*:Enabled:Windows Messenger\\\ "
\\\ "C:\\\\Program Files\\\\BitComet\\\\BitComet.exe\\\ "=\\\ "C:\\\\Program Files\\\\BitComet\\\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client\\\ "
\\\ "C:\\\\Program Files\\\\LimeWire\\\\LimeWire.exe\\\ "=\\\ "C:\\\\Program Files\\\\LimeWire\\\\LimeWire.exe:*:Enabled:LimeWire\\\ "

[HKEY_LOCAL_MACHINE\\\\system\\\\currentcontrolset\\\\services\\\\sharedaccess\\\\parameters\\\\firewallpolicy\\\\domainprofile\\\\authorizedapplications\\\\list]
\\\ "%windir%\\\\system32\\\\sessmgr.exe\\\ "=\\\ "%windir%\\\\system32\\\\sessmgr.exe:*:enabledxpsp2res.dll,-22019\\\ "
\\\ "%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\\\ "=\\\ "%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000\\\ "
\\\ "C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\msnmsgr.exe\\\ "=\\\ "C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\msnmsgr.exe:*:Enabled:Windows Live Messenger\\\ "
\\\ "C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\livecall.exe\\\ "=\\\ "C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)\\\ "

======List of files/folders created in the last 3 months======

2008-12-15 21:44:38 ----D---- C:\\\\rsit
2008-12-15 20:39:00 ----D---- C:\\\\Program Files\\\\Microsoft Windows OneCare Live
2008-12-15 18:05:11 ----D---- C:\\\\Program Files\\\\Windows Live Safety Center
2008-12-15 09:53:34 ----A---- C:\\\\WINDOWS\\\\Copy of Fashion Apprentice Uninstall Log.txt
2008-12-15 09:53:34 ----A---- C:\\\\WINDOWS\\\\Copy of Fashion Apprentice Setup Log.txt
2008-12-15 09:53:34 ----A---- C:\\\\WINDOWS\\\\Copy of Farm Frenzy 2 Uninstall Log.txt
2008-12-15 09:53:34 ----A---- C:\\\\WINDOWS\\\\Copy (2) of Emergency Hospital Uninstall Log.txt
2008-12-15 09:53:34 ----A---- C:\\\\WINDOWS\\\\Copy (2) of Emergency Hospital Setup Log.txt
2008-12-15 09:53:34 ----A---- C:\\\\WINDOWS\\\\Copy (2) of Dress Up Rush Uninstall Log.txt
2008-12-15 09:53:34 ----A---- C:\\\\WINDOWS\\\\Copy (2) of Dress Up Rush Setup Log.txt
2008-12-15 09:53:34 ----A---- C:\\\\WINDOWS\\\\Copy (2) of DQ Tycoon Uninstall Log.txt
2008-12-15 09:53:34 ----A---- C:\\\\WINDOWS\\\\Copy (2) of DQ Tycoon Setup Log.txt
2008-12-15 09:53:31 ----A---- C:\\\\WINDOWS\\\\Copy of Emergency Hospital Uninstall Log.txt
2008-12-15 09:53:31 ----A---- C:\\\\WINDOWS\\\\Copy of Emergency Hospital Setup Log.txt
2008-12-15 09:53:31 ----A---- C:\\\\WINDOWS\\\\Copy of Dress Up Rush Uninstall Log.txt
2008-12-15 09:53:31 ----A---- C:\\\\WINDOWS\\\\Copy of Dress Up Rush Setup Log.txt
2008-12-15 09:53:31 ----A---- C:\\\\WINDOWS\\\\Copy of DQ Tycoon Uninstall Log.txt
2008-12-15 09:53:31 ----A---- C:\\\\WINDOWS\\\\Copy of DQ Tycoon Setup Log.txt
2008-12-15 09:35:52 ----A---- C:\\\\WINDOWS\\\\ntbtlog.txt
2008-12-15 08:56:16 ----D---- C:\\\\Avenger
2008-12-15 08:56:16 ----A---- C:\\\\avenger.txt
2008-12-14 22:33:09 ----D---- C:\\\\Program Files\\\\Spyware Doctor
2008-12-14 22:33:09 ----D---- C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Application Data\\\\PC Tools
2008-12-14 22:17:40 ----D---- C:\\\\Program Files\\\\Malwarebytes\\\' Anti-Malware
2008-12-14 22:17:40 ----D---- C:\\\\Documents and Settings\\\\All Users.WINDOWS\\\\Application Data\\\\Malwarebytes
2008-12-14 21:47:27 ----A---- C:\\\\WINDOWS\\\\system32\\\\flcss.exe
2008-12-13 13:14:08 ----D---- C:\\\\Documents and Settings\\\\All Users.WINDOWS\\\\Application Data\\\\Questtracers
2008-12-12 14:33:44 ----A---- C:\\\\WINDOWS\\\\system32\\\\MRT.exe
2008-12-12 10:05:58 ----D---- C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Application Data\\\\Ashtons. Family Resort
2008-12-12 10:05:58 ----D---- C:\\\\Documents and Settings\\\\All Users.WINDOWS\\\\Application Data\\\\Ashtons. Family Resort
2008-12-11 10:42:06 ----D---- C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Application Data\\\\Sarah\\\'s Emergency Hospital
2008-12-10 20:29:54 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB955839$
2008-12-10 20:29:07 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB952069_WM9$
2008-12-10 20:28:57 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB954600$
2008-12-10 20:28:39 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB956802$
2008-12-09 19:06:13 ----N---- C:\\\\WINDOWS\\\\UNNMIX.exe
2008-12-09 19:05:31 ----D---- C:\\\\Program Files\\\\Ahead
2008-12-09 18:49:34 ----D---- C:\\\\Program Files\\\\DVD Decrypter
2008-12-09 09:58:56 ----D---- C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Application Data\\\\Shape games
2008-12-09 09:58:30 ----D---- C:\\\\WINDOWS\\\\Paranormal Agency
2008-12-09 09:58:30 ----D---- C:\\\\Program Files\\\\Paranormal Agency
2008-12-09 09:58:24 ----A---- C:\\\\WINDOWS\\\\Paranormal Agency Setup Log.txt
2008-12-08 17:03:41 ----D---- C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Application Data\\\\Home Sweet Home Christmas
2008-12-08 17:02:49 ----D---- C:\\\\WINDOWS\\\\Home Sweet Home Christmas Edition
2008-12-08 17:02:49 ----D---- C:\\\\Program Files\\\\Home Sweet Home Christmas Edition
2008-12-06 14:35:26 ----D---- C:\\\\Program Files\\\\Dell Photo AIO Printer 924
2008-12-03 16:09:46 ----A---- C:\\\\WINDOWS\\\\system32\\\\javaws.exe
2008-12-03 16:09:46 ----A---- C:\\\\WINDOWS\\\\system32\\\\javaw.exe
2008-12-03 16:09:46 ----A---- C:\\\\WINDOWS\\\\system32\\\\java.exe
2008-11-30 13:59:55 ----D---- C:\\\\Documents and Settings\\\\All Users.WINDOWS\\\\Application Data\\\\NevoSoft Games
2008-11-22 11:37:00 ----A---- C:\\\\WINDOWS\\\\system32\\\\wiafbdrv.dll
2008-11-22 11:36:28 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlccpmui.dll
2008-11-22 11:36:27 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlccinsr.dll
2008-11-22 11:36:27 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlccins.dll
2008-11-22 11:36:26 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlccvs.dll
2008-11-22 11:36:26 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlccih.exe
2008-11-22 11:36:26 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlcccfg.exe
2008-11-22 11:36:25 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlccusb1.dll
2008-11-22 11:36:25 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlccpplc.dll
2008-11-22 11:36:25 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlcclmpm.dll
2008-11-22 11:36:25 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlcccomm.dll
2008-11-22 11:36:24 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlccprox.dll
2008-11-22 11:36:24 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlcchbn3.dll
2008-11-22 11:36:24 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlcccoms.exe
2008-11-22 11:36:23 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlccserv.dll
2008-11-22 11:36:23 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlcccomc.dll
2008-11-22 11:36:22 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlccgf.dll
2008-11-22 11:36:22 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlcccur.dll
2008-11-22 11:36:21 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlccutil.dll
2008-11-22 11:36:21 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlcccu.dll
2008-11-22 11:36:18 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlccinsb.dll
2008-11-22 11:36:18 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlcccub.dll
2008-11-22 11:36:17 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlccjswr.dll
2008-11-22 11:36:13 ----A---- C:\\\\WINDOWS\\\\system32\\\\dlcccfg.dll
2008-11-21 16:21:45 ----A---- C:\\\\WINDOWS\\\\system32\\\\deploytk.dll
2008-11-20 13:42:14 ----D---- C:\\\\Documents and Settings\\\\All Users.WINDOWS\\\\Application Data\\\\HipSoft
2008-11-20 13:41:15 ----D---- C:\\\\WINDOWS\\\\Build a lot 3 Passport to Europe
2008-11-20 13:41:15 ----D---- C:\\\\Program Files\\\\Build a lot 3 Passport to Europe
2008-11-20 13:41:09 ----A---- C:\\\\WINDOWS\\\\Build a lot 3 Passport to Europe Setup Log.txt
2008-11-19 17:23:49 ----D---- C:\\\\Documents and Settings\\\\All Users.WINDOWS\\\\Application Data\\\\NOS
2008-11-14 14:55:27 ----D---- C:\\\\Arcade Tribe
2008-11-13 18:35:02 ----A---- C:\\\\WINDOWS\\\\system32\\\\hidserv.dll
2008-11-12 11:16:21 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB957097$
2008-11-12 11:16:10 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB954459$
2008-11-12 11:15:53 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB955069$
2008-11-10 12:57:45 ----D---- C:\\\\Documents and Settings\\\\All Users.WINDOWS\\\\Application Data\\\\Redrum
2008-11-10 10:50:14 ----D---- C:\\\\WINDOWS\\\\Megaplex Madness Now Playing
2008-11-10 10:50:14 ----D---- C:\\\\Program Files\\\\Megaplex Madness Now Playing
2008-11-09 15:00:36 ----D---- C:\\\\My Video
2008-11-09 14:59:58 ----A---- C:\\\\WINDOWS\\\\system32\\\\vorbisenc.dll
2008-11-09 14:59:58 ----A---- C:\\\\WINDOWS\\\\system32\\\\vorbis.dll
2008-11-09 14:59:58 ----A---- C:\\\\WINDOWS\\\\system32\\\\unicows.dll
2008-11-09 14:59:58 ----A---- C:\\\\WINDOWS\\\\system32\\\\tg_dump.dll
2008-11-09 14:59:58 ----A---- C:\\\\WINDOWS\\\\system32\\\\muzwmts.dll
2008-11-09 14:59:58 ----A---- C:\\\\WINDOWS\\\\system32\\\\muzapp.exe
2008-11-09 14:59:58 ----A---- C:\\\\WINDOWS\\\\system32\\\\muzapp.dll
2008-11-09 14:59:58 ----A---- C:\\\\WINDOWS\\\\system32\\\\muzaf1.dll
2008-11-09 14:59:57 ----A---- C:\\\\WINDOWS\\\\system32\\\\OggDS.dll
2008-11-09 14:59:57 ----A---- C:\\\\WINDOWS\\\\system32\\\\Ogg.dll
