Last week my daughter inadvertantly clicked on a link on msn messenger and got a virus. It made msn very unstable though it seems more stable now and infected the rest of my pc. At first I isolated the process and turned them off in task manager so I could get online but since the virus disabled task manager and run. Since doing the tests on here though those two processes seem to be working ok.
Here is the log from the malware
Malwarebytes' Anti-Malware 1.33
Database version: 1701
Windows 5.1.2600 Service Pack 3
28/01/2009 15:18:58
mbam-log-2009-01-28 (15-18-58).txt
Scan type: Quick Scan
Objects scanned: 88303
Time elapsed: 1 hour(s), 29 minute(s), 3 second(s)
Memory Processes Infected: 0
log
Logfile of random's system information tool 1.05 (written by random/random)
Run by Benjamin at 2009-01-28 17:27:57
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 27 GB (35%) free of 76 GB
Total RAM: 503 MB (25% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:00, on 28/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Comodo\Personal Firewall\CPF.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Documents and Settings\Benjamin\Desktop\RSIT.exe
C:\Program Files\trend micro\HijackThis\Benjamin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: (no name) - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {F7C7AA47-BCA6-451D-8DBC-C10A8F75C8C7} - (no file)
O3 - Toolbar: (no name) - {9839B3B7-3F99-4498-884D-6CFCCD251AB1} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Comodo Personal Firewall] C:\Program Files\Comodo\Personal Firewall\CPF.exe sysrestart
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Benjamin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} (CPlayFirstDairyDashWControl Object) - http://games.bigfishgames.com/en_dairy-das...eb.1.0.0.15.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://htmlupload.silverwire.de/upload/Jav...geUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154368875750
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130777396968
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://192.171.156.180/activex/AMC.cab
O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} (CPlayFirstWeddingDasControl Object) - http://games.bigfishgames.com/en_wedding-d...eb.1.0.0.11.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.fdiprint.com/printat21/ImageUpl...geUploader3.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://games.bigfishgames.com/en_wedding-d...sh.1.0.0.47.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 12724 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2006-09-29 440384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2006-05-03 434279]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
SidebarAutoLaunch Class - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 124032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F7C7AA47-BCA6-451D-8DBC-C10A8F75C8C7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9839B3B7-3F99-4498-884D-6CFCCD251AB1}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2006-09-29 440384]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-10-17 590848]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2004-07-03 57344]
"Comodo Personal Firewall"=C:\Program Files\Comodo\Personal Firewall\CPF.exe [2007-02-09 1115728]
"Comodo Launch Pad Tray"=C:\Program Files\Comodo\LaunchPad\CLPTray.exe [2007-04-01 229448]
"btbb_wcm_McciTrayApp"=C:\Program Files\btbb_wcm\McciTrayApp.exe [2006-12-08 543232]
"YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-09-02 98304]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-09-02 26112]
"PAC207_Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"kdx"=C:\Program Files\Kontiki\KHost.exe [2008-01-25 1032376]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2004-07-06 2550272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
C:\WINDOWS\zHotkey.exe [2004-05-18 543232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
C:\WINDOWS\system32\taskswitch.exe [2002-03-19 45632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2004-06-07 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2004-06-07 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2004-09-02 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-09-02 26112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-07-02 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2005-11-16 3759104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TIxDSL]
C:\PROGRA~1\FREESE~1\BIN\WIN2K\tidslmon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2002-08-06 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerMenu.lnk]
C:\PROGRA~1\POWERM~1\POWERM~1.EXE [2002-12-20 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SDhelper"=2
"Boonty Games"=3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-06-07 344064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2005-11-16 492544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll [2006-06-16 73728]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\svcWRSSSDK]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoVisualStyleChoice"=0
"NoColorChoice"=0
"NoSizeChoice"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoSMConfigurePrograms"=1
"NoChangeKeyboardNavigationIndicators"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\ypager.exe"="C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Documents and Settings\Benjamin\Local Settings\Temporary Internet Files\Content.IE5\G12ZOPYZ\winmx354b4[1].exe"="C:\Documents and Settings\Benjamin\Local Settings\Temporary Internet Files\Content.IE5\G12ZOPYZ\winmx354b4[1].exe:*:Enabled:WinMX Application"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Global Star Software\Airport Tycoon 3\at3.exe"="C:\Program Files\Global Star Software\Airport Tycoon 3\at3.exe:*:Enabled:at3"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\bdagents.exe"="C:\WINDOWS\system32\bdagents.exe:*:Disabled:bdagents"
"C:\WINDOWS\system32\firewall.exe"="C:\WINDOWS\system32\firewall.exe:*:Disabled:firewall"