2008-11-07 11:17:59 ----A---- C:\\\\WINDOWS\\\\Operation Mania Uninstall Log.txt
2008-11-04 10:14:23 ----D---- C:\\\\Program Files\\\\Xvid
2008-11-04 10:14:23 ----A---- C:\\\\WINDOWS\\\\system32\\\\xvidvfw.dll
2008-11-04 10:14:23 ----A---- C:\\\\WINDOWS\\\\system32\\\\xvidcore.dll
2008-11-03 16:14:49 ----D---- C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Application Data\\\\Pogo Games
2008-11-03 16:14:00 ----D---- C:\\\\Program Files\\\\Operation Mania
2008-11-03 16:13:53 ----A---- C:\\\\WINDOWS\\\\Operation Mania Setup Log.txt
2008-10-29 10:11:12 ----D---- C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Application Data\\\\PetShowCraze
2008-10-24 09:10:58 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB958644$
2008-10-21 15:00:36 ----D---- C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Application Data\\\\Mushroom Age
2008-10-19 10:07:48 ----AC---- C:\\\\WINDOWS\\\\isnooker.INI
2008-10-19 09:59:58 ----A---- C:\\\\WINDOWS\\\\system32\\\\D3DX9_37.dll
2008-10-15 17:08:06 ----D---- C:\\\\WINDOWS\\\\system32\\\\en
2008-10-15 17:08:06 ----D---- C:\\\\WINDOWS\\\\system32\\\\bits
2008-10-15 16:53:03 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB956803$
2008-10-15 16:52:51 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB956391$
2008-10-15 16:52:39 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB957095$
2008-10-15 16:51:56 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB954211$
2008-10-15 16:51:33 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB956841$
2008-10-11 12:44:10 ----D---- C:\\\\WINDOWS\\\\Logs
2008-10-11 10:06:19 ----D---- C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Application Data\\\\ChinStore
2008-10-05 14:39:00 ----D---- C:\\\\temp
2008-10-04 09:16:47 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB951978$
2008-10-03 22:22:10 ----D---- C:\\\\WINDOWS\\\\Prefetch
2008-10-03 22:19:55 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB952954$
2008-10-03 22:19:42 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB952287$
2008-10-03 22:19:27 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB951748$
2008-10-03 22:19:13 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB951698$
2008-10-03 22:18:59 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB951376-v2$
2008-10-03 22:18:46 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB951376$
2008-10-03 22:18:32 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB951066$
2008-10-03 22:18:18 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB950974$
2008-10-03 22:18:06 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB950762$
2008-10-03 22:17:51 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB946648$
2008-10-03 22:17:39 ----HDC---- C:\\\\WINDOWS\\\\$NtUninstallKB938464$
2008-10-03 22:13:03 ----D---- C:\\\\WINDOWS\\\\system32\\\\scripting
2008-10-03 22:13:02 ----D---- C:\\\\WINDOWS\\\\l2schemas
2008-10-03 22:09:48 ----D---- C:\\\\WINDOWS\\\\ServicePackFiles
2008-10-03 22:01:51 ----HDC---- C:\\\\WINDOWS\\\\$NtServicePackUninstall$
2008-10-03 21:55:12 ----N---- C:\\\\WINDOWS\\\\system32\\\\wmphoto.dll
2008-10-03 21:55:12 ----N---- C:\\\\WINDOWS\\\\system32\\\\wlanapi.dll
2008-10-03 21:55:11 ----N---- C:\\\\WINDOWS\\\\system32\\\\windowscodecsext.dll
2008-10-03 21:55:11 ----N---- C:\\\\WINDOWS\\\\system32\\\\windowscodecs.dll
2008-10-03 21:55:09 ----N---- C:\\\\WINDOWS\\\\system32\\\\tspkg.dll
2008-10-03 21:55:09 ----N---- C:\\\\WINDOWS\\\\system32\\\\tsgqec.dll
2008-10-03 21:55:07 ----N---- C:\\\\WINDOWS\\\\system32\\\\spupdwxp.exe
2008-10-03 21:55:06 ----A---- C:\\\\WINDOWS\\\\system32\\\\spdwnwxp.exe
2008-10-03 21:55:05 ----N---- C:\\\\WINDOWS\\\\system32\\\\slserv.exe
2008-10-03 21:55:05 ----N---- C:\\\\WINDOWS\\\\system32\\\\slrundll.exe
2008-10-03 21:55:05 ----N---- C:\\\\WINDOWS\\\\system32\\\\slgen.dll
2008-10-03 21:55:05 ----N---- C:\\\\WINDOWS\\\\system32\\\\slextspk.dll
2008-10-03 21:55:05 ----N---- C:\\\\WINDOWS\\\\system32\\\\slcoinst.dll
2008-10-03 21:55:05 ----N---- C:\\\\WINDOWS\\\\system32\\\\setupn.exe
2008-10-03 21:55:05 ----C---- C:\\\\WINDOWS\\\\slrundll.exe
2008-10-03 21:55:04 ----N---- C:\\\\WINDOWS\\\\system32\\\\s3gnb.dll
2008-10-03 21:55:03 ----N---- C:\\\\WINDOWS\\\\system32\\\\rhttpaa.dll
2008-10-03 21:55:03 ----A---- C:\\\\WINDOWS\\\\system32\\\\rasqec.dll
2008-10-03 21:55:03 ----A---- C:\\\\WINDOWS\\\\system32\\\\qutil.dll
2008-10-03 21:55:02 ----N---- C:\\\\WINDOWS\\\\system32\\\\qcliprov.dll
2008-10-03 21:55:02 ----N---- C:\\\\WINDOWS\\\\system32\\\\qagentrt.dll
2008-10-03 21:55:02 ----N---- C:\\\\WINDOWS\\\\system32\\\\qagent.dll
2008-10-03 21:55:02 ----N---- C:\\\\WINDOWS\\\\system32\\\\photometadatahandler.dll
2008-10-03 21:55:01 ----A---- C:\\\\WINDOWS\\\\system32\\\\onex.dll
2008-10-03 21:55:00 ----N---- C:\\\\WINDOWS\\\\system32\\\\nv4_disp.dll
2008-10-03 21:54:59 ----N---- C:\\\\WINDOWS\\\\system32\\\\napstat.exe
2008-10-03 21:54:59 ----N---- C:\\\\WINDOWS\\\\system32\\\\napmontr.dll
2008-10-03 21:54:59 ----N---- C:\\\\WINDOWS\\\\system32\\\\napipsec.dll
2008-10-03 21:54:58 ----N---- C:\\\\WINDOWS\\\\system32\\\\mtxparhd.dll
2008-10-03 21:54:58 ----N---- C:\\\\WINDOWS\\\\system32\\\\msshavmsg.dll
2008-10-03 21:54:58 ----N---- C:\\\\WINDOWS\\\\system32\\\\mssha.dll
2008-10-03 21:54:53 ----N---- C:\\\\WINDOWS\\\\system32\\\\mmcperf.exe
2008-10-03 21:54:53 ----N---- C:\\\\WINDOWS\\\\system32\\\\mmcfxcommon.dll
2008-10-03 21:54:53 ----N---- C:\\\\WINDOWS\\\\system32\\\\mmcex.dll
2008-10-03 21:54:53 ----N---- C:\\\\WINDOWS\\\\system32\\\\microsoft.managementconsole.dll
2008-10-03 21:54:53 ----N---- C:\\\\WINDOWS\\\\system32\\\\mdmxsdk.dll
2008-10-03 21:54:49 ----N---- C:\\\\WINDOWS\\\\system32\\\\l2gpstore.dll
2008-10-03 21:54:49 ----N---- C:\\\\WINDOWS\\\\system32\\\\kmsvc.dll
2008-10-03 21:54:49 ----N---- C:\\\\WINDOWS\\\\system32\\\\kbdpash.dll
2008-10-03 21:54:49 ----N---- C:\\\\WINDOWS\\\\system32\\\\kbdnepr.dll
2008-10-03 21:54:49 ----N---- C:\\\\WINDOWS\\\\system32\\\\kbdiultn.dll
2008-10-03 21:54:49 ----N---- C:\\\\WINDOWS\\\\system32\\\\kbdbhc.dll
2008-10-03 21:54:45 ----N---- C:\\\\WINDOWS\\\\system32\\\\smtpapi.dll
2008-10-03 21:54:45 ----N---- C:\\\\WINDOWS\\\\system32\\\\rwnh.dll
2008-10-03 21:54:44 ----N---- C:\\\\WINDOWS\\\\system32\\\\comsdupd.exe
2008-10-03 21:54:42 ----N---- C:\\\\WINDOWS\\\\system32\\\\hsfcisp2.dll
2008-10-03 21:54:41 ----N---- C:\\\\WINDOWS\\\\system32\\\\faxpatch.exe
2008-10-03 21:54:41 ----AC---- C:\\\\WINDOWS\\\\003150_.tmp
2008-10-03 21:54:40 ----N---- C:\\\\WINDOWS\\\\system32\\\\eapsvc.dll
2008-10-03 21:54:40 ----N---- C:\\\\WINDOWS\\\\system32\\\\eapqec.dll
2008-10-03 21:54:40 ----N---- C:\\\\WINDOWS\\\\system32\\\\eapphost.dll
2008-10-03 21:54:40 ----N---- C:\\\\WINDOWS\\\\system32\\\\eappgnui.dll
2008-10-03 21:54:40 ----N---- C:\\\\WINDOWS\\\\system32\\\\eapp3hst.dll
2008-10-03 21:54:40 ----A---- C:\\\\WINDOWS\\\\system32\\\\eappprxy.dll
2008-10-03 21:54:40 ----A---- C:\\\\WINDOWS\\\\system32\\\\eappcfg.dll
2008-10-03 21:54:40 ----A---- C:\\\\WINDOWS\\\\system32\\\\eapolqec.dll
2008-10-03 21:54:39 ----N---- C:\\\\WINDOWS\\\\system32\\\\dot3ui.dll
2008-10-03 21:54:39 ----N---- C:\\\\WINDOWS\\\\system32\\\\dot3svc.dll
2008-10-03 21:54:39 ----N---- C:\\\\WINDOWS\\\\system32\\\\dot3msm.dll
2008-10-03 21:54:39 ----N---- C:\\\\WINDOWS\\\\system32\\\\dot3gpclnt.dll
2008-10-03 21:54:39 ----N---- C:\\\\WINDOWS\\\\system32\\\\dot3cfg.dll
2008-10-03 21:54:39 ----A---- C:\\\\WINDOWS\\\\system32\\\\dot3dlg.dll
2008-10-03 21:54:39 ----A---- C:\\\\WINDOWS\\\\system32\\\\dot3api.dll
2008-10-03 21:54:38 ----N---- C:\\\\WINDOWS\\\\system32\\\\dimsroam.dll
2008-10-03 21:54:38 ----N---- C:\\\\WINDOWS\\\\system32\\\\dhcpqec.dll
2008-10-03 21:54:38 ----A---- C:\\\\WINDOWS\\\\system32\\\\dimsntfy.dll
2008-10-03 21:54:36 ----N---- C:\\\\WINDOWS\\\\system32\\\\credssp.dll
2008-10-03 21:54:34 ----N---- C:\\\\WINDOWS\\\\system32\\\\bitsprx4.dll
2008-10-03 21:54:34 ----N---- C:\\\\WINDOWS\\\\system32\\\\azroles.dll
2008-10-03 21:54:34 ----N---- C:\\\\WINDOWS\\\\system32\\\\ativvaxx.dll
2008-10-03 21:54:34 ----N---- C:\\\\WINDOWS\\\\system32\\\\ativtmxx.dll
2008-10-03 21:54:33 ----N---- C:\\\\WINDOWS\\\\system32\\\\ati3duag.dll
2008-10-03 21:54:33 ----N---- C:\\\\WINDOWS\\\\system32\\\\ati3d1ag.dll
2008-10-03 21:54:33 ----N---- C:\\\\WINDOWS\\\\system32\\\\ati2dvag.dll
2008-10-03 21:54:33 ----N---- C:\\\\WINDOWS\\\\system32\\\\ati2dvaa.dll
2008-10-03 21:54:33 ----N---- C:\\\\WINDOWS\\\\system32\\\\ati2cqag.dll
2008-10-03 21:54:31 ----N---- C:\\\\WINDOWS\\\\system32\\\\aaclient.dll
2008-09-30 16:43:34 ----A---- C:\\\\WINDOWS\\\\system32\\\\msxml4.dll
2008-09-28 10:21:57 ----A---- C:\\\\WINDOWS\\\\system32\\\\dzip32.dll
2008-09-28 10:21:57 ----A---- C:\\\\WINDOWS\\\\system32\\\\dunzip32.dll
2008-09-28 10:21:44 ----D---- C:\\\\Program Files\\\\Windows Media Bonus Pack for Windows XP
2008-09-21 19:17:36 ----D---- C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Application Data\\\\EleFun Games
2008-09-21 19:16:15 ----AC---- C:\\\\WINDOWS\\\\SKIP BO Castaway Caper Uninstall Log.txt
2008-09-21 19:03:43 ----D---- C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Application Data\\\\Skip-Bo
2008-09-21 19:03:21 ----D---- C:\\\\WINDOWS\\\\SKIP BO Castaway Caper
2008-09-21 19:02:42 ----AC---- C:\\\\WINDOWS\\\\SKIP BO Castaway Caper Setup Log.txt

======List of files/folders modified in the last 3 months======

2008-12-15 21:39:55 ----D---- C:\\\\WINDOWS\\\\temp
2008-12-15 21:38:24 ----D---- C:\\\\WINDOWS\\\\Registration
2008-12-15 21:38:22 ----D---- C:\\\\WINDOWS
2008-12-15 21:15:55 ----A---- C:\\\\WINDOWS\\\\SchedLgU.Txt
2008-12-15 21:15:46 ----A---- C:\\\\WINDOWS\\\\bdagent.INI
2008-12-15 20:39:00 ----RD---- C:\\\\Program Files
2008-12-15 20:36:57 ----SHD---- C:\\\\System Volume Information
2008-12-15 19:40:36 ----D---- C:\\\\WINDOWS\\\\system32\\\\drivers
2008-12-15 18:08:01 ----HD---- C:\\\\WINDOWS\\\\inf
2008-12-15 18:05:11 ----SD---- C:\\\\WINDOWS\\\\Downloaded Program Files
2008-12-15 18:05:09 ----D---- C:\\\\WINDOWS\\\\system32\\\\CatRoot2
2008-12-15 16:56:06 ----SHD---- C:\\\\WINDOWS\\\\Installer
2008-12-15 16:56:06 ----D---- C:\\\\Config.Msi
2008-12-15 16:55:50 ----D---- C:\\\\Documents and Settings
2008-12-15 16:25:56 ----D---- C:\\\\Program Files\\\\Common Files\\\\Services
2008-12-15 09:45:03 ----SHD---- C:\\\\RECYCLER
2008-12-15 09:43:33 ----AD---- C:\\\\Documents and Settings\\\\All Users.WINDOWS\\\\Application Data\\\\TEMP
2008-12-15 09:37:17 ----D---- C:\\\\WINDOWS\\\\network diagnostic
2008-12-15 08:57:06 ----D---- C:\\\\WINDOWS\\\\system32
2008-12-14 22:34:22 ----A---- C:\\\\WINDOWS\\\\system32\\\\PerfStringBackup.INI
2008-12-14 20:29:52 ----A---- C:\\\\WINDOWS\\\\NeroDigital.ini
2008-12-14 20:24:54 ----RSHDC---- C:\\\\WINDOWS\\\\system32\\\\dllcache
2008-12-14 16:23:38 ----D---- C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Application Data\\\\Google
2008-12-14 11:48:14 ----D---- C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Application Data\\\\uTorrent
2008-12-10 20:29:47 ----A---- C:\\\\WINDOWS\\\\imsins.BAK
2008-12-10 20:29:34 ----D---- C:\\\\Program Files\\\\Internet Explorer
2008-12-10 20:29:24 ----D---- C:\\\\WINDOWS\\\\ie7updates
2008-12-10 20:29:19 ----HD---- C:\\\\WINDOWS\\\\$hf_mig$
2008-12-09 14:42:36 ----D---- C:\\\\Program Files\\\\PartyGaming
2008-12-03 16:09:43 ----D---- C:\\\\Program Files\\\\Java
2008-11-29 22:47:21 ----D---- C:\\\\WINDOWS\\\\system32\\\\config
2008-11-29 22:47:09 ----D---- C:\\\\WINDOWS\\\\system32\\\\wbem
2008-11-29 22:46:54 ----D---- C:\\\\Program Files\\\\DivX
2008-11-24 09:19:59 ----D---- C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Application Data\\\\Gamelab
2008-11-22 11:37:06 ----D---- C:\\\\WINDOWS\\\\twain_32
2008-11-15 19:05:24 ----D---- C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Application Data\\\\LimeWire
2008-11-15 08:03:46 ----D---- C:\\\\WINDOWS\\\\Help
2008-11-12 11:15:28 ----D---- C:\\\\WINDOWS\\\\WinSxS
2008-11-10 10:59:27 ----D---- C:\\\\Documents and Settings\\\\All Users.WINDOWS\\\\Application Data\\\\Fugazo
2008-11-09 14:59:56 ----HD---- C:\\\\Program Files\\\\InstallShield Installation Information
2008-10-30 16:45:27 ----D---- C:\\\\WINDOWS\\\\system32\\\\Macromed
2008-10-30 13:03:32 ----D---- C:\\\\Documents and Settings\\\\All Users.WINDOWS\\\\Application Data\\\\DVD Shrink
2008-10-23 12:36:14 ----A---- C:\\\\WINDOWS\\\\system32\\\\gdi32.dll
2008-10-23 10:06:59 ----A---- C:\\\\WINDOWS\\\\system32\\\\tzchange.exe
2008-10-19 10:00:01 ----D---- C:\\\\WINDOWS\\\\system32\\\\DirectX
2008-10-18 14:23:38 ----D---- C:\\\\Documents and Settings\\\\All Users.WINDOWS\\\\Application Data\\\\PlayFirst
2008-10-17 02:08:40 ----A---- C:\\\\WINDOWS\\\\system32\\\\mshtml.dll
2008-10-16 20:38:40 ----A---- C:\\\\WINDOWS\\\\system32\\\\wininet.dll
2008-10-16 20:38:39 ----N---- C:\\\\WINDOWS\\\\system32\\\\occache.dll
2008-10-16 20:38:39 ----N---- C:\\\\WINDOWS\\\\system32\\\\mstime.dll
2008-10-16 20:38:39 ----A---- C:\\\\WINDOWS\\\\system32\\\\webcheck.dll
2008-10-16 20:38:39 ----A---- C:\\\\WINDOWS\\\\system32\\\\urlmon.dll
2008-10-16 20:38:39 ----A---- C:\\\\WINDOWS\\\\system32\\\\url.dll
2008-10-16 20:38:39 ----A---- C:\\\\WINDOWS\\\\system32\\\\pngfilt.dll
2008-10-16 20:38:38 ----N---- C:\\\\WINDOWS\\\\system32\\\\msrating.dll
2008-10-16 20:38:38 ----A---- C:\\\\WINDOWS\\\\system32\\\\mshtmled.dll
2008-10-16 20:38:37 ----N---- C:\\\\WINDOWS\\\\system32\\\\jsproxy.dll
2008-10-16 20:38:37 ----N---- C:\\\\WINDOWS\\\\system32\\\\iernonce.dll
2008-10-16 20:38:37 ----A---- C:\\\\WINDOWS\\\\system32\\\\msfeedsbs.dll
2008-10-16 20:38:37 ----A---- C:\\\\WINDOWS\\\\system32\\\\msfeeds.dll
2008-10-16 20:38:37 ----A---- C:\\\\WINDOWS\\\\system32\\\\iertutil.dll
2008-10-16 20:38:37 ----A---- C:\\\\WINDOWS\\\\system32\\\\ieframe.dll
2008-10-16 20:38:35 ----N---- C:\\\\WINDOWS\\\\system32\\\\iedkcs32.dll
2008-10-16 20:38:35 ----N---- C:\\\\WINDOWS\\\\system32\\\\ieaksie.dll
2008-10-16 20:38:35 ----N---- C:\\\\WINDOWS\\\\system32\\\\ieakeng.dll
2008-10-16 20:38:35 ----N---- C:\\\\WINDOWS\\\\system32\\\\extmgr.dll
2008-10-16 20:38:35 ----A---- C:\\\\WINDOWS\\\\system32\\\\ieapfltr.dll
2008-10-16 20:38:35 ----A---- C:\\\\WINDOWS\\\\system32\\\\icardie.dll
2008-10-16 20:38:34 ----A---- C:\\\\WINDOWS\\\\system32\\\\dxtrans.dll
2008-10-16 20:38:34 ----A---- C:\\\\WINDOWS\\\\system32\\\\dxtmsft.dll
2008-10-16 20:38:34 ----A---- C:\\\\WINDOWS\\\\system32\\\\advpack.dll
2008-10-16 14:13:40 ----A---- C:\\\\WINDOWS\\\\system32\\\\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\\\\WINDOWS\\\\system32\\\\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\\\\WINDOWS\\\\system32\\\\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\\\\WINDOWS\\\\system32\\\\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\\\\WINDOWS\\\\system32\\\\wups2.dll
2008-10-16 14:09:44 ----A---- C:\\\\WINDOWS\\\\system32\\\\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\\\\WINDOWS\\\\system32\\\\cdm.dll
2008-10-16 14:09:40 ----A---- C:\\\\WINDOWS\\\\system32\\\\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\\\\WINDOWS\\\\system32\\\\wups.dll
2008-10-16 14:07:44 ----A---- C:\\\\WINDOWS\\\\system32\\\\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\\\\WINDOWS\\\\system32\\\\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\\\\WINDOWS\\\\system32\\\\muweb.dll
2008-10-16 14:06:48 ----A---- C:\\\\WINDOWS\\\\system32\\\\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\\\\WINDOWS\\\\system32\\\\mucltui.dll
2008-10-16 13:11:09 ----N---- C:\\\\WINDOWS\\\\system32\\\\ie4uinit.exe
2008-10-16 13:11:09 ----A---- C:\\\\WINDOWS\\\\system32\\\\ieudinit.exe
2008-10-15 17:13:05 ----D---- C:\\\\WINDOWS\\\\system32\\\\CatRoot
2008-10-15 17:10:34 ----RSD---- C:\\\\WINDOWS\\\\Fonts
2008-10-15 17:10:34 ----D---- C:\\\\WINDOWS\\\\AppPatch
2008-10-15 17:09:01 ----D---- C:\\\\WINDOWS\\\\system32\\\\Setup
2008-10-15 17:08:44 ----D---- C:\\\\Program Files\\\\Messenger
2008-10-15 17:08:14 ----D---- C:\\\\WINDOWS\\\\system32\\\\inetsrv
2008-10-15 17:08:14 ----D---- C:\\\\WINDOWS\\\\ime
2008-10-15 17:08:06 ----D---- C:\\\\WINDOWS\\\\system32\\\\usmt
2008-10-15 17:08:05 ----D---- C:\\\\WINDOWS\\\\PeerNet
2008-10-15 17:08:05 ----D---- C:\\\\Program Files\\\\Movie Maker
2008-10-15 17:06:32 ----D---- C:\\\\WINDOWS\\\\system32\\\\Restore
2008-10-15 17:06:32 ----D---- C:\\\\WINDOWS\\\\system32\\\\npp
2008-10-15 17:06:32 ----D---- C:\\\\WINDOWS\\\\mui
2008-10-15 17:06:31 ----D---- C:\\\\WINDOWS\\\\srchasst
2008-10-15 17:06:31 ----D---- C:\\\\WINDOWS\\\\msagent
2008-10-15 17:06:28 ----D---- C:\\\\Program Files\\\\NetMeeting
2008-10-15 17:06:27 ----D---- C:\\\\WINDOWS\\\\system32\\\\Com
2008-10-15 17:06:26 ----D---- C:\\\\Program Files\\\\Windows NT
2008-10-15 17:06:26 ----D---- C:\\\\Program Files\\\\Outlook Express
2008-10-15 17:06:25 ----D---- C:\\\\Program Files\\\\Common Files\\\\System
2008-10-15 17:06:18 ----D---- C:\\\\WINDOWS\\\\system32\\\\oobe
2008-10-15 17:06:17 ----D---- C:\\\\WINDOWS\\\\system
2008-10-15 17:05:05 ----D---- C:\\\\WINDOWS\\\\system32\\\\ReinstallBackups
2008-10-15 17:05:05 ----D---- C:\\\\WINDOWS\\\\ehome
2008-10-15 16:34:24 ----A---- C:\\\\WINDOWS\\\\system32\\\\netapi32.dll
2008-10-15 07:04:53 ----N---- C:\\\\WINDOWS\\\\system32\\\\ieakui.dll
2008-10-11 12:43:32 ----D---- C:\\\\games
2008-10-11 10:08:17 ----SD---- C:\\\\WINDOWS\\\\Tasks
2008-10-06 10:22:54 ----D---- C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Application Data\\\\PlayFirst
2008-10-04 17:42:06 ----D---- C:\\\\WINDOWS\\\\security
2008-10-04 15:21:02 ----D---- C:\\\\Program Files\\\\Windows Media Player
2008-10-04 11:26:18 ----AC---- C:\\\\WINDOWS\\\\OEWABLog.txt
2008-10-03 22:22:12 ----AC---- C:\\\\WINDOWS\\\\setuplog.txt
2008-10-03 22:16:07 ----RSD---- C:\\\\WINDOWS\\\\assembly
2008-10-03 22:13:04 ----D---- C:\\\\WINDOWS\\\\system32\\\\en-US
2008-10-03 21:36:09 ----D---- C:\\\\WINDOWS\\\\Debug
2008-10-03 10:02:42 ----A---- C:\\\\WINDOWS\\\\system32\\\\strmdll.dll
2008-09-21 19:49:51 ----D---- C:\\\\Documents and Settings\\\\All Users.WINDOWS\\\\Application Data\\\\Sandlot Games
2008-09-21 19:25:04 ----D---- C:\\\\Documents and Settings\\\\JACQUIE.HOPELESS\\\\Application Data\\\\ITTNord