"C:\WINDOWS\system32\ztoi.exe"="C:\WINDOWS\system32\ztoi.exe:*:Disabled:ztoi"
"C:\WINDOWS\system32\ccmcxmxi.exe"="C:\WINDOWS\system32\ccmcxmxi.exe:*:Disabled:ccmcxmxi"
"C:\WINDOWS\system32\npknoyc.exe"="C:\WINDOWS\system32\npknoyc.exe:*:Disabled:npknoyc"
"C:\WINDOWS\system32\bphos.exe"="C:\WINDOWS\system32\bphos.exe:*:Disabled:bphos"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======List of files/folders created in the last 1 months======
2009-01-28 17:18:37 ----D---- C:\Program Files\trend micro
2009-01-28 17:18:36 ----D---- C:\rsit
2009-01-28 13:41:20 ----D---- C:\Documents and Settings\Benjamin\Application Data\Malwarebytes
2009-01-28 13:40:50 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-28 13:40:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-27 08:34:36 ----A---- C:\p8.exe
2009-01-27 07:57:33 ----A---- C:\pps.exe
2009-01-26 23:06:10 ----D---- C:\Program Files\AxBx
2009-01-26 19:59:13 ----H---- C:\WINDOWS\system32\rccaonae.exe
2009-01-26 19:59:12 ----H---- C:\WINDOWS\system32\tqgzeloz.exe
2009-01-26 19:59:12 ----H---- C:\WINDOWS\system32\lqimjeqe.exe
2009-01-26 19:59:05 ----H---- C:\WINDOWS\system32\mvsgdnfq.exe
2009-01-26 19:42:09 ----H---- C:\WINDOWS\system32\blljwsnz.exe
2009-01-26 19:42:08 ----H---- C:\WINDOWS\system32\jtimxfbm.exe
2009-01-26 19:41:09 ----H---- C:\WINDOWS\system32\wssxtiuw.exe
2009-01-26 19:41:09 ----H---- C:\WINDOWS\system32\bbznqodk.exe
2009-01-26 19:28:10 ----H---- C:\WINDOWS\system32\yevobusf.exe
2009-01-26 19:28:10 ----H---- C:\WINDOWS\system32\bkkrqmub.exe
2009-01-26 19:28:10 ----H---- C:\WINDOWS\system32\bdmmrwqn.exe
2009-01-26 19:28:02 ----H---- C:\WINDOWS\system32\xdadrlef.exe
2009-01-26 19:28:02 ----H---- C:\WINDOWS\system32\mwxybhgw.exe
2009-01-26 19:26:55 ----H---- C:\WINDOWS\system32\ovmlpiss.exe
2009-01-26 19:26:52 ----H---- C:\WINDOWS\system32\puqolevw.exe
2009-01-26 19:26:51 ----H---- C:\WINDOWS\system32\udplwput.exe
2009-01-26 19:26:48 ----H---- C:\WINDOWS\system32\cgfupugq.exe
2009-01-26 19:26:24 ----H---- C:\WINDOWS\system32\leqwhvku.exe
2009-01-26 19:26:24 ----H---- C:\WINDOWS\system32\iyczdlgi.exe
2009-01-26 19:26:20 ----H---- C:\WINDOWS\system32\qyekrhkq.exe
2009-01-26 19:18:01 ----H---- C:\WINDOWS\system32\iotomjmx.exe
2009-01-26 19:17:38 ----A---- C:\gtjxd.exe
2009-01-26 17:18:27 ----H---- C:\WINDOWS\system32\qkiduahs.exe
2009-01-26 17:18:27 ----H---- C:\WINDOWS\system32\lveasgfg.exe
2009-01-26 17:18:24 ----H---- C:\WINDOWS\system32\exfoymss.exe
2009-01-26 17:16:29 ----H---- C:\WINDOWS\system32\vijvtmyb.exe
2009-01-26 16:57:08 ----H---- C:\WINDOWS\system32\uyotaoyq.exe
2009-01-26 16:57:08 ----H---- C:\WINDOWS\system32\otjlmvre.exe
2009-01-26 16:57:08 ----H---- C:\WINDOWS\system32\lfetzqaz.exe
2009-01-26 16:57:05 ----H---- C:\WINDOWS\system32\ebjzmarf.exe
2009-01-26 16:57:05 ----H---- C:\WINDOWS\system32\bueciqoa.exe
2009-01-26 16:54:13 ----H---- C:\WINDOWS\system32\vryfcqah.exe
2009-01-26 16:25:33 ----H---- C:\WINDOWS\system32\apgtwhwq.exe
2009-01-26 16:25:32 ----H---- C:\WINDOWS\system32\dklnxlcz.exe
2009-01-26 16:25:14 ----H---- C:\WINDOWS\system32\gijfljou.exe
2009-01-26 16:14:26 ----H---- C:\WINDOWS\system32\wsyvlnha.exe
2009-01-26 16:14:26 ----H---- C:\WINDOWS\system32\bbivnslx.exe
2009-01-26 15:54:12 ----H---- C:\WINDOWS\system32\ryvmkuow.exe
2009-01-26 15:54:12 ----H---- C:\WINDOWS\system32\oyecalsx.exe
2009-01-26 15:54:08 ----H---- C:\WINDOWS\system32\zemdpgdb.exe
2009-01-26 15:52:32 ----H---- C:\WINDOWS\system32\ngofhkuh.exe
2009-01-26 15:52:32 ----H---- C:\WINDOWS\system32\funksmba.exe
2009-01-26 15:43:28 ----H---- C:\WINDOWS\system32\wfnmyefn.exe
2009-01-26 15:43:28 ----H---- C:\WINDOWS\system32\uoxhzvhy.exe
2009-01-26 15:28:57 ----H---- C:\WINDOWS\system32\ikirjagu.exe
2009-01-26 15:28:51 ----H---- C:\WINDOWS\system32\liqepwzx.exe
2009-01-26 15:27:49 ----H---- C:\WINDOWS\system32\lqnhroki.exe
2009-01-26 15:27:46 ----H---- C:\WINDOWS\system32\yrhfkpyn.exe
2009-01-26 15:27:38 ----H---- C:\WINDOWS\system32\gigowfnd.exe
2009-01-26 15:27:17 ----H---- C:\WINDOWS\system32\aohkvohq.exe
2009-01-26 15:24:53 ----H---- C:\WINDOWS\system32\vniqxmas.exe
2009-01-26 15:21:18 ----H---- C:\WINDOWS\system32\rkqxzhcd.exe
2009-01-26 15:18:47 ----H---- C:\WINDOWS\system32\flqrmcac.exe
2009-01-26 15:16:19 ----H---- C:\WINDOWS\system32\qhfdngug.exe
2009-01-26 15:16:16 ----H---- C:\WINDOWS\system32\laqpxtuc.exe
2009-01-26 15:15:39 ----H---- C:\WINDOWS\system32\zbqpvfph.exe
2009-01-26 15:15:22 ----H---- C:\WINDOWS\system32\qusaauju.exe
2009-01-26 15:13:10 ----H---- C:\WINDOWS\system32\ddgjhaal.exe
2009-01-26 14:56:31 ----H---- C:\WINDOWS\system32\hxijkhoa.exe
2009-01-26 14:55:28 ----H---- C:\WINDOWS\system32\egledcsr.exe
2009-01-26 14:54:12 ----H---- C:\WINDOWS\system32\arauxfym.exe
2009-01-25 22:14:05 ----D---- C:\Documents and Settings\Benjamin\Application Data\HouseCall 6.6
2009-01-25 16:36:48 ----D---- C:\Program Files\Microsoft
2009-01-25 16:36:07 ----D---- C:\Program Files\Windows Live SkyDrive
2009-01-25 16:22:25 ----D---- C:\Program Files\Common Files\Windows Live
2009-01-25 09:20:49 ----A---- C:\WINDOWS\system32\bphos.exe
2009-01-24 21:58:26 ----A---- C:\WINDOWS\system32\jdohzsr.exe
2009-01-24 21:33:23 ----A---- C:\WINDOWS\system32\ccmcxmxi.exe
2009-01-24 21:00:26 ----A---- C:\WINDOWS\system32\ztoi.exe
2009-01-24 20:32:34 ----D---- C:\WINDOWS\system32\kazaabackupfiles
2009-01-24 17:15:32 ----A---- C:\love.exe
======List of files/folders modified in the last 1 months======
2009-01-28 17:27:46 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki
2009-01-28 17:18:37 ----AD---- C:\Program Files
2009-01-28 15:44:48 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-28 15:38:12 ----D---- C:\WINDOWS\Prefetch
2009-01-28 15:36:24 ----D---- C:\WINDOWS\Temp
2009-01-28 15:28:19 ----D---- C:\WINDOWS\system32\ias
2009-01-28 15:27:02 ----SHD---- C:\RECYCLER
2009-01-28 15:27:02 ----D---- C:\WINDOWS
2009-01-28 15:27:02 ----AD---- C:\WINDOWS\system32
2009-01-28 15:27:01 ----D---- C:\WINDOWS\system32\drivers
2009-01-28 15:25:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-28 15:20:32 ----D---- C:\Documents and Settings\Benjamin\Application Data\uTorrent