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \\\\??\\\\C:\\\\Program Files\\\\Common Files\\\\BitDefender\\\\BitDefender Firewall\\\\bdftdif.sys []
R1 intelppm;Intel Processor Driver; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\kbdhid.sys [2008-04-13 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\\\\WINDOWS\\\\System32\\\\drivers\\\\ws2ifsl.sys [2004-08-10 12032]
R2 irda;IrDA Protocol; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\irda.sys [2008-04-13 88192]
R2 usbhub;Ph USB Standard Hub Driver; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\usbhub.sys [2008-04-13 59520]
R3 BDSelfPr;BDSelfPr; \\\\??\\\\C:\\\\Program Files\\\\BitDefender\\\\BitDefender 2008\\\\bdselfpr.sys []
R3 camvid40;Philips SPC 900NC PC Camera; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\camdrv41.sys [2005-08-25 1240576]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\igxpmp32.sys [2007-01-13 5672032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\\\\WINDOWS\\\\system32\\\\drivers\\\\RtkHDAud.sys [2006-09-12 4381184]
R3 mouhid;Mouse HID Driver; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\mouhid.sys [2004-08-10 12160]
R3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\NetMotCM.sys [2004-02-09 15360]
R3 Rasirda;WAN Miniport (IrDA); C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\rasirda.sys [2001-08-17 19584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\Rtenicxp.sys [2006-08-14 83200]
R3 usbaudio;Philips USB Microphone; C:\\\\WINDOWS\\\\system32\\\\drivers\\\\usbaudio.sys [2008-04-13 60032]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\usbehci.sys [2008-04-13 30208]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\usbuhci.sys [2008-04-13 20608]
S1 InCDPass;InCDPass; C:\\\\WINDOWS\\\\system32\\\\drivers\\\\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\\\\WINDOWS\\\\system32\\\\drivers\\\\InCDRm.sys []
S3 bdfsfltr;bdfsfltr; C:\\\\WINDOWS\\\\system32\\\\drivers\\\\bdfsfltr.sys [2008-01-07 196368]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\btkrnl.sys []
S3 catchme;catchme; \\\\??\\\\C:\\\\DOCUME~1\\\\JACQUI~1.HOP\\\\LOCALS~1\\\\Temp\\\\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\CCDECODE.sys [2008-04-13 17024]
S3 HidIr;Microsoft Infrared HID Driver; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\hidir.sys [2008-04-13 19200]
S3 IKFileSec;File Security Driver; C:\\\\WINDOWS\\\\system32\\\\drivers\\\\ikfilesec.sys [2008-08-25 40840]
S3 IKSysFlt;System Filter Driver; C:\\\\WINDOWS\\\\system32\\\\drivers\\\\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\\\\WINDOWS\\\\system32\\\\drivers\\\\iksyssec.sys [2008-08-25 81288]
S3 IrBus;Infrared bus filter driver for eHome remote controls; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\IrBus.sys [2008-04-13 46592]
S3 irsir;Microsoft Serial Infrared Driver; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\irsir.sys [2001-08-17 18688]
S3 MHNDRV;MHN driver; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\\\\WINDOWS\\\\system32\\\\drivers\\\\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\NdisIP.sys [2008-04-13 10880]
S3 Profos;Profos; \\\\??\\\\C:\\\\Program Files\\\\Common Files\\\\BitDefender\\\\BitDefender Threat Scanner\\\\profos.sys []
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\SE27bus.sys [2006-05-15 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\SE27mdfl.sys [2006-09-18 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\SE27mdm.sys [2006-09-18 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\SE27mgmt.sys [2006-09-18 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\se27nd5.sys [2006-09-18 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\SE27obex.sys [2006-09-18 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\se27unic.sys [2006-09-18 90800]
S3 SLIP;BDA Slip De-Framer; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\StreamIP.sys [2008-04-13 15232]
S3 Trufos;Trufos; \\\\??\\\\C:\\\\Program Files\\\\Common Files\\\\BitDefender\\\\BitDefender Threat Scanner\\\\trufos.sys []
S3 upperdev;upperdev; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\usbser_lowerflt.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\usbscan.sys [2008-04-13 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\usbsermpt.sys [2008-05-17 22768]
S3 USBSTOR;USB Mass Storage Driver; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\USBSTOR.SYS [2008-04-13 26368]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\w200obex.sys [2006-11-07 86368]
S3 Wdf01000;Wdf01000; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\\\\WINDOWS\\\\System32\\\\Drivers\\\\wpdusb.sys [2004-08-10 16896]
S3 WSTCODEC;World Standard Teletext Codec; C:\\\\WINDOWS\\\\system32\\\\DRIVERS\\\\WSTCODEC.SYS [2008-04-13 19200]
S4 InCDFs;InCD File System; C:\\\\WINDOWS\\\\system32\\\\drivers\\\\InCDFs.sys []
S4 IntelIde;IntelIde; C:\\\\WINDOWS\\\\system32\\\\drivers\\\\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\\\\Program Files\\\\Lavasoft\\\\Ad-Aware 2007\\\\aawservice.exe [2008-03-19 607576]
R2 ehRecvr;Media Center Receiver Service; C:\\\\WINDOWS\\\\eHome\\\\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center Scheduler Service; C:\\\\WINDOWS\\\\eHome\\\\ehSched.exe [2004-08-10 102912]
R2 Irmon;Infrared Monitor; C:\\\\WINDOWS\\\\system32\\\\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\\\\Program Files\\\\Java\\\\jre6\\\\bin\\\\jqs.exe [2008-11-10 152984]
R2 LIVESRV;BitDefender Desktop Update Service; C:\\\\Program Files\\\\Common Files\\\\BitDefender\\\\BitDefender Update Service\\\\livesrv.exe [2008-12-05 1179648]
R2 UMWdf;Windows User Mode Driver Framework; C:\\\\WINDOWS\\\\system32\\\\wdfmgr.exe [2004-08-10 38912]
R2 XCOMM;BitDefender Communicator; C:\\\\Program Files\\\\Common Files\\\\BitDefender\\\\BitDefender Communicator\\\\xcommsvr.exe [2007-11-27 86016]
R3 scan;BitDefender Threat Scanner; C:\\\\WINDOWS\\\\System32\\\\svchost.exe [2008-04-14 14336]
S2 LBTServ;Logitech Bluetooth Service; C:\\\\Program Files\\\\Common Files\\\\Logitech\\\\Bluetooth\\\\LBTSERV.EXE []
S2 VSSERV;BitDefender Virus Shield; C:\\\\Program Files\\\\BitDefender\\\\BitDefender 2008\\\\vsserv.exe [2008-09-15 1261568]
S3 aspnet_state;ASP.NET State Service; C:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\\\\Program Files\\\\Google\\\\Common\\\\Google Updater\\\\GoogleUpdaterService.exe [2008-04-22 138168]
S3 IDriverT;InstallDriver Table Manager; C:\\\\Program Files\\\\Common Files\\\\InstallShield\\\\Driver\\\\1150\\\\Intel 32\\\\IDriverT.exe [2005-11-14 69632]
S3 MHN;MHN; C:\\\\WINDOWS\\\\System32\\\\svchost.exe [2008-04-14 14336]
S3 sdAuxService;PC Tools Auxiliary Service; C:\\\\Program Files\\\\Spyware Doctor\\\\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\\\\Program Files\\\\Spyware Doctor\\\\pctsSvc.exe [2008-10-09 1079176]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\\\\WINDOWS\\\\System32\\\\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\\\\Program Files\\\\Windows Live\\\\installer\\\\WLSetupSvc.exe [2007-10-25 266240]
S4 dlcc_device;dlcc_device; C:\\\\WINDOWS\\\\system32\\\\dlcccoms.exe [2005-06-21 491520]
S4 getPlus(R) Helper;getPlus(R) Helper; C:\\\\Program Files\\\\NOS\\\\bin\\\\getPlus_HelperSvc.exe []
S4 ServiceLayer;ServiceLayer; C:\\\\Program Files\\\\PC Connectivity Solution\\\\ServiceLayer.exe [2008-04-07 430592]

-----------------EOF-----------------

coopsey · 2008/12/15

info.txt logfile of random\\\'s system information tool 1.04 2008-12-15 21:44:45

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\\\\WINDOWS\\\\INF\\\\PCHealth.inf
3D Live Pool v2.69-->\\\ "c:\\\\3D Live Pool\\\\unins000.exe\\\ "
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\\\\WINDOWS\\\\system32\\\\Macromed\\\\Flash\\\\uninstall_activeX.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\\\\WINDOWS\\\\system32\\\\Adobe\\\\SHOCKW~1\\\\UNWISE.EXE C:\\\\WINDOWS\\\\system32\\\\Adobe\\\\SHOCKW~1\\\\Install.log
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Arcade Tribe v1.38-->\\\ "c:\\\\Arcade Tribe\\\\unins000.exe\\\ "
Big Fish Games Client-->C:\\\\Program Files\\\\bfgclient\\\\Uninstall.exe
BitDefender Antivirus 2008-->MsiExec.exe /I{C6E8173D-40EE-4998-B659-CA19F1F278BA}
Build a lot 3 Passport to Europe-->\\\ "C:\\\\WINDOWS\\\\Build a lot 3 Passport to Europe\\\\uninstall.exe\\\" \\\ "/U:C:\\\\Program Files\\\\Build a lot 3 Passport to Europe\\\\Uninstall\\\\uninstall.xml\\\ "
Disney\\\'s Toontown Online-->C:\\\\PROGRA~1\\\\Disney\\\\DISNEY~1\\\\Toontown\\\\UNWISE.EXE /A C:\\\\PROGRA~1\\\\Disney\\\\DISNEY~1\\\\Toontown\\\\INSTALL.LOG
DVD Decrypter (Remove Only)-->\\\ "C:\\\\Program Files\\\\DVD Decrypter\\\\uninstall.exe\\\ "
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Grand Chase-->C:\\\\Ntreev\\\\Grand Chase\\\\uninst.exe
High Definition Audio Driver Package - KB888111-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB888111WXPSP2$\\\\spuninst\\\\spuninst.exe\\\ "
HijackThis 2.0.2-->\\\ "C:\\\\Program Files\\\\Trend Micro\\\\HijackThis\\\\HijackThis.exe\\\" /uninstall
Home Sweet Home Christmas Edition-->\\\ "C:\\\\WINDOWS\\\\Home Sweet Home Christmas Edition\\\\uninstall.exe\\\" \\\ "/U:C:\\\\Program Files\\\\Home Sweet Home Christmas Edition\\\\Uninstall\\\\uninstall.xml\\\ "
Hotfix for Windows Internet Explorer 7 (KB947864)-->\\\ "C:\\\\WINDOWS\\\\ie7updates\\\\KB947864-IE7\\\\spuninst\\\\spuninst.exe\\\ "
Hotfix for Windows XP (KB952287)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB952287$\\\\spuninst\\\\spuninst.exe\\\ "
Intel(R) Graphics Media Accelerator Driver-->C:\\\\WINDOWS\\\\system32\\\\igxpun.exe -uninstall
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Online Scanner-->C:\\\\WINDOWS\\\\system32\\\\Kaspersky Lab\\\\Kaspersky Online Scanner\\\\kavuninstall.exe
Lame ACM MP3 Codec-->\\\ "C:\\\\WINDOWS\\\\IFinst26.exe\\\" -UC:\\\\Program Files\\\\Lame MP3 Codec\\\\IFU3E.inf
Malwarebytes\\\' Anti-Malware-->\\\ "C:\\\\Program Files\\\\Malwarebytes\\\' Anti-Malware\\\\unins000.exe\\\ "
Media Library Management Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\\\\WINDOWS\\\\INF\\\\mplibwiz.inf,DefaultUninstall
Megaplex Madness Now Playing-->\\\ "C:\\\\WINDOWS\\\\Megaplex Madness Now Playing\\\\uninstall.exe\\\" \\\ "/U:C:\\\\Program Files\\\\Megaplex Madness Now Playing\\\\Uninstall\\\\uninstall.xml\\\ "
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->\\\ "C:\\\\WINDOWS\\\\$NtServicePackUninstallIDNMitigationAPIs$\\\\spuninst\\\\spuninst.exe\\\ "
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallWdf01005$\\\\spuninst\\\\spuninst.exe\\\ "
Microsoft National Language Support Downlevel APIs-->\\\ "C:\\\\WINDOWS\\\\$NtServicePackUninstallNLSDownlevelMapping$\\\\spuninst\\\\spuninst.exe\\\ "
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Nero Mega Plugin Pack-->MsiExec.exe /I{EF901A4B-A25A-4962-83C6-C6691D062ED9}
NeroMIX-->C:\\\\WINDOWS\\\\UNNMIX.exe /UNINSTALL
Paranormal Agency-->\\\ "C:\\\\WINDOWS\\\\Paranormal Agency\\\\uninstall.exe\\\" \\\ "/U:C:\\\\Program Files\\\\Paranormal Agency\\\\Uninstall\\\\uninstall.xml\\\ "
PartyPoker-->\\\ "C:\\\\Program Files\\\\PartyGaming\\\\PartyPoker\\\\Uninstall.exe\\\" \\\ "C:\\\\Program Files\\\\PartyGaming\\\\PartyPoker\\\\install.log\\\ "
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
Personal License Update Wizard for Windows Media Player-->RunDll32 advpack.dll,LaunchINFSection C:\\\\WINDOWS\\\\INF\\\\drmtool.inf,DefaultUninstall
Philips SPC 900NC PC Camera-->RunDll32 C:\\\\PROGRA~1\\\\COMMON~1\\\\INSTAL~1\\\\engine\\\\6\\\\INTEL3~1\\\\Ctor.dll,LaunchSetup \\\ "C:\\\\Program Files\\\\InstallShield Installation Information\\\\{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}\\\\setup.exe\\\" -l0x9
Philips VLounge-->RunDll32 C:\\\\PROGRA~1\\\\COMMON~1\\\\INSTAL~1\\\\engine\\\\6\\\\INTEL3~1\\\\Ctor.dll,LaunchSetup \\\ "C:\\\\Program Files\\\\InstallShield Installation Information\\\\{89ACA875-BDB9-443C-B7C7-D74D3BDE8FE2}\\\\Setup.exe\\\" -l0x9
Plus! MP3 Audio Converter LE-->RunDll32 advpack.dll,LaunchINFSection C:\\\\WINDOWS\\\\INF\\\\audcle.inf,DefaultUninstall
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->RunDll32 C:\\\\PROGRA~1\\\\COMMON~1\\\\INSTAL~1\\\\PROFES~1\\\\RunTime\\\\11\\\\00\\\\Intel32\\\\Ctor.dll,LaunchSetup \\\ "C:\\\\Program Files\\\\InstallShield Installation Information\\\\{C9BED750-1211-4480-B1A5-718A3BE15525}\\\\Setup.exe\\\" -l0x9 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Samsung Media Studio-->C:\\\\Program Files\\\\InstallShield Installation Information\\\\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\\\\Setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for Windows Internet Explorer 7 (KB938127)-->\\\ "C:\\\\WINDOWS\\\\ie7updates\\\\KB938127-IE7\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows Internet Explorer 7 (KB942615)-->\\\ "C:\\\\WINDOWS\\\\ie7updates\\\\KB942615-IE7\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows Internet Explorer 7 (KB944533)-->\\\ "C:\\\\WINDOWS\\\\ie7updates\\\\KB944533-IE7\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows Internet Explorer 7 (KB950759)-->\\\ "C:\\\\WINDOWS\\\\ie7updates\\\\KB950759-IE7\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows Internet Explorer 7 (KB953838)-->\\\ "C:\\\\WINDOWS\\\\ie7updates\\\\KB953838-IE7\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows Internet Explorer 7 (KB956390)-->\\\ "C:\\\\WINDOWS\\\\ie7updates\\\\KB956390-IE7\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows Internet Explorer 7 (KB958215)-->\\\ "C:\\\\WINDOWS\\\\ie7updates\\\\KB958215-IE7\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows Media Player (KB952069)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB952069_WM9$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows Media Player 10 (KB936782)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB936782_WMP10$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB923789)-->C:\\\\WINDOWS\\\\system32\\\\MacroMed\\\\Flash\\\\genuinst.exe C:\\\\WINDOWS\\\\system32\\\\MacroMed\\\\Flash\\\\KB923789.inf
Security Update for Windows XP (KB938464)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB938464$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB941569)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB941569$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB946648)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB946648$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB950760)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB950760$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB950762)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB950762$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB950974)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB950974$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB951066)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB951066$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB951376)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB951376$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB951376-v2)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB951376-v2$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB951698)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB951698$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB951748)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB951748$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB952954)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB952954$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB953839)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB953839$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB954211)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB954211$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB954459)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB954459$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB954600)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB954600$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB955069)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB955069$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB956391)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB956391$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB956802)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB956802$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB956803)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB956803$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB956841)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB956841$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB957095)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB957095$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB957097)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB957097$\\\\spuninst\\\\spuninst.exe\\\ "
Security Update for Windows XP (KB958644)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB958644$\\\\spuninst\\\\spuninst.exe\\\ "
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SopCast 3.0.1-->C:\\\\Program Files\\\\SopCast\\\\uninst.exe
Spyware Doctor 6.0-->C:\\\\Program Files\\\\Spyware Doctor\\\\unins000.exe /LOG
Update for Windows XP (KB951072-v2)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB951072-v2$\\\\spuninst\\\\spuninst.exe\\\ "
Update for Windows XP (KB951978)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB951978$\\\\spuninst\\\\spuninst.exe\\\ "
Update for Windows XP (KB955839)-->\\\ "C:\\\\WINDOWS\\\\$NtUninstallKB955839$\\\\spuninst\\\\spuninst.exe\\\ "
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->RunDll32.exe \\\ "C:\\\\Program Files\\\\Windows Live Safety Center\\\\wlscCore.dll\\\ ",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar-->\\\ "C:\\\\Program Files\\\\Windows Live Toolbar\\\\UnInstall.exe\\\" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar-->MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows XP Service Pack 3-->\\\ "C:\\\\WINDOWS\\\\$NtServicePackUninstall$\\\\spuninst\\\\spuninst.exe\\\ "
Xvid 1.1.3 final uninstall-->\\\ "C:\\\\Program Files\\\\Xvid\\\\unins000.exe\\\ "