2009-01-28 11:35:04 ----RHD---- C:\$VAULT$.AVG
2009-01-27 16:46:15 ----A---- C:\WINDOWS\dellstat.ini
2009-01-27 16:20:29 ----A---- C:\WINDOWS\WORDPAD.INI
2009-01-26 23:35:06 ----D---- C:\Downloads
2009-01-26 13:15:21 ----HD---- C:\WINDOWS\inf
2009-01-26 13:15:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-26 09:52:20 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-26 09:41:33 ----RSD---- C:\WINDOWS\assembly
2009-01-26 08:19:41 ----D---- C:\Documents and Settings\Benjamin\Application Data\AVG7
2009-01-25 16:38:12 ----SHD---- C:\WINDOWS\Installer
2009-01-25 16:38:04 ----D---- C:\Program Files\Windows Live
2009-01-25 16:37:04 ----D---- C:\WINDOWS\WinSxS
2009-01-25 16:36:15 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-25 16:35:37 ----RSD---- C:\WINDOWS\Fonts
2009-01-25 16:22:25 ----D---- C:\Program Files\Common Files
2009-01-25 16:21:58 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-25 16:11:08 ----D---- C:\WINDOWS\Debug
2009-01-16 12:49:10 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-14 12:22:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-14 12:21:51 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-10 01:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-07 19:58:13 ----D---- C:\Program Files\LimeWire
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-23 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2006-11-09 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-27 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-22 10760]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
R1 CmdMon;Comodo Application Engine; C:\WINDOWS\System32\DRIVERS\cmdmon.sys [2007-02-09 75520]
R1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver; \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-09-02 8552]
R2 Atmuni;ATM Call Manager; C:\WINDOWS\system32\DRIVERS\atmuni.sys [2004-08-04 352256]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2006-11-09 4960]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
R2 Rawwan;RAW WAN Driver; C:\WINDOWS\system32\DRIVERS\rawwan.sys [2004-08-04 34432]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-11 154112]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-06-07 730653]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-07-07 2185408]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB Root Hub (usbport); C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 AtmElan;ATM Emulated LAN; C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AtmLane;ATM LAN Emulation; C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ewdmaudn;ewdmaudn; \??\C:\DOCUME~1\SIMON~1.KID\LOCALS~1\Temp\ewdmaudn.sys []
S3 Freeserve;TIDSLInstaller Device Driver; C:\WINDOWS\system32\DRIVERS\instl.sys [2002-07-08 11878]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 iadusb;MT882; C:\WINDOWS\system32\DRIVERS\glauiad.sys []
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-08-21 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-08-21 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-08-21 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-08-21 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-08-21 83344]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-03-01 230584]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-04-12 1301080]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-03-01 180592]
S3 PAC207;PC Camer@; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2004-04-11 635280]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-04-11 95800]
S3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-03-01 13248]
S3 SQTECH905C;DualCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2006-10-13 35107]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
S3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 TIAu5Bt;Copperjet ADSL modem Boot Device; C:\WINDOWS\System32\Drivers\tiau5bt.sys []
S3 TIAU5CO;Copperjet ADSL modem connecting with Freeserve Broadband; C:\WINDOWS\system32\DRIVERS\TIAU5CO.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2006-12-29 22768]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC302;PCL-W310; C:\WINDOWS\System32\Drivers\usbvm302.sys [2002-11-28 93962]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-23 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2006-11-09 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-22 406528]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2005-10-13 54784]
R2 CmdAgent;Comodo Application Agent; C:\Program Files\Comodo\Personal Firewall\cmdagent.exe [2007-02-09 361040]
R2 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard; C:\Program Files\ewido anti-spyware 4.0\guard.exe [2006-06-16 172032]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2008-01-25 3072184]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2006-07-30 126976]
S2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2004-03-01 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-10 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]
S4 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2005-10-16 69120]
S4 svcWRSSSDK;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe [2005-11-16 2151936]
-----------------EOF-----------------
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 102
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\65874785422671656472881558348798 (Rogue.Antivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced DHTML Enable (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Network Firewall (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\2 find mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Data (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\PopupBlocker (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Recipes (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Weather (Adware.Starware) -> Quarantined and deleted successfully.
Files Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\cfxer.exe (Trojan.Agent) -> Delete on reboot.