=====HijackThis Backups=====

O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\\\\Program Files\\\\Common Files\\\\Logitech\\\\Bluetooth\\\\LBTSERV.EXE (file missing)
R3 - Default URLSearchHook is missing
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\\\\Program Files\\\\Common Files\\\\Logitech\\\\Bluetooth\\\\LBTSERV.EXE (file missing)
O3 - Toolbar: qalkfxor - {8BE3A45C-46D2-407E-8A70-878D0828634D} - C:\\\\WINDOWS\\\\qalkfxor.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\\\program files\\\\google\\\\googletoolbar1.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\\\Program Files\\\\Java\\\\jre1.6.0_07\\\\bin\\\\npjpi160_07.dll
O21 - SSODL: rqbmvpso - {D9986E77-670A-4AD0-8018-81C757D850E2} - C:\\\\WINDOWS\\\\rqbmvpso.dll
O9 - Extra \\\'Tools\\\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\\\Program Files\\\\Java\\\\jre1.6.0_07\\\\bin\\\\npjpi160_07.dll
O21 - SSODL: pdoskegl - {70464531-A6C2-4EE7-B1DC-D7EB34C8C47E} - C:\\\\WINDOWS\\\\pdoskegl.dll
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\\\\Program Files\\\\Common Files\\\\Logitech\\\\Bluetooth\\\\LBTSERV.EXE (file missing)
O20 - AppInit_DLLs: sfbjbx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\\\program files\\\\google\\\\googletoolbar1.dll
O4 - HKUS\\\\S-1-5-18\\\\..\\\\Run: [CTFMON.EXE] C:\\\\WINDOWS\\\\system32\\\\CTFMON.EXE (User \\\'SYSTEM\\\')
O4 - HKLM\\\\..\\\\Run: [ehTray] C:\\\\WINDOWS\\\\ehome\\\\ehtray.exe
R0 - HKCU\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Toolbar,LinksFolderName =
O4 - HKLM\\\\..\\\\Run: [KL AntiFunLove] C:\\\\WINDOWS\\\\system32\\\\flcss.exe
R1 - HKLM\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\\\\..\\\\Run: [SMSTray] C:\\\\Program Files\\\\Samsung\\\\Samsung Media Studio 5\\\\SMSTray.exe
O4 - HKLM\\\\..\\\\Run: [IMJPMIG8.1] \\\ "C:\\\\WINDOWS\\\\IME\\\\imjp8_1\\\\IMJPMIG.EXE\\\" /Spoil /RemAdvDef /Migration32
O4 - HKLM\\\\..\\\\Run: [HotKeysCmds] C:\\\\WINDOWS\\\\system32\\\\hkcmd.exe
O4 - HKUS\\\\S-1-5-20\\\\..\\\\Run: [CTFMON.EXE] C:\\\\WINDOWS\\\\system32\\\\CTFMON.EXE (User \\\'NETWORK SERVICE\\\')
O4 - HKLM\\\\..\\\\Run: [BitDefender Antiphishing Helper] \\\ "C:\\\\Program Files\\\\BitDefender\\\\BitDefender 2008\\\\IEShow.exe\\\ "
O4 - HKLM\\\\..\\\\Run: [PHIME2002A] C:\\\\WINDOWS\\\\system32\\\\IME\\\\TINTLGNT\\\\TINTSETP.EXE /IMEName
O4 - HKLM\\\\..\\\\Run: [SunJavaUpdateSched] \\\ "C:\\\\Program Files\\\\Java\\\\jre6\\\\bin\\\\jusched.exe\\\ "
O4 - HKLM\\\\..\\\\Run: [IgfxTray] C:\\\\WINDOWS\\\\system32\\\\igfxtray.exe
O4 - HKCU\\\\..\\\\RunOnce: [NeroHomeFirstStart] C:\\\\Program Files\\\\Common Files\\\\Ahead\\\\Lib\\\\NeroScoutOptions.exe
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\\\Program Files\\\\Java\\\\jre6\\\\bin\\\\jp2ssv.dll
O4 - HKLM\\\\..\\\\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\\\\..\\\\Run: [MAAgent] C:\\\\Program Files\\\\MarkAny\\\\ContentSafer\\\\MAAgent.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\\\Program Files\\\\Java\\\\jre6\\\\bin\\\\ssv.dll
O4 - HKLM\\\\..\\\\Run: [PhiBtn] %SystemRoot%\\\\System32\\\\drivers\\\\PhiBtn.exe
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ie\\\\jqs_plugin.dll
O4 - HKLM\\\\..\\\\Run: [BDAgent] \\\ "C:\\\\Program Files\\\\BitDefender\\\\BitDefender 2008\\\\bdagent.exe\\\ "
O4 - HKCU\\\\..\\\\Run: [CTFMON.EXE] C:\\\\WINDOWS\\\\system32\\\\ctfmon.exe
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Windows Live\\\\WindowsLiveLogin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\\\\..\\\\Run: [TkBellExe] \\\ "C:\\\\Program Files\\\\Common Files\\\\Real\\\\Update_OB\\\\realsched.exe\\\" -osboot
O4 - HKLM\\\\..\\\\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\\\\..\\\\Run: [Persistence] C:\\\\WINDOWS\\\\system32\\\\igfxpers.exe
O4 - HKUS\\\\.DEFAULT\\\\..\\\\Run: [CTFMON.EXE] C:\\\\WINDOWS\\\\system32\\\\CTFMON.EXE (User \\\'Default user\\\')
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\\\Program Files\\\\Google\\\\GoogleToolbarNotifier\\\\3.1.807.1746\\\\swg.dll
R1 - HKLM\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\\\\..\\\\Run: [PHIME2002ASync] C:\\\\WINDOWS\\\\system32\\\\IME\\\\TINTLGNT\\\\TINTSETP.EXE /SYNC
O4 - HKLM\\\\..\\\\Run: [NeroFilterCheck] C:\\\\WINDOWS\\\\system32\\\\NeroCheck.exe
R1 - HKLM\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\\\\Program Files\\\\Adobe\\\\Acrobat 7.0\\\\Reader\\\\reader_sl.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\\\Program Files\\\\PartyGaming\\\\PartyPoker\\\\RunApp.exe
O4 - HKLM\\\\..\\\\Run: [Traymin900] %SystemRoot%\\\\System32\\\\drivers\\\\Tray900.exe
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\\\\Program Files\\\\BitDefender\\\\BitDefender 2008\\\\IEToolbar.dll
O4 - HKLM\\\\..\\\\Run: [QuickTime Task] \\\ "C:\\\\Program Files\\\\QuickTime\\\\qttask.exe\\\" -atboottime
O4 - HKCU\\\\..\\\\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] \\\ "C:\\\\Program Files\\\\Common Files\\\\Ahead\\\\lib\\\\NMBgMonitor.exe\\\ "
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\\\WINDOWS\\\\Network Diagnostic\\\\xpnetdiag.exe
O9 - Extra \\\'Tools\\\' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\\\Program Files\\\\PartyGaming\\\\PartyPoker\\\\RunApp.exe
O9 - Extra \\\'Tools\\\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\\\WINDOWS\\\\Network Diagnostic\\\\xpnetdiag.exe
O9 - Extra \\\'Tools\\\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\\\Program Files\\\\Messenger\\\\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\\\Program Files\\\\Messenger\\\\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://www.webcamcancun.com/WinWebPush.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://campash.brett-robinson.com/activex/AxisCamControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download/sv1.0.32.21/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550900} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://axis79ba5e.axiscam.net/activex/AMC.cab
O23 - Service: dlcc_device - Unknown owner - C:\\\\WINDOWS\\\\system32\\\\dlcccoms.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\\\\Program Files\\\\BitDefender\\\\BitDefender 2008\\\\vsserv.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\\\\Program Files\\\\Spyware Doctor\\\\pctsSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\\\Program Files\\\\Common Files\\\\InstallShield\\\\Driver\\\\1150\\\\Intel 32\\\\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\\\\Program Files\\\\Common Files\\\\Logitech\\\\Bluetooth\\\\LBTSERV.EXE (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\\\\Program Files\\\\NOS\\\\bin\\\\getPlus_HelperSvc.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\\\\Program Files\\\\Lavasoft\\\\Ad-Aware 2007\\\\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\\\Program Files\\\\Google\\\\Common\\\\Google Updater\\\\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\\\\Program Files\\\\Spyware Doctor\\\\pctsAuxs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\\\\Program Files\\\\Common Files\\\\BitDefender\\\\BitDefender Update Service\\\\livesrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\\\Program Files\\\\Java\\\\jre6\\\\bin\\\\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\\\\Program Files\\\\PC Connectivity Solution\\\\ServiceLayer.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\\\\Program Files\\\\Common Files\\\\BitDefender\\\\BitDefender Communicator\\\\xcommsvr.exe
O4 - HKCU\\\\..\\\\Run: [ctfmon.exe] C:\\\\WINDOWS\\\\system32\\\\ctfmon.exe
O4 - HKCU\\\\..\\\\Run: [SVCHOST.EXE] C:\\\\WINDOWS\\\\system32\\\\drivers\\\\svchost.exe
O4 - HKCU\\\\..\\\\Run: [swg] C:\\\\Program Files\\\\Google\\\\GoogleToolbarNotifier\\\\GoogleToolbarNotifier.exe
R0 - HKCU\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main,Start Page = http://uk.msn.com/?ocid=iehp
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\\\\Program Files\\\\BitDefender\\\\BitDefender 2008\\\\vsserv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\\\Program Files\\\\Java\\\\jre6\\\\bin\\\\jqs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\\\Program Files\\\\Common Files\\\\InstallShield\\\\Driver\\\\1150\\\\Intel 32\\\\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\\\\Program Files\\\\Common Files\\\\BitDefender\\\\BitDefender Update Service\\\\livesrv.exe
O4 - HKCU\\\\..\\\\Run: [MSMSGS] \\\ "C:\\\\Program Files\\\\Messenger\\\\msmsgs.exe\\\" /background
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\\\\Program Files\\\\Lavasoft\\\\Ad-Aware 2007\\\\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\\\Program Files\\\\Google\\\\Common\\\\Google Updater\\\\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\\\\Program Files\\\\Spyware Doctor\\\\pctsAuxs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\\\\Program Files\\\\Common Files\\\\Logitech\\\\Bluetooth\\\\LBTSERV.EXE (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\\\\Program Files\\\\Common Files\\\\BitDefender\\\\BitDefender Communicator\\\\xcommsvr.exe
O4 - HKCU\\\\..\\\\Run: [MsnMsgr] \\\ "C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\msnmsgr.exe\\\" /background
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\\\\Program Files\\\\Spyware Doctor\\\\pctsSvc.exe

======Security center information======

AV: Bitdefender Antivirus

======Environment variables======

\\\ "ComSpec\\\ "=%SystemRoot%\\\\system32\\\\cmd.exe
\\\ "Path\\\ "=C:\\\\WINDOWS\\\\system32;%systemroot%\\\\system32;%systemroot%;%systemroot%\\\\system32\\\\wbem;C:\\\\Program Files\\\\PC Connectivity Solution;C:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v1.1.4322;C:\\\\Program Files\\\\Common Files\\\\Teleca Shared;C:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727;C:\\\\Program Files\\\\QuickTime\\\\QTSystem
\\\ "windir\\\ "=%SystemRoot%
\\\ "FP_NO_HOST_CHECK\\\ "=NO
\\\ "OS\\\ "=Windows_NT
\\\ "PROCESSOR_ARCHITECTURE\\\ "=x86
\\\ "PROCESSOR_LEVEL\\\ "=15
\\\ "PROCESSOR_IDENTIFIER\\\ "=x86 Family 15 Model 6 Stepping 5, GenuineIntel
\\\ "PROCESSOR_REVISION\\\ "=0605
\\\ "NUMBER_OF_PROCESSORS\\\ "=2
\\\ "PATHEXT\\\ "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
\\\ "TEMP\\\ "=%SystemRoot%\\\\TEMP
\\\ "TMP\\\ "=%SystemRoot%\\\\TEMP
\\\ "CLASSPATH\\\ "=.;C:\\\\Program Files\\\\Java\\\\jre1.6.0_05\\\\lib\\\\ext\\\\QTJava.zip
\\\ "QTJAVA\\\ "=C:\\\\Program Files\\\\Java\\\\jre1.6.0_05\\\\lib\\\\ext\\\\QTJava.zip

-----------------EOF-----------------

PeteC · 2008/12/15

Thanks - one of our trained malware analysts will deal with them in due course. A little patience please - they are always very busy.

coopsey · 2008/12/15

Ok,thankyou

noahdfear · 2008/12/15

Assuming you can transfer a file from the library .......

Download ComboFix by sUBs from here, saving the file to your desktop. Please rename the file prior to saving it to your drive. Something like fixocom.exe should work well.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click the fixocom icon and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

coopsey · 2008/12/16

Hi,before I followed your instructions above,my PC restarted itself (without my clicking anything!) and now searches and links seem to be working normally but programs are unable to connect to the internet eg.I couldnt install the recovery console as combofix couldnt connect to the internet nor could I update my antivirus software.
Thanks for your time,here is the combofix log

ComboFix 08-12-15.04 - JACQUIE 2008-12-16 9:14:00.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1702 [GMT 0:00]
Running from: c:\documents and settings\JACQUIE.HOPELESS\Desktop\fixocom.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS

((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 )))))))))))))))))))))))))))))))
.