C:\Program Files\2 find mp3\Data\SearchKeys.txt (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\50 Cent - Candy Shop.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\50 Cent - In Da Club.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Bette Midler - The Rose.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Black Eyed Peas - My Humps.zip (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Black Eyed Peas - Where Is The Love.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\everything i do i do it for you.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Green Day - Wake Me Up When September Ends.mp3.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\just like a pill.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Kaiser Chiefs - Ruby.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Madonna - Like A Prayer.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Madonna - Like A Prayer1.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Nintendo - Super Mario Brothers Original.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Remy Zero - Save Me.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Robbie Williams - Angels.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Sandi Thom - I Wish I Was A Punk Rocker.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Shakeria - Hips Dont Lie.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\stan.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Supertramp - Dreamer.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\The Corrs - Looking Through Your Eyes.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\The Corrs - Runaway.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\The Corrs - Runaway1.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\The Corrs - So Young.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Weird Al Yankovic - Livin' La Vida Yoda.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Weird Al Yankovic - Polkamon.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Weird Al Yankovic - Ugly Girl - Barbie Girl Parod.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\2pac - Ghetto Gospel.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\50 Cent - Candy Shop.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\50 Cent - Candy Shop1.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\50 cent - in da club(slazzer mix).mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\50 Cent - In Da Club.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\beep.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Bette Midler - The Rose.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Black Eyed Peas - My Humps.zip (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Black Eyed Peas - Where Is The Love.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Britney Spears - Toxic (Piwolf Venom Mix).mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Christina Aguilera - Ain't No Other Man (acapella).mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Ciara - Goodies.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Elton John - I Guess That's Why They Call It The Blues.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\everything i do i do it for you.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Green Day - Wake Me Up When September Ends.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Green Day - Wake Me Up When September Ends.mp3.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\just like a pill.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\just like diamonds.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Kaiser Chiefs - Ruby.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Madonna - Like A Prayer.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Madonna - Like A Prayer1.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Mariah Carey - Its Like That.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Mariah Carey - Its Like That1.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Ne Yo - So Sick.zip (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Ne-yo - So Sick.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Nintendo - Super Mario Brothers Original.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\R. Kelly - I Believe I Can Fly.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Remy Zero - Save Me.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Robbie Williams - Angels.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Sandi Thom - I Wish I Was A Punk Rocker.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Shakeria - Hips Dont Lie.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Shakira - Hips Dont Lie.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\stan.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Supertramp - Dreamer.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\T.i - Why You Wanna.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\The Corrs - Looking Through Your Eyes.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\The Corrs - Runaway.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\The Corrs - Runaway1.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\The Corrs - So Young.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Weird Al Yankovic - Livin' La Vida Yoda.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Weird Al Yankovic - Polkamon.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Incomplete\Weird Al Yankovic - Ugly Girl - Barbie Girl Parod.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Layouts\PreferencesLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Layouts\PreferencesLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Recipes\RecipesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Recipes\RecipesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\SearchMatch\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon.KIDS\Application Data\Starware\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\npknoyc.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\bdagents.exe (Backdoor.Bot) -> Delete on reboot.
C:\pips.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
RSIT info
info.txt logfile of random's system information tool 1.05 2009-01-28 17:19:00
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Photoshop Elements 2.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Alt-Tab Task Switcher Powertoy for Windows XP-->MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35B8CC58-F128-4169-82EB-0E6CB0C3AFE6}\setup.exe" -l0x9 -uninst
AVG Free Edition-->C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
AXIS Media Control-->rundll32 "C:\Program Files\Axis Communications\AXIS Media Control\AxisMediaControl.dll",UninstallMe
BAMZOOKi v3.1 (build 204.173)-->"C:\Program Files\BAMZOOKi\unins000.exe"
BBC iPlayer Download Manager-->MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
Belarc Advisor 7.1-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BT Broadband Talk Softphone 2.0-->"C:\Program Files\BT Broadband Talk Softphone\unins000.exe"
BT Home Hub-->C:\Program Files\BT Home Hub\Uninstall.exe
BT Wireless Connection Manager-->C:\Program Files\Common Files\Motive\InstallHelper.exe /dir=C:\Program Files\Common Files\Motive /uninstallvendor=btbb_wcm /uninstallkey=BT Wireless Connection Manager
BT Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon EOS 5D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon EOS Kiss_N REBEL_XT 350D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4} /l1033
Canon EOS-1D Mark II N WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{35260E0B-A8C2-4D25-97E2-448DE7275C85} /l1033
Canon EOS-1Ds Mark II WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{652C4ADF-0A29-4B02-9211-EE61675847DE}
CANON iMAGE GATEWAY Task-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Digital Photo Professional 2.1-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD Key Reader-->C:\WINDOWS\iun6002ev.exe "C:\Program Files\CD Key Reader\irunin.ini"
Championship Manager 2008-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F4E2C8A-B886-418E-BE49-0B867CBDA959}\Setup.exe" -l0x9 -removeonly
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Clean Virus MSN-->"C:\Program Files\AxBx\Clean Virus MSN\unins000.exe"
ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
CmdHere Powertoy For Windows XP-->MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
Comodo Personal Firewall-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BA653D63-0D0E-48F8-87E5-150CCF5E9413}
CopyProfile-->MsiExec.exe /I{9A9ED54A-0FAB-4D34-A3B9-F6C659E1F898}
Dell Photo Printer 720-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
Disc2Phone-->MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
dpMagic CE-->"C:\Program Files\dpMagic Software\dpMagic CE\unins000.exe"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ewido anti-spyware 4.0-->C:\Program Files\ewido anti-spyware 4.0\Uninstall.exe
Football Manager 2006-->MsiExec.exe /X{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HouseCall 6.6-->"C:\Documents and Settings\Benjamin\Application Data\HouseCall 6.6\uninstaller.exe"
HTML Slideshow Powertoy for Windows XP-->MsiExec.exe /I{4E475FD4-4513-4B1D-8DDA-43912B068C99}
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
IsoBuster 1.9.1-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Jump Ahead 2000 Year 2 v1.0-->C:\WINDOWS\uninst.exe -fC:\KA\2G\DeIsL2.isu
L&H TTS3000 British English-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Magnifier Powertoy for Windows XP-->MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
MGI PhotoSuite III SE (Remove Only)-->"C:\Program Files\MGI\MGI PhotoSuite III SE\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite III SE\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite III SE\System\CustomUninstall.dll"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Baseline Security Analyzer 2.0-->MsiExec.exe /I{8A8F4EF8-160C-4E0F-B32D-92E2313E039B}
Microsoft Bootvis-->MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Carioca Rummy-->MsiExec.exe /I{924CCB82-8E0A-4123-B33B-AFDDCF0AFC8F}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money System Pack-->MsiExec.exe /I{8C64E149-54BA-11D6-91B1-00500462BE80}
Microsoft Money-->MsiExec.exe /I{1D643CD2-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (English)-->MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)-->MsiExec.exe /X{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Zoo Tycoon-->"C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove
mIRC-->"C:\Program Files\%systemdir%\winasc.exe" -uninstall
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
Neat Image v5 Demo-->"C:\Program Files\Neat Image\unins000.exe"
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Network Play System (Patching)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
PC Camer@ -->C:\Program Files\InstallShield Installation Information\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}\setup.exe -runfromtemp -l0x0009 -removeonly
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDesk 6-->MsiExec.exe /I{B93251B5-9209-4DAB-867C-AA98D91584CD}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RAW Thumbnail Viewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAEF3BE9-F5CF-4355-BBC3-90134AD070F8}\Setup.exe" -l0x9
RawShooter essentials 2006-->C:\PROGRA~1\PIXMAN~1\RAWSHO~1.0\UNWISE.EXE C:\PROGRA~1\PIXMAN~1\RAWSHO~1.0\INSTALL.LOG
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
Recovery for Works-->C:\Program Files\Recovery for Works\GLFC.exe /handle:wkr
SafeCast Shared Components-->C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
Sandlot Games Client Services-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SigmaTel MSCN Audio Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}\setup.exe" -l0x9 -remove
Slideshow Generator Powertoy for Windows XP-->MsiExec.exe /I{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}
Smart Link 56K Voice Modem-->C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove
Snapshot Viewer-->C:\Program Files\Snapshot Viewer\Setup\Setup.exe /T snap90.stf
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SweetIM for Messenger 2.5-->MsiExec.exe /X{EC6BD2CC-2DCF-4AD8-A8DD-DF89D29EEF3F}
Timershot Powertoy for Windows XP-->MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Virtual Desktop Manager Powertoy for Windows XP-->MsiExec.exe /I{F251B999-08A9-4704-999C-9962F0DFD88E}
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinISO 5.3-->"C:\Program Files\WinISO\unins000.exe"
Yahoo! Messenger with BT Communicator-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
======Hosts File======
127.0.0.1 localhost #this is not an ad server this is your PC
127.0.0.1 www.wildissues.tv
127.0.0.1 83.245.33.170
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.doubleclick.net #remove this for atomfilms problems
127.0.0.1 ad.preferences.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.msn.com
======Security center information======
AV: AVG 7.5.552
FW: COMODO Firewall Pro
System event log
Computer Name: KIDS
Event Code: 7036
Message: The Remote Desktop Help Session Manager service entered the stopped state.
Record Number: 92700
Source Name: Service Control Manager
Time Written: 20081220111851.000000+000
Event Type: information
User:
Computer Name: KIDS
Event Code: 20169
Message: Unable to contact a DHCP server. The Automatic Private IP Address 169.254.50.41 will be
assigned to dial-in clients. Clients may be unable to access resources on
the network.
Record Number: 92699
Source Name: RemoteAccess
Time Written: 20081220111138.000000+000
Event Type: warning
User:
Computer Name: KIDS
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.
Record Number: 92698
Source Name: Service Control Manager
Time Written: 20081220111045.000000+000
Event Type: information
User:
Computer Name: KIDS
Event Code: 7035
Message: The MRENDIS5 NDIS Protocol Driver service was successfully sent a start control.
Record Number: 92697
Source Name: Service Control Manager
Time Written: 20081220111028.000000+000
Event Type: information
User: KIDS\Benjamin
Computer Name: KIDS
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.
Record Number: 92696
Source Name: Service Control Manager
Time Written: 20081220111028.000000+000
Event Type: information
User:
Application event log
Computer Name: KIDS
Event Code: 301
Message: MsnMsgr (2356) \\.\C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Messenger\jecutts@hotmail.com\SharingMetadata\Working\database_12F8_DD06_7C95_E0BE\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Messenger\jecutts@hotmail.com\SharingMetadata\Working\database_12F8_DD06_7C95_E0BE\fsr.log.
Record Number: 25312
Source Name: ESENT
Time Written: 20081204121659.000000+000
Event Type: information
User:
Computer Name: KIDS
Event Code: 301
Message: MsnMsgr (2356) \\.\C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Messenger\jecutts@hotmail.com\SharingMetadata\Working\database_12F8_DD06_7C95_E0BE\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Messenger\jecutts@hotmail.com\SharingMetadata\Working\database_12F8_DD06_7C95_E0BE\fsr00820.log.
Record Number: 25311
Source Name: ESENT
Time Written: 20081204121659.000000+000
Event Type: information
User:
Computer Name: KIDS
Event Code: 301
Message: MsnMsgr (2356) \\.\C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Messenger\jecutts@hotmail.com\SharingMetadata\Working\database_12F8_DD06_7C95_E0BE\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Messenger\jecutts@hotmail.com\SharingMetadata\Working\database_12F8_DD06_7C95_E0BE\fsr0081F.log.
Record Number: 25310
Source Name: ESENT
Time Written: 20081204121659.000000+000
Event Type: information
User:
Computer Name: KIDS
Event Code: 301
Message: MsnMsgr (2356) \\.\C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Messenger\jecutts@hotmail.com\SharingMetadata\Working\database_12F8_DD06_7C95_E0BE\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Messenger\jecutts@hotmail.com\SharingMetadata\Working\database_12F8_DD06_7C95_E0BE\fsr0081E.log.
Record Number: 25309
Source Name: ESENT
Time Written: 20081204121659.000000+000
Event Type: information
User:
Computer Name: KIDS
Event Code: 301
Message: MsnMsgr (2356) \\.\C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Messenger\jecutts@hotmail.com\SharingMetadata\Working\database_12F8_DD06_7C95_E0BE\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Messenger\jecutts@hotmail.com\SharingMetadata\Working\database_12F8_DD06_7C95_E0BE\fsr0081D.log.
Record Number: 25308
Source Name: ESENT
Time Written: 20081204121659.000000+000
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Common Files\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
This virus has the ability to reboot. After having done all the tests here it seems much better but is the virus still there?
Many thanks for your help
Annette
Full Version: Msn messenger virus
Still a lot to remove. Most, if not all, are not active, but still needs to be deleted.
Download ComboFix from one of these locations:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it at least 20-30 minutes to finish if needed.
Download ComboFix from one of these locations:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it at least 20-30 minutes to finish if needed.
As a side note. The MBAM log showed these entries, among others...