2008-12-15 22:05 . 2008-12-15 22:08 <DIR> d-------- C:\cimbofox
2008-12-15 21:44 . 2008-12-15 21:44 <DIR> d-------- C:\rsit
2008-12-15 20:39 . 2008-12-15 20:39 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live
2008-12-15 18:05 . 2008-12-15 20:38 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-15 16:55 . 2008-12-15 16:55 <DIR> d-------- c:\documents and settings\Guest
2008-12-15 10:04 . 2008-12-15 10:04 <DIR> d-------- c:\documents and settings\Administrator.HOPELESS\Application Data\BitDefender
2008-12-14 22:17 . 2008-12-14 22:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 22:17 . 2008-12-14 22:17 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-14 22:17 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 22:17 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 21:47 . 2008-12-14 21:47 61,440 --a------ c:\windows\system32\flcss.exe
2008-12-13 13:14 . 2008-12-13 13:14 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Questtracers
2008-12-12 10:05 . 2008-12-12 10:16 <DIR> d-------- c:\documents and settings\JACQUIE.HOPELESS\Application Data\Ashtons. Family Resort
2008-12-12 10:05 . 2008-12-12 10:05 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Ashtons. Family Resort
2008-12-11 10:42 . 2008-12-11 10:42 <DIR> d-------- c:\documents and settings\JACQUIE.HOPELESS\Application Data\Sarah's Emergency Hospital
2008-12-09 19:06 . 2008-12-09 19:05 716,800 --------- c:\windows\UNNMIX.exe
2008-12-09 19:06 . 2008-12-09 19:05 153,246 --------- c:\windows\UNNMIX.cfg
2008-12-09 19:05 . 2008-12-09 19:06 <DIR> d-------- c:\program files\Ahead
2008-12-09 18:49 . 2008-12-09 18:49 <DIR> d-------- c:\program files\DVD Decrypter
2008-12-09 09:58 . 2008-12-09 09:58 <DIR> d-------- c:\windows\Paranormal Agency
2008-12-09 09:58 . 2008-12-09 09:58 <DIR> d-------- c:\program files\Paranormal Agency
2008-12-09 09:58 . 2008-12-09 09:58 <DIR> d-------- c:\documents and settings\JACQUIE.HOPELESS\Application Data\Shape games
2008-12-08 17:03 . 2008-12-14 16:23 <DIR> d-------- c:\documents and settings\JACQUIE.HOPELESS\Application Data\Home Sweet Home Christmas
2008-12-08 17:02 . 2008-12-08 17:02 <DIR> d-------- c:\windows\Home Sweet Home Christmas Edition
2008-12-08 17:02 . 2008-12-08 17:03 <DIR> d-------- c:\program files\Home Sweet Home Christmas Edition
2008-12-06 14:35 . 2008-12-06 14:35 <DIR> d-------- c:\program files\Dell Photo AIO Printer 924
2008-11-30 13:59 . 2008-11-30 13:59 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NevoSoft Games
2008-11-22 11:37 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2008-11-22 11:37 . 2001-08-17 22:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2008-11-22 11:37 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-22 11:37 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-22 11:37 . 2005-07-22 22:18 1,438 -ra------ c:\windows\system32\dlcc.loc
2008-11-22 11:36 . 2008-12-07 10:21 <DIR> d-------- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-11-21 16:21 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-20 13:42 . 2008-11-20 13:42 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\HipSoft
2008-11-20 13:41 . 2008-11-20 13:41 <DIR> d-------- c:\windows\Build a lot 3 Passport to Europe
2008-11-20 13:41 . 2008-11-20 13:41 <DIR> d-------- c:\program files\Build a lot 3 Passport to Europe
2008-11-19 17:23 . 2008-11-19 17:23 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 09:12 81,984 ----a-w c:\windows\system32\bdod.bin
2008-12-15 22:02 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-12-14 11:48 --------- d-----w c:\documents and settings\JACQUIE.HOPELESS\Application Data\uTorrent
2008-12-09 14:42 --------- d-----w c:\program files\PartyGaming
2008-12-03 16:09 --------- d-----w c:\program files\Java
2008-11-29 22:46 --------- d-----w c:\program files\DivX
2008-11-24 09:19 --------- d-----w c:\documents and settings\JACQUIE.HOPELESS\Application Data\Gamelab
2008-11-15 19:05 --------- d-----w c:\documents and settings\JACQUIE.HOPELESS\Application Data\LimeWire
2008-11-10 12:57 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Redrum
2008-11-10 12:33 --------- d-----w c:\program files\Megaplex Madness Now Playing
2008-11-10 10:59 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Fugazo
2008-11-09 17:15 --------- d-----w c:\documents and settings\STEVE.HOPELESS\Application Data\InstallShield
2008-11-09 14:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 11:18 --------- d-----w c:\program files\Operation Mania
2008-11-04 10:14 --------- d-----w c:\program files\Xvid
2008-11-03 16:14 --------- d-----w c:\documents and settings\JACQUIE.HOPELESS\Application Data\Pogo Games
2008-10-30 13:03 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-10-29 10:12 --------- d-----w c:\documents and settings\JACQUIE.HOPELESS\Application Data\PetShowCraze
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-21 15:00 --------- d-----w c:\documents and settings\JACQUIE.HOPELESS\Application Data\Mushroom Age
2008-10-18 14:23 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-05-17 07:50 24,192 ----a-w c:\documents and settings\JACQUIE.HOPELESS\usbsermptxp.sys
2008-05-17 07:50 22,768 ----a-w c:\documents and settings\JACQUIE.HOPELESS\usbsermpt.sys
2008-04-16 07:44 315 ----a-w c:\documents and settings\Jacquie\Application Data\bbbconfig.dat
2008-03-15 11:51 24,192 ----a-w c:\documents and settings\Jacquie\usbsermptxp.sys
2008-03-15 11:51 22,768 ----a-w c:\documents and settings\Jacquie\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot_2008-12-15_22.08.26.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-15 22:03:54 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-16 09:12:26 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-15 22:03:54 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-16 09:12:26 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-15 22:03:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-16 09:12:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-16 09:12:41 16,384 ----atw c:\windows\temp\Perflib_Perfdata_cc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277} "= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe "=
"c:\\Program Files\\SopCast\\SopCast.exe "=
"c:\\Ntreev\\Grand Chase\\main.exe "=
"c:\\WINDOWS\\system32\\muzapp.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP "= 1700:TCP:MioNet Remote Drive Access
"1641:TCP "= 1641:TCP:MioNet Remote Drive Verification

R3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\DRIVERS\camdrv41.sys [2008-04-23 1240576]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\DRIVERS\w200bus.sys [2008-05-14 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w200mdfl.sys [2008-05-14 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\DRIVERS\w200mdm.sys [2008-05-14 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w200mgmt.sys [2008-05-14 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w200obex.sys [2008-05-14 86368]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2008-12-16 c:\windows\Tasks\A8E231CB9119A5C7.job
- c:\docume~1\jacqui~1.hop\applic~1\chinst~1\Bore Online Logo.exe []

2008-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-12-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-12-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 09:16:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TDSSserv.sys]
"imagepath "= "\systemroot\system32\drivers\TDSSoiqt.sys "
.
Completion time: 2008-12-16 9:16:44
ComboFix-quarantined-files.txt 2008-12-16 09:16:42
ComboFix2.txt 2008-12-15 22:08:47
ComboFix3.txt 2008-09-03 14:20:52
ComboFix4.txt 2008-09-03 11:21:21

Pre-Run: 204,024,811,520 bytes free
Post-Run: 204,017,229,824 bytes free

173 --- E O F --- 2008-12-12 14:35:10

coopsey · 2008/12/16

An update,since I last posted I have been able to run Kaspersky online scanner which found 2 trojan files.I have manually deleted the files and run Combofix again and was able to install the recovery console this time.Here is the most recent log incase anything has changed.
Thanks

ComboFix 08-12-15.04 - JACQUIE 2008-12-16 12:18:56.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1692 [GMT 0:00]
Running from: c:\documents and settings\JACQUIE.HOPELESS\Desktop\fixocom.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\TDSSmxst.sys
c:\windows\system32\Drivers\TDSSoiqt.sys
c:\windows\system32\Drivers\TDSSpqlt.sys
c:\windows\system32\TDSSbrsr.dll
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSShrxr.dat
c:\windows\system32\TDSSlrvd.dll
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSnmxh.dll
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSoitt.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSrtql.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSStkdv.log
c:\windows\system32\TDSSvvbj.log
c:\windows\system32\TDSSxfum.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS

((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 )))))))))))))))))))))))))))))))
.

2008-12-16 10:06 . 2008-12-16 10:06 <DIR> d-------- c:\documents and settings\JACQUIE.HOPELESS\Application Data\Malwarebytes
2008-12-15 22:05 . 2008-12-15 22:08 <DIR> d-------- C:\cimbofox
2008-12-15 21:44 . 2008-12-15 21:44 <DIR> d-------- C:\rsit
2008-12-15 20:39 . 2008-12-15 20:39 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live
2008-12-15 18:05 . 2008-12-15 20:38 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-15 16:55 . 2008-12-15 16:55 <DIR> d-------- c:\documents and settings\Guest
2008-12-15 10:04 . 2008-12-15 10:04 <DIR> d-------- c:\documents and settings\Administrator.HOPELESS\Application Data\BitDefender
2008-12-14 22:17 . 2008-12-14 22:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 22:17 . 2008-12-14 22:17 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-14 22:17 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 22:17 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 21:47 . 2008-12-14 21:47 61,440 --a------ c:\windows\system32\flcss.exe
2008-12-13 13:14 . 2008-12-13 13:14 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Questtracers
2008-12-12 10:05 . 2008-12-12 10:16 <DIR> d-------- c:\documents and settings\JACQUIE.HOPELESS\Application Data\Ashtons. Family Resort
2008-12-12 10:05 . 2008-12-12 10:05 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Ashtons. Family Resort
2008-12-11 10:42 . 2008-12-11 10:42 <DIR> d-------- c:\documents and settings\JACQUIE.HOPELESS\Application Data\Sarah's Emergency Hospital
2008-12-09 19:06 . 2008-12-09 19:05 716,800 --------- c:\windows\UNNMIX.exe
2008-12-09 19:06 . 2008-12-09 19:05 153,246 --------- c:\windows\UNNMIX.cfg
2008-12-09 19:05 . 2008-12-09 19:06 <DIR> d-------- c:\program files\Ahead
2008-12-09 18:49 . 2008-12-09 18:49 <DIR> d-------- c:\program files\DVD Decrypter
2008-12-09 09:58 . 2008-12-09 09:58 <DIR> d-------- c:\windows\Paranormal Agency
2008-12-09 09:58 . 2008-12-09 09:58 <DIR> d-------- c:\program files\Paranormal Agency
2008-12-09 09:58 . 2008-12-09 09:58 <DIR> d-------- c:\documents and settings\JACQUIE.HOPELESS\Application Data\Shape games
2008-12-08 17:03 . 2008-12-14 16:23 <DIR> d-------- c:\documents and settings\JACQUIE.HOPELESS\Application Data\Home Sweet Home Christmas
2008-12-08 17:02 . 2008-12-08 17:02 <DIR> d-------- c:\windows\Home Sweet Home Christmas Edition
2008-12-08 17:02 . 2008-12-08 17:03 <DIR> d-------- c:\program files\Home Sweet Home Christmas Edition
2008-12-06 14:35 . 2008-12-06 14:35 <DIR> d-------- c:\program files\Dell Photo AIO Printer 924
2008-11-30 13:59 . 2008-11-30 13:59 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NevoSoft Games
2008-11-22 11:37 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2008-11-22 11:37 . 2001-08-17 22:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2008-11-22 11:37 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-22 11:37 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-22 11:37 . 2005-07-22 22:18 1,438 -ra------ c:\windows\system32\dlcc.loc
2008-11-22 11:36 . 2008-12-07 10:21 <DIR> d-------- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-11-21 16:21 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-20 13:42 . 2008-11-20 13:42 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\HipSoft
2008-11-20 13:41 . 2008-11-20 13:41 <DIR> d-------- c:\windows\Build a lot 3 Passport to Europe
2008-11-20 13:41 . 2008-11-20 13:41 <DIR> d-------- c:\program files\Build a lot 3 Passport to Europe
2008-11-19 17:23 . 2008-11-19 17:23 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 12:17 81,984 ----a-w c:\windows\system32\bdod.bin
2008-12-16 11:15 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-12-14 11:48 --------- d-----w c:\documents and settings\JACQUIE.HOPELESS\Application Data\uTorrent
2008-12-09 14:42 --------- d-----w c:\program files\PartyGaming
2008-12-03 16:09 --------- d-----w c:\program files\Java
2008-11-29 22:46 --------- d-----w c:\program files\DivX
2008-11-24 09:19 --------- d-----w c:\documents and settings\JACQUIE.HOPELESS\Application Data\Gamelab
2008-11-15 19:05 --------- d-----w c:\documents and settings\JACQUIE.HOPELESS\Application Data\LimeWire
2008-11-10 12:57 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Redrum
2008-11-10 12:33 --------- d-----w c:\program files\Megaplex Madness Now Playing
2008-11-10 10:59 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Fugazo
2008-11-09 17:15 --------- d-----w c:\documents and settings\STEVE.HOPELESS\Application Data\InstallShield
2008-11-09 14:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 11:18 --------- d-----w c:\program files\Operation Mania
2008-11-04 10:14 --------- d-----w c:\program files\Xvid
2008-11-03 16:14 --------- d-----w c:\documents and settings\JACQUIE.HOPELESS\Application Data\Pogo Games
2008-10-30 13:03 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-10-29 10:12 --------- d-----w c:\documents and settings\JACQUIE.HOPELESS\Application Data\PetShowCraze
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-21 15:00 --------- d-----w c:\documents and settings\JACQUIE.HOPELESS\Application Data\Mushroom Age
2008-10-18 14:23 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-05-17 07:50 24,192 ----a-w c:\documents and settings\JACQUIE.HOPELESS\usbsermptxp.sys
2008-05-17 07:50 22,768 ----a-w c:\documents and settings\JACQUIE.HOPELESS\usbsermpt.sys
2008-04-16 07:44 315 ----a-w c:\documents and settings\Jacquie\Application Data\bbbconfig.dat
2008-03-15 11:51 24,192 ----a-w c:\documents and settings\Jacquie\usbsermptxp.sys
2008-03-15 11:51 22,768 ----a-w c:\documents and settings\Jacquie\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot_2008-12-15_22.08.26.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-15 22:03:54 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-16 09:12:26 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-15 22:03:54 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-16 09:12:26 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-16 12:17:14 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277} "= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe "=
"c:\\Program Files\\SopCast\\SopCast.exe "=
"c:\\Ntreev\\Grand Chase\\main.exe "=
"c:\\WINDOWS\\system32\\muzapp.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP "= 1700:TCP:MioNet Remote Drive Access
"1641:TCP "= 1641:TCP:MioNet Remote Drive Verification