C:\Program Files\2 find mp3\Downloads\just like a pill.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Kaiser Chiefs - Ruby.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Madonna - Like A Prayer.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Madonna - Like A Prayer1.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Nintendo - Super Mario Brothers Original.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
It would appear that a lot of infections are coming from downloading songs. I am not going into the legality of this practice, but you might want to show the MBAM log to your daughter and take appropriate steps to eliminate the downloading of infected material. Otherwise, this scene will just repeat itself and the damage it causes can only increase. Some of the infections circulating at this time are extremely destructive
C:\Program Files\2 find mp3\Downloads\just like a pill.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Kaiser Chiefs - Ruby.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Madonna - Like A Prayer.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Madonna - Like A Prayer1.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Downloads\Nintendo - Super Mario Brothers Original.mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
It would appear that a lot of infections are coming from downloading songs. I am not going into the legality of this practice, but you might want to show the MBAM log to your daughter and take appropriate steps to eliminate the downloading of infected material. Otherwise, this scene will just repeat itself and the damage it causes can only increase. Some of the infections circulating at this time are extremely destructive
Read noted and will take appropriate action thankyou for your time and response on this. The more I scan the more i become confused as to what exactly is a danger to my machine and what isnt.
OK have probably messed this up now as i didnt disable antivirus properly but here is the log.
ComboFix 09-01-21.04 - Benjamin 2009-01-31 12:23:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.128 [GMT 0:00]
Running from: c:\documents and settings\Benjamin\Desktop\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
FW: COMODO Firewall Pro *disabled*
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-31 )))))))))))))))))))))))))))))))
.
2009-01-30 22:11 . 2009-01-30 22:11 <DIR> d-------- c:\documents and settings\Benjamin\Application Data\PC Tools
2009-01-30 22:11 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-01-30 22:11 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-01-30 22:11 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-01-30 22:11 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-01-30 19:04 . 2009-01-30 19:04 <DIR> d-------- c:\program files\Norton PC Checkup
2009-01-30 09:56 . 2009-01-30 17:21 <DIR> d-------- c:\windows\system32\Adobe
2009-01-30 07:45 . 2009-01-30 07:46 <DIR> d-------- c:\documents and settings\Simon.KIDS\Tracing
2009-01-28 17:18 . 2009-01-28 17:19 <DIR> d-------- C:\rsit
2009-01-28 17:18 . 2009-01-28 17:21 <DIR> d-------- c:\program files\trend micro
2009-01-28 13:41 . 2009-01-28 13:41 <DIR> d-------- c:\documents and settings\Benjamin\Application Data\Malwarebytes
2009-01-28 13:40 . 2009-01-28 13:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-28 13:40 . 2009-01-28 13:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-28 13:40 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-28 13:40 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-27 08:34 . 2009-01-27 09:07 9,216 --a------ C:\p8.exe
2009-01-27 07:57 . 2009-01-27 08:31 4,014 --a------ C:\pps.exe
2009-01-26 19:59 . 2009-01-26 19:59 31,744 ---h----- c:\windows\system32\tqgzeloz.exe
2009-01-26 19:59 . 2009-01-26 19:59 31,744 ---h----- c:\windows\system32\rccaonae.exe
2009-01-26 19:59 . 2009-01-26 19:59 31,744 ---h----- c:\windows\system32\mvsgdnfq.exe
2009-01-26 19:59 . 2009-01-26 19:59 31,744 ---h----- c:\windows\system32\lqimjeqe.exe
2009-01-26 19:42 . 2009-01-26 19:42 31,744 ---h----- c:\windows\system32\jtimxfbm.exe
2009-01-26 19:42 . 2009-01-26 19:42 31,744 ---h----- c:\windows\system32\blljwsnz.exe
2009-01-26 19:41 . 2009-01-26 19:41 31,744 ---h----- c:\windows\system32\wssxtiuw.exe
2009-01-26 19:41 . 2009-01-26 19:41 31,744 ---h----- c:\windows\system32\bbznqodk.exe
2009-01-26 19:28 . 2009-01-26 19:28 31,744 ---h----- c:\windows\system32\yevobusf.exe
2009-01-26 19:28 . 2009-01-26 19:27 31,744 ---h----- c:\windows\system32\xdadrlef.exe
2009-01-26 19:28 . 2009-01-26 19:28 31,744 ---h----- c:\windows\system32\mwxybhgw.exe
2009-01-26 19:28 . 2009-01-26 19:28 31,744 ---h----- c:\windows\system32\bkkrqmub.exe
2009-01-26 19:28 . 2009-01-26 19:28 31,744 ---h----- c:\windows\system32\bdmmrwqn.exe
2009-01-26 19:26 . 2009-01-26 19:26 31,744 ---h----- c:\windows\system32\udplwput.exe
2009-01-26 19:26 . 2009-01-26 19:26 31,744 ---h----- c:\windows\system32\qyekrhkq.exe
2009-01-26 19:26 . 2009-01-26 19:26 31,744 ---h----- c:\windows\system32\puqolevw.exe
2009-01-26 19:26 . 2009-01-26 19:26 31,744 ---h----- c:\windows\system32\ovmlpiss.exe
2009-01-26 19:26 . 2009-01-26 19:26 31,744 ---h----- c:\windows\system32\leqwhvku.exe
2009-01-26 19:26 . 2009-01-26 19:26 31,744 ---h----- c:\windows\system32\iyczdlgi.exe
2009-01-26 19:26 . 2009-01-26 19:26 31,744 ---h----- c:\windows\system32\cgfupugq.exe
2009-01-26 19:18 . 2009-01-26 19:18 32,200 ---h----- c:\windows\system32\iotomjmx.exe
2009-01-26 19:17 . 2009-01-26 19:17 0 --a------ C:\gtjxd.exe
2009-01-26 17:18 . 2009-01-26 17:18 32,200 ---h----- c:\windows\system32\qkiduahs.exe
2009-01-26 17:18 . 2009-01-26 17:18 32,200 ---h----- c:\windows\system32\lveasgfg.exe
2009-01-26 17:18 . 2009-01-26 17:18 32,200 ---h----- c:\windows\system32\exfoymss.exe
2009-01-26 17:16 . 2009-01-26 17:16 32,200 ---h----- c:\windows\system32\vijvtmyb.exe
2009-01-26 16:57 . 2009-01-26 16:57 32,200 ---h----- c:\windows\system32\uyotaoyq.exe
2009-01-26 16:57 . 2009-01-26 16:57 32,200 ---h----- c:\windows\system32\otjlmvre.exe
2009-01-26 16:57 . 2009-01-26 16:57 32,200 ---h----- c:\windows\system32\lfetzqaz.exe
2009-01-26 16:57 . 2009-01-26 16:57 32,200 ---h----- c:\windows\system32\ebjzmarf.exe
2009-01-26 16:57 . 2009-01-26 16:57 32,200 ---h----- c:\windows\system32\bueciqoa.exe
2009-01-26 16:54 . 2009-01-26 16:54 31,744 ---h----- c:\windows\system32\vryfcqah.exe
2009-01-26 16:25 . 2009-01-26 16:25 32,200 ---h----- c:\windows\system32\dklnxlcz.exe
2009-01-26 16:25 . 2009-01-26 16:25 32,200 ---h----- c:\windows\system32\apgtwhwq.exe
2009-01-26 16:25 . 2009-01-26 16:25 31,744 ---h----- c:\windows\system32\gijfljou.exe
2009-01-26 16:14 . 2009-01-26 16:14 31,744 ---h----- c:\windows\system32\wsyvlnha.exe
2009-01-26 16:14 . 2009-01-26 16:14 31,744 ---h----- c:\windows\system32\bbivnslx.exe
2009-01-26 15:54 . 2009-01-26 15:54 31,744 ---h----- c:\windows\system32\zemdpgdb.exe
2009-01-26 15:54 . 2009-01-26 15:54 31,744 ---h----- c:\windows\system32\ryvmkuow.exe
2009-01-26 15:54 . 2009-01-26 15:54 31,744 ---h----- c:\windows\system32\oyecalsx.exe
2009-01-26 15:52 . 2009-01-26 15:52 32,200 ---h----- c:\windows\system32\ngofhkuh.exe
2009-01-26 15:52 . 2009-01-26 15:52 32,200 ---h----- c:\windows\system32\funksmba.exe
2009-01-26 15:43 . 2009-01-26 15:43 32,200 ---h----- c:\windows\system32\wfnmyefn.exe
2009-01-26 15:43 . 2009-01-26 15:43 32,200 ---h----- c:\windows\system32\uoxhzvhy.exe
2009-01-26 15:28 . 2009-01-26 15:28 32,200 ---h----- c:\windows\system32\liqepwzx.exe
2009-01-26 15:28 . 2009-01-26 15:28 32,200 ---h----- c:\windows\system32\ikirjagu.exe
2009-01-26 15:27 . 2009-01-26 15:27 32,200 ---h----- c:\windows\system32\yrhfkpyn.exe
2009-01-26 15:27 . 2009-01-26 15:27 32,200 ---h----- c:\windows\system32\lqnhroki.exe
2009-01-26 15:27 . 2009-01-26 15:27 31,744 ---h----- c:\windows\system32\gigowfnd.exe
2009-01-26 15:27 . 2009-01-26 15:27 31,744 ---h----- c:\windows\system32\aohkvohq.exe
2009-01-26 15:24 . 2009-01-26 15:24 31,744 ---h----- c:\windows\system32\vniqxmas.exe
2009-01-26 15:21 . 2009-01-26 15:21 31,744 ---h----- c:\windows\system32\rkqxzhcd.exe
2009-01-26 15:18 . 2009-01-26 15:18 31,744 ---h----- c:\windows\system32\flqrmcac.exe
2009-01-26 15:16 . 2009-01-26 15:16 32,200 ---h----- c:\windows\system32\qhfdngug.exe
2009-01-26 15:16 . 2009-01-26 15:16 32,200 ---h----- c:\windows\system32\laqpxtuc.exe
2009-01-26 15:15 . 2009-01-26 15:15 32,200 ---h----- c:\windows\system32\zbqpvfph.exe
2009-01-26 15:15 . 2009-01-26 15:15 32,200 ---h----- c:\windows\system32\qusaauju.exe
2009-01-26 15:13 . 2009-01-26 15:13 31,744 ---h----- c:\windows\system32\ddgjhaal.exe
2009-01-26 14:56 . 2009-01-26 14:56 31,744 ---h----- c:\windows\system32\hxijkhoa.exe
2009-01-26 14:55 . 2009-01-26 14:55 31,744 ---h----- c:\windows\system32\egledcsr.exe
2009-01-26 14:54 . 2009-01-26 14:54 31,744 ---h----- c:\windows\system32\arauxfym.exe
2009-01-25 22:17 . 2007-12-24 17:37 138,384 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-25 22:14 . 2009-01-25 22:30 <DIR> d-------- c:\documents and settings\Benjamin\Application Data\HouseCall 6.6
2009-01-25 16:42 . 2009-01-31 11:39 <DIR> d-------- c:\documents and settings\Benjamin\Tracing
2009-01-25 16:36 . 2009-01-25 16:36 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-25 16:36 . 2009-01-25 16:36 <DIR> d-------- c:\program files\Microsoft
2009-01-25 16:22 . 2009-01-25 16:22 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-25 09:20 . 2009-01-25 09:20 86,066 --a------ c:\windows\system32\bphos.exe
2009-01-24 21:58 . 2009-01-24 21:58 86,066 --a------ c:\windows\system32\jdohzsr.exe
2009-01-24 21:33 . 2009-01-24 21:33 86,066 --a------ c:\windows\system32\ccmcxmxi.exe
2009-01-24 21:00 . 2009-01-24 21:00 86,066 --a------ c:\windows\system32\ztoi.exe
2009-01-24 17:15 . 2009-01-24 19:09 780,392 --a------ C:\love.exe
2008-12-26 14:54 . 2008-12-26 14:54 <DIR> d-------- c:\program files\Salix
2008-12-26 14:54 . 2008-02-13 13:17 618,112 --a------ c:\windows\system32\drivers\PFC027.SYS
2008-12-26 14:54 . 2008-02-18 09:15 129,024 --a------ c:\windows\system32\SP207.ax
2008-12-26 14:54 . 2007-10-04 17:42 48,128 --------- c:\windows\system32\Remove.exe
2008-12-26 14:54 . 2006-10-12 11:57 14,336 --a------ c:\windows\system32\P207USD.dll
2008-12-26 14:54 . 2007-10-25 19:02 566 --a------ c:\windows\system32\SP207.ini
2008-12-26 14:54 . 2007-10-05 15:40 399 --------- c:\windows\system32\Remover.ini
2008-12-26 14:53 . 2008-12-26 14:53 <DIR> d-------- c:\documents and settings\Benjamin\Application Data\InstallShield
2008-12-26 14:50 . 2008-12-26 14:56 <DIR> d-------- c:\program files\Common Files\PAC207
2008-12-25 11:16 . 2008-12-26 14:52 <DIR> d-------- c:\windows\PixArt
2008-12-25 11:16 . 2007-11-02 11:07 6,656 --a------ c:\windows\system32\CoInst_080213.dll
2008-12-11 23:21 . 2008-12-11 23:21 118 --a------ c:\windows\system32\MRT.INI
2008-12-05 19:39 . 2009-01-30 21:11 173 --a------ c:\windows\wininit.ini
2008-12-05 13:49 . 2008-12-05 13:49 <DIR> d-------- c:\windows\system32\scripting
2008-12-05 13:49 . 2008-12-05 13:49 <DIR> d-------- c:\windows\system32\en
2008-12-05 13:49 . 2008-12-05 13:49 <DIR> d-------- c:\windows\system32\bits
2008-12-05 13:49 . 2008-12-05 13:49 <DIR> d-------- c:\windows\l2schemas
2008-12-05 13:44 . 2008-12-05 13:49 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-05 13:34 . 2008-12-05 13:34 <DIR> d-------- c:\windows\EHome
2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 12:24 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-01-31 11:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-31 00:09 --------- d-----w c:\program files\BAMZOOKi
2009-01-30 23:54 --------- d-----w c:\documents and settings\Benjamin\Application Data\uTorrent
2009-01-30 23:52 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-30 23:52 --------- d-----w c:\program files\Common Files\Adobe
2009-01-30 19:04 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-30 08:00 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2009-01-26 08:19 --------- d-----w c:\documents and settings\Benjamin\Application Data\AVG7