R3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\DRIVERS\camdrv41.sys [2008-04-23 1240576]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\DRIVERS\w200bus.sys [2008-05-14 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w200mdfl.sys [2008-05-14 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\DRIVERS\w200mdm.sys [2008-05-14 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w200mgmt.sys [2008-05-14 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w200obex.sys [2008-05-14 86368]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-12-16 c:\windows\Tasks\A8E231CB9119A5C7.job
- c:\docume~1\jacqui~1.hop\applic~1\chinst~1\Bore Online Logo.exe []

2008-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-12-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-12-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 12:21:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TDSSserv.sys]
"imagepath "= "\systemroot\system32\drivers\TDSSmxst.sys "
.
Completion time: 2008-12-16 12:22:25
ComboFix-quarantined-files.txt 2008-12-16 12:22:11
ComboFix2.txt 2008-12-16 09:16:45
ComboFix3.txt 2008-12-15 22:08:47
ComboFix4.txt 2008-09-03 14:20:52
ComboFix5.txt 2008-12-16 12:10:47

Pre-Run: 205,419,495,424 bytes free
Post-Run: 205,471,416,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect

196 --- E O F --- 2008-12-12 14:35:10

noahdfear · 2008/12/16

Please delete each of the following.

c:\windows\Tasks\A8E231CB9119A5C7.job

The aboce task was for a LOP infection. We need to run another tool to make sure LOP is all gone. Download Lop S&D and save it to your desktop.

Please disable resident protections (Antivirus...) you'll re-enable them after the scan

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created at C:\lopR.txt

Don't forget to re-enable your resident protections now!

coopsey · 2008/12/17

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : Default System BIOS
USER : JACQUIE ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender Antivirus 12.0 (Activated)
C:\ (Local Disk) - NTFS - Total:232 Go (Free:191 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 17/12/2008| 9:25 )

--------------------\\ Listing folders in APPLIC~1

[28/08/2008|16:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[28/08/2008|17:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[28/08/2008|17:45] C:\DOCUME~1\ADMINI~1.HOP\APPLIC~1\Adobe
[28/08/2008|17:45] C:\DOCUME~1\ADMINI~1.HOP\APPLIC~1\Macromedia
[28/08/2008|18:39] C:\DOCUME~1\ADMINI~1.HOP\APPLIC~1\Microsoft
[28/08/2008|17:48] C:\DOCUME~1\ADMINI~1.HOP\APPLIC~1\WinRAR

[31/03/2008|12:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[13/03/2008|14:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[26/03/2008|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Astar Games
[29/02/2008|09:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
[30/06/2008|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[28/02/2008|19:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
[18/03/2008|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[01/03/2008|17:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Escape From Paradise
[18/03/2008|09:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EscapeTheMuseum
[04/04/2008|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
[20/03/2008|10:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Go Go Gourmet
[20/04/2008|10:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[12/03/2008|14:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[28/02/2008|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[13/03/2008|14:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
[19/04/2008|16:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[12/04/2008|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[06/04/2008|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[22/03/2008|09:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QB9 S.R.L
[22/04/2008|08:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[04/04/2008|08:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[09/04/2008|16:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU Networks
[28/02/2008|20:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[03/03/2008|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[27/05/2008|08:44] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe
[12/07/2008|12:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple
[12/07/2008|12:38] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
[12/12/2008|10:05] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Ashtons. Family Resort
[23/04/2008|08:48] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\BigFishGamesCache
[16/12/2008|15:25] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\BitDefender
[18/07/2008|10:00] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\blg
[30/10/2008|13:03] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\DVD Shrink
[02/05/2008|13:05] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\EscapeTheMuseum
[21/07/2008|11:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FarmFrenzy2
[01/07/2008|17:28] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Fitn17
[01/07/2008|11:08] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FreshGames
[10/11/2008|10:59] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Fugazo
[22/04/2008|16:46] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google
[02/05/2008|13:07] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\HiddenSecretsNightmare
[20/11/2008|13:42] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\HipSoft
[19/05/2008|09:17] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Hot Lava Games
[13/05/2008|10:02] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Installations
[30/08/2008|09:54] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab
[22/04/2008|15:09] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
[29/05/2008|10:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Ludia
[14/12/2008|22:17] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Malwarebytes
[28/08/2008|12:54] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft
[18/05/2008|12:01] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\MythPeople
[30/11/2008|13:59] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\NevoSoft Games
[13/05/2008|10:17] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nokia
[19/11/2008|17:23] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\NOS
[11/05/2008|16:15] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Oberon Media
[05/05/2008|09:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PC Drivers HeadQuarters
[04/05/2008|19:36] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PC Suite
[18/10/2008|14:23] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PlayFirst
[13/12/2008|13:14] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Questtracers
[10/11/2008|12:57] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Redrum
[21/09/2008|19:49] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sandlot Games
[28/08/2008|17:13] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
[16/12/2008|11:15] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
[20/08/2008|20:41] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TheRace_dev
[30/04/2008|12:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Trymedia
[26/06/2008|12:44] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\VirtualFarm
[22/04/2008|15:43] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
[23/04/2008|15:59] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WLInstaller

[28/02/2008|14:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[22/04/2008|10:43] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft

[15/12/2008|16:56] C:\DOCUME~1\Guest\APPLIC~1\Adobe
[15/12/2008|16:55] C:\DOCUME~1\Guest\APPLIC~1\Identities
[15/12/2008|16:57] C:\DOCUME~1\Guest\APPLIC~1\Macromedia
[15/12/2008|16:55] C:\DOCUME~1\Guest\APPLIC~1\Microsoft

[04/04/2008|09:42] C:\DOCUME~1\Jacquie\APPLIC~1\Adobe
[09/03/2008|15:32] C:\DOCUME~1\Jacquie\APPLIC~1\AdobeUM
[18/03/2008|19:03] C:\DOCUME~1\Jacquie\APPLIC~1\Ahead
[09/10/2008|11:53] C:\DOCUME~1\Jacquie\APPLIC~1\AlterLab
[28/02/2008|21:01] C:\DOCUME~1\Jacquie\APPLIC~1\ArcSoft
[12/03/2008|16:43] C:\DOCUME~1\Jacquie\APPLIC~1\DataCast
[18/03/2008|11:32] C:\DOCUME~1\Jacquie\APPLIC~1\DivX
[10/03/2008|15:22] C:\DOCUME~1\Jacquie\APPLIC~1\Freshtel UK
[01/03/2008|09:51] C:\DOCUME~1\Jacquie\APPLIC~1\Google
[28/02/2008|14:42] C:\DOCUME~1\Jacquie\APPLIC~1\Identities
[05/04/2008|09:09] C:\DOCUME~1\Jacquie\APPLIC~1\Jane s Hotel Family Hero
[20/04/2008|13:48] C:\DOCUME~1\Jacquie\APPLIC~1\LimeWire
[12/03/2008|14:20] C:\DOCUME~1\Jacquie\APPLIC~1\Logitech
[29/02/2008|08:50] C:\DOCUME~1\Jacquie\APPLIC~1\Macromedia
[22/03/2008|09:51] C:\DOCUME~1\Jacquie\APPLIC~1\Meridian93
[27/03/2008|09:07] C:\DOCUME~1\Jacquie\APPLIC~1\Microsoft
[12/04/2008|15:23] C:\DOCUME~1\Jacquie\APPLIC~1\MysteryStudio
[12/03/2008|14:29] C:\DOCUME~1\Jacquie\APPLIC~1\Nokia
[12/03/2008|14:31] C:\DOCUME~1\Jacquie\APPLIC~1\Nokia Multimedia Player
[12/03/2008|14:25] C:\DOCUME~1\Jacquie\APPLIC~1\PC Suite
[06/04/2008|14:11] C:\DOCUME~1\Jacquie\APPLIC~1\PlayFirst
[17/03/2008|12:40] C:\DOCUME~1\Jacquie\APPLIC~1\Real
[10/03/2008|13:20] C:\DOCUME~1\Jacquie\APPLIC~1\Sun
[20/04/2008|13:49] C:\DOCUME~1\Jacquie\APPLIC~1\uTorrent
[13/03/2008|10:55] C:\DOCUME~1\Jacquie\APPLIC~1\WinRAR

[17/05/2008|07:52] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Adobe
[27/05/2008|08:42] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\AdobeUM
[24/04/2008|09:08] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Ahead
[18/07/2008|08:37] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Alawar
[12/07/2008|12:47] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Apple Computer
[12/12/2008|10:16] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Ashtons. Family Resort
[08/08/2008|12:33] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\BeachPartyCraze
[16/12/2008|15:24] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\BitDefender
[18/07/2008|10:00] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\blg
[23/04/2008|09:27] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Boomzap
[15/10/2008|17:04] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\ChinStore
[01/05/2008|19:11] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\DataCast
[05/08/2008|17:51] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Dress Up Rush
[21/09/2008|19:17] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\EleFun Games
[02/05/2008|10:13] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Gaijin Ent
[24/11/2008|09:19] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Gamelab
[30/07/2008|11:02] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\GetRightToGo
[22/08/2008|20:08] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Go-Go Gourmet Chef of the Year
[14/12/2008|16:23] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Google
[10/09/2008|14:17] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Home Sweet Home 2
[14/12/2008|16:23] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Home Sweet Home Christmas
[22/04/2008|11:50] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Identities
[01/05/2008|18:46] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\InstallShield
[08/08/2008|18:15] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\IOMediaSupport6SZZ001s
[21/09/2008|19:25] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\ITTNord
[24/04/2008|11:39] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Jane s Hotel Family Hero
[26/08/2008|12:28] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Jane s Realty hitzwarez net
[15/11/2008|19:05] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\LimeWire
[04/05/2008|19:54] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Logitech
[29/05/2008|10:56] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Ludia
[22/04/2008|14:49] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Macromedia
[16/12/2008|10:06] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Malwarebytes
[04/07/2008|14:03] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Meridian93
[29/08/2008|07:45] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Microsoft
[21/10/2008|15:00] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Mushroom Age
[12/05/2008|15:55] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\My Games
[07/07/2008|12:09] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Nokia
[07/05/2008|09:58] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\PC Suite
[29/10/2008|10:12] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\PetShowCraze
[06/10/2008|10:22] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\PlayFirst
[24/06/2008|10:44] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Playrix Entertainment
[03/11/2008|16:14] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Pogo Games
[23/04/2008|20:15] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Real
[11/12/2008|10:42] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Sarah's Emergency Hospital
[09/12/2008|09:58] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Shape games
[21/09/2008|19:03] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Skip-Bo
[29/07/2008|18:49] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Skunk Studios
[15/05/2008|07:57] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Sony Ericsson
[08/08/2008|18:15] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Spinapse
[06/07/2008|15:24] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\SulusGames
[23/04/2008|11:28] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Sun
[12/08/2008|16:34] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Suspects and Clues Players
[08/08/2008|18:15] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Suspects and Clues Prefs
[15/05/2008|07:57] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\Teleca
[14/12/2008|11:48] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\uTorrent
[06/06/2008|09:21] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\ViquaSoft
[30/04/2008|12:54] C:\DOCUME~1\JACQUI~1.HOP\APPLIC~1\WinRAR

[28/02/2008|14:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[22/04/2008|10:48] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Microsoft

[28/02/2008|14:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[22/04/2008|10:43] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Microsoft

[14/04/2008|06:48] C:\DOCUME~1\Rowan\APPLIC~1\Adobe
[08/04/2008|17:45] C:\DOCUME~1\Rowan\APPLIC~1\Bamzooki
[05/03/2008|02:14] C:\DOCUME~1\Rowan\APPLIC~1\Google
[29/02/2008|17:26] C:\DOCUME~1\Rowan\APPLIC~1\Identities
[12/03/2008|18:48] C:\DOCUME~1\Rowan\APPLIC~1\Logitech
[14/04/2008|06:48] C:\DOCUME~1\Rowan\APPLIC~1\Macromedia
[21/03/2008|13:41] C:\DOCUME~1\Rowan\APPLIC~1\Microsoft
[16/03/2008|11:45] C:\DOCUME~1\Rowan\APPLIC~1\PC Suite
[29/03/2008|09:36] C:\DOCUME~1\Rowan\APPLIC~1\Real