2009-01-25 16:38 --------- d-----w c:\program files\Windows Live
2009-01-07 19:58 --------- d-----w c:\program files\LimeWire
2008-12-26 14:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-18 20:46 --------- d-----w c:\documents and settings\Simon.KIDS\Application Data\LimeWire
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-06 13:30 --------- d-----w c:\program files\myBabylon
2008-12-06 13:30 --------- d-----w c:\program files\Conduit
2008-12-05 19:42 --------- d-----w c:\program files\SweetIM
2008-12-05 19:37 --------- d-----w c:\program files\Electronic Arts
2008-12-02 14:37 --------- d-----w c:\program files\EA SPORTS
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2007-11-15 20:39 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-12-29 19:43 24,192 ----a-w c:\documents and settings\Benjamin\usbsermptxp.sys
2006-12-29 19:43 22,768 ----a-w c:\documents and settings\Benjamin\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-01-25 1032376]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-17 590848]
"Comodo Personal Firewall"="c:\program files\Comodo\Personal Firewall\CPF.exe" [2007-02-09 1115728]
"Comodo Launch Pad Tray"="c:\program files\Comodo\LaunchPad\CLPTray.exe" [2007-04-01 229448]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-08 543232]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-09-02 26112]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 219136]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerMenu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerMenu.lnk
backup=c:\windows\pss\PowerMenu.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
--a------ 2002-03-19 16:30 45632 c:\windows\system32\TaskSwitch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-06-07 01:41 118784 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-06-07 01:45 155648 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a------ 2004-08-04 12:00 44032 c:\windows\ime\imkr6_1\imekrmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 12:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-04 12:00 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 12:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 12:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-09-02 02:57 98304 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2004-09-02 02:57 26112 c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2005-11-16 13:38 3759104 c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2004-07-06 08:05 2550272 c:\windows\ALCWZRD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2004-05-18 00:30 543232 c:\windows\zHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2004-03-17 21:10 61952 c:\windows\system32\Hdaudpropshortcut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-07-02 01:58 73728 c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SDhelper"=2 (0x2)
"Boonty Games"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" /Q
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_07\bin\jusched.exe
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" -minimize
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Internet Explorer\\iexplore.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\WINDOWS\\system32\\ztoi.exe"=
"c:\\WINDOWS\\system32\\ccmcxmxi.exe"=
"c:\\WINDOWS\\system32\\bphos.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 SSI;SSI;c:\windows\system32\drivers\ssi.sys [2006-07-20 78336]
S3 AtmElan;ATM Emulated LAN;c:\windows\system32\drivers\atmlane.sys [2006-07-31 55808]
S3 AtmLane;ATM LAN Emulation;c:\windows\system32\drivers\atmlane.sys [2006-07-31 55808]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\SIMON~1.KID\LOCALS~1\Temp\ewdmaudn.sys --> c:\docume~1\SIMON~1.KID\LOCALS~1\Temp\ewdmaudn.sys [?]
S3 Freeserve;TIDSLInstaller Device Driver;c:\windows\system32\drivers\instl.sys [2005-07-29 11878]
S3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys --> c:\windows\system32\DRIVERS\glauiad.sys [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2007-08-21 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2007-08-21 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2007-08-21 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2007-08-21 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2007-08-21 83344]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2008-12-26 618112]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
S3 TIAu5Bt;Copperjet ADSL modem Boot Device;c:\windows\system32\Drivers\tiau5bt.sys --> c:\windows\system32\Drivers\tiau5bt.sys [?]
S3 TIAU5CO;Copperjet ADSL modem connecting with Freeserve Broadband;c:\windows\system32\DRIVERS\TIAU5CO.sys --> c:\windows\system32\DRIVERS\TIAU5CO.sys [?]
S3 ZSMC302;PCL-W310;c:\windows\system32\drivers\usbvm302.sys [2005-11-27 93962]
S4 Boonty Games;Boonty Games;c:\program files\Common Files\BOONTY Shared\Service\Boonty.exe [2005-10-16 69120]
.
Contents of the 'Scheduled Tasks' folder
2009-01-30 c:\windows\Tasks\At1.job
- c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 21:50]
2009-01-30 c:\windows\Tasks\At2.job
- c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 21:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Benjamin\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: overthegardengate.net\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://games.bigfishgames.com/en_dairy-dash-game/online/DairyDashWeb.1.0.0.15.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} - hxxp://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://192.171.156.180/activex/AMC.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://games.bigfishgames.com/en_wedding-dash-2-rings-around-world-game/online/WeddingDash2Web.1.0.0.11.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-31 12:24:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\WRLogonNTF.dll
.
Completion time: 2009-01-31 12:29:23
ComboFix-quarantined-files