[25/04/2008|15:55] C:\DOCUME~1\ROWAN~1.HOP\APPLIC~1\Adobe
[24/05/2008|00:09] C:\DOCUME~1\ROWAN~1.HOP\APPLIC~1\Google
[25/04/2008|15:52] C:\DOCUME~1\ROWAN~1.HOP\APPLIC~1\Identities
[05/05/2008|06:55] C:\DOCUME~1\ROWAN~1.HOP\APPLIC~1\Logitech
[25/04/2008|15:55] C:\DOCUME~1\ROWAN~1.HOP\APPLIC~1\Macromedia
[09/09/2008|16:27] C:\DOCUME~1\ROWAN~1.HOP\APPLIC~1\Microsoft
[09/05/2008|17:44] C:\DOCUME~1\ROWAN~1.HOP\APPLIC~1\PC Suite
[25/04/2008|15:53] C:\DOCUME~1\ROWAN~1.HOP\APPLIC~1\Real
[14/05/2008|18:25] C:\DOCUME~1\ROWAN~1.HOP\APPLIC~1\Sony Ericsson
[02/05/2008|06:45] C:\DOCUME~1\ROWAN~1.HOP\APPLIC~1\Sun
[14/05/2008|18:25] C:\DOCUME~1\ROWAN~1.HOP\APPLIC~1\Teleca
[22/05/2008|03:12] C:\DOCUME~1\ROWAN~1.HOP\APPLIC~1\WinRAR

[11/04/2008|20:21] C:\DOCUME~1\Steve\APPLIC~1\Adobe
[31/03/2008|11:59] C:\DOCUME~1\Steve\APPLIC~1\AdobeUM
[19/04/2008|19:33] C:\DOCUME~1\Steve\APPLIC~1\DivX
[10/03/2008|15:26] C:\DOCUME~1\Steve\APPLIC~1\Freshtel UK
[03/03/2008|20:18] C:\DOCUME~1\Steve\APPLIC~1\Google
[28/02/2008|21:07] C:\DOCUME~1\Steve\APPLIC~1\Identities
[12/03/2008|20:09] C:\DOCUME~1\Steve\APPLIC~1\Logitech
[11/04/2008|20:21] C:\DOCUME~1\Steve\APPLIC~1\Macromedia
[16/04/2008|17:36] C:\DOCUME~1\Steve\APPLIC~1\Microsoft
[13/03/2008|10:57] C:\DOCUME~1\Steve\APPLIC~1\PC Suite
[01/03/2008|17:35] C:\DOCUME~1\Steve\APPLIC~1\PlayFirst
[09/04/2008|15:38] C:\DOCUME~1\Steve\APPLIC~1\PPLive
[09/04/2008|15:51] C:\DOCUME~1\Steve\APPLIC~1\PPMate
[09/04/2008|19:09] C:\DOCUME~1\Steve\APPLIC~1\ppstream
[27/03/2008|15:19] C:\DOCUME~1\Steve\APPLIC~1\Real
[10/03/2008|12:29] C:\DOCUME~1\Steve\APPLIC~1\Sun
[09/04/2008|16:03] C:\DOCUME~1\Steve\APPLIC~1\TVU Networks
[02/04/2008|14:45] C:\DOCUME~1\Steve\APPLIC~1\WinRAR

[23/04/2008|17:38] C:\DOCUME~1\STEVE~1.HOP\APPLIC~1\Adobe
[24/04/2008|17:31] C:\DOCUME~1\STEVE~1.HOP\APPLIC~1\AdobeUM
[23/04/2008|18:32] C:\DOCUME~1\STEVE~1.HOP\APPLIC~1\ArcSoft
[16/12/2008|15:42] C:\DOCUME~1\STEVE~1.HOP\APPLIC~1\BitDefender
[10/05/2008|16:03] C:\DOCUME~1\STEVE~1.HOP\APPLIC~1\Google
[22/04/2008|17:42] C:\DOCUME~1\STEVE~1.HOP\APPLIC~1\Identities
[09/11/2008|17:15] C:\DOCUME~1\STEVE~1.HOP\APPLIC~1\InstallShield
[05/05/2008|12:48] C:\DOCUME~1\STEVE~1.HOP\APPLIC~1\Logitech
[22/04/2008|17:49] C:\DOCUME~1\STEVE~1.HOP\APPLIC~1\Macromedia
[14/12/2008|20:32] C:\DOCUME~1\STEVE~1.HOP\APPLIC~1\Microsoft
[14/05/2008|15:39] C:\DOCUME~1\STEVE~1.HOP\APPLIC~1\Nokia Multimedia Player
[05/05/2008|16:33] C:\DOCUME~1\STEVE~1.HOP\APPLIC~1\PC Suite
[14/05/2008|15:40] C:\DOCUME~1\STEVE~1.HOP\APPLIC~1\Real
[14/05/2008|13:23] C:\DOCUME~1\STEVE~1.HOP\APPLIC~1\Sony Ericsson
[28/04/2008|10:39] C:\DOCUME~1\STEVE~1.HOP\APPLIC~1\Sun
[14/05/2008|13:24] C:\DOCUME~1\STEVE~1.HOP\APPLIC~1\Teleca
[14/05/2008|12:32] C:\DOCUME~1\STEVE~1.HOP\APPLIC~1\WinRAR

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[09/12/2008 02:05][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[12/07/2008 12:37][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[17/12/2008 01:35][--a------] C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[17/12/2008 09:02][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10/08/2004 11:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[28/02/2008|14:47] C:\Program Files\Adobe
[09/12/2008|19:06] C:\Program Files\Ahead
[12/07/2008|12:37] C:\Program Files\Apple Software Update
[06/09/2008|14:52] C:\Program Files\Axis Communications
[02/04/2008|19:23] C:\Program Files\BAMZOOKi
[26/06/2008|10:01] C:\Program Files\BFG
[21/04/2008|08:18] C:\Program Files\bfgclient
[16/12/2008|15:24] C:\Program Files\BitDefender
[20/11/2008|13:41] C:\Program Files\Build a lot 3 Passport to Europe
[16/12/2008|14:56] C:\Program Files\Common Files
[28/02/2008|14:22] C:\Program Files\ComPlus Applications
[06/12/2008|14:35] C:\Program Files\Dell Photo AIO Printer 924
[12/03/2008|14:13] C:\Program Files\DIFX
[27/04/2008|10:41] C:\Program Files\Disney
[29/11/2008|22:46] C:\Program Files\DivX
[17/03/2008|11:55] C:\Program Files\Driver-Soft
[09/12/2008|18:49] C:\Program Files\DVD Decrypter
[20/05/2008|23:49] C:\Program Files\FlashGet
[10/03/2008|15:22] C:\Program Files\Freshtel internet phone
[22/04/2008|16:46] C:\Program Files\Google
[08/12/2008|17:03] C:\Program Files\Home Sweet Home Christmas Edition
[09/11/2008|14:59] C:\Program Files\InstallShield Installation Information
[28/02/2008|14:49] C:\Program Files\Intel
[10/12/2008|20:29] C:\Program Files\Internet Explorer
[03/12/2008|16:09] C:\Program Files\Java
[27/05/2008|10:35] C:\Program Files\Lame MP3 Codec
[12/03/2008|16:16] C:\Program Files\Lavasoft
[14/12/2008|22:17] C:\Program Files\Malwarebytes' Anti-Malware
[07/08/2008|12:27] C:\Program Files\MarkAny
[10/11/2008|12:33] C:\Program Files\Megaplex Madness Now Playing
[15/10/2008|17:08] C:\Program Files\Messenger
[28/02/2008|14:26] C:\Program Files\microsoft frontpage
[15/12/2008|20:39] C:\Program Files\Microsoft Windows OneCare Live
[15/10/2008|17:08] C:\Program Files\Movie Maker
[28/02/2008|14:20] C:\Program Files\MSN
[28/02/2008|14:20] C:\Program Files\MSN Gaming Zone
[13/03/2008|08:59] C:\Program Files\MSXML 4.0
[13/05/2008|10:15] C:\Program Files\MSXML 6.0
[18/03/2008|19:00] C:\Program Files\Nero
[15/10/2008|17:06] C:\Program Files\NetMeeting
[08/07/2008|08:36] C:\Program Files\Nokia
[28/02/2008|14:22] C:\Program Files\Online Services
[07/11/2008|11:18] C:\Program Files\Operation Mania
[15/10/2008|17:06] C:\Program Files\Outlook Express
[09/12/2008|09:58] C:\Program Files\Paranormal Agency
[09/12/2008|14:42] C:\Program Files\PartyGaming
[04/05/2008|19:35] C:\Program Files\PC Connectivity Solution
[28/02/2008|20:53] C:\Program Files\Philips
[12/07/2008|12:39] C:\Program Files\QuickTime
[06/03/2008|01:38] C:\Program Files\Real
[28/02/2008|14:53] C:\Program Files\Realtek
[10/05/2008|15:14] C:\Program Files\ReflexiveArcade
[01/05/2008|18:47] C:\Program Files\Samsung
[23/04/2008|13:39] C:\Program Files\SopCast
[28/08/2008|18:07] C:\Program Files\Trend Micro
[19/04/2008|16:42] C:\Program Files\TVAnts
[09/04/2008|16:03] C:\Program Files\TVUPlayer
[28/02/2008|19:20] C:\Program Files\Uninstall Information
[28/02/2008|20:03] C:\Program Files\Windows Defender
[03/03/2008|19:42] C:\Program Files\Windows Live
[28/02/2008|19:57] C:\Program Files\Windows Live Favorites
[15/12/2008|20:38] C:\Program Files\Windows Live Safety Center
[28/02/2008|19:57] C:\Program Files\Windows Live Toolbar
[04/10/2008|15:20] C:\Program Files\Windows Media Bonus Pack for Windows XP
[06/04/2008|13:38] C:\Program Files\Windows Media Connect 2
[04/10/2008|15:21] C:\Program Files\Windows Media Player
[15/10/2008|17:06] C:\Program Files\Windows NT
[28/02/2008|14:21] C:\Program Files\Windows Plus
[28/02/2008|14:24] C:\Program Files\WindowsUpdate
[29/04/2008|10:32] C:\Program Files\WinRAR
[28/02/2008|14:26] C:\Program Files\xerox
[04/11/2008|10:14] C:\Program Files\Xvid

--------------------\\ Listing Folders in C:\Program Files\Common Files

[27/05/2008|08:44] C:\Program Files\Common Files\Adobe
[23/04/2008|18:23] C:\Program Files\Common Files\Ahead
[28/02/2008|20:55] C:\Program Files\Common Files\ArcSoft
[16/12/2008|15:24] C:\Program Files\Common Files\BitDefender
[12/07/2008|18:15] C:\Program Files\Common Files\INCA Shared
[28/02/2008|20:53] C:\Program Files\Common Files\InstallShield
[10/03/2008|12:28] C:\Program Files\Common Files\Java
[22/04/2008|09:32] C:\Program Files\Common Files\LightScribe
[12/03/2008|14:17] C:\Program Files\Common Files\Logitech
[10/03/2008|15:22] C:\Program Files\Common Files\Microsoft Shared
[28/02/2008|19:09] C:\Program Files\Common Files\Motive
[28/02/2008|14:23] C:\Program Files\Common Files\MSSoap
[08/07/2008|08:35] C:\Program Files\Common Files\Nokia
[28/02/2008|22:11] C:\Program Files\Common Files\ODBC
[12/03/2008|14:13] C:\Program Files\Common Files\PCSuite
[06/03/2008|01:38] C:\Program Files\Common Files\Real
[15/12/2008|16:25] C:\Program Files\Common Files\Services
[28/02/2008|22:11] C:\Program Files\Common Files\SpeechEngines
[09/04/2008|15:51] C:\Program Files\Common Files\Synacast
[15/10/2008|17:06] C:\Program Files\Common Files\System
[08/07/2008|08:50] C:\Program Files\Common Files\Teleca Shared
[28/02/2008|19:56] C:\Program Files\Common Files\WindowsLiveInstaller
[28/08/2008|18:00] C:\Program Files\Common Files\Wise Installation Wizard
[06/03/2008|01:38] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 30 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\JACQUI~1.HOP\Cookies\jacquie@advertising[1].txt
C:\DOCUME~1\JACQUI~1.HOP\Cookies\jacquie@adopt.euroclick[1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 09:27:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\JACQUI~1.HOP\Application Data\uTorrent\80 UIQ Applications for Sony Ericsson Smart Phones (crack).exe.torrent
C:\DOCUME~1\JACQUI~1.HOP\Local Settings\Temporary Internet Files\Content.IE5\C5RHY50P\AutoW_468x60_CRACK_TEAM[1].swf

[F:1][D:0]-> C:\DOCUME~1\JACQUI~1.HOP\LOCALS~1\Temp
[F:187][D:0]-> C:\DOCUME~1\JACQUI~1.HOP\Cookies
[F:961][D:4]-> C:\DOCUME~1\JACQUI~1.HOP\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 17/12/2008| 9:28 - Option : [1]

--------------------\\ Scan completed at 9:28:24

noahdfear · 2008/12/17

Really should avoid cracks and P2P apps. It's not only dishonest and unfair to the software developers, it's dangerous. I'm not passing judgment on file-sharing as a concept. However, I will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Appears LOP is gone, so lets get an online scan to see if any other infections are hiding. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.

Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

Click View scan report at the bottom.

Click the Save Report As... button.

Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.

Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Post the Kaspersky log here.

Log in or Sign up

Active virus affecting IE by redirecting searches,blocking tools

coopsey Inactive Thread Starter

PeteC SuperGeek Staff

coopsey Inactive Thread Starter

coopsey Inactive Thread Starter

PeteC SuperGeek Staff

coopsey Inactive Thread Starter

noahdfear Inactive

coopsey Inactive Thread Starter

coopsey Inactive Thread Starter

noahdfear Inactive

coopsey Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Active virus affecting IE by redirecting searches,blocking tools

coopsey Inactive Thread Starter

PeteC SuperGeek Staff

coopsey Inactive Thread Starter

coopsey Inactive Thread Starter

PeteC SuperGeek Staff

coopsey Inactive Thread Starter

noahdfear Inactive

coopsey Inactive Thread Starter

coopsey Inactive Thread Starter

noahdfear Inactive

coopsey Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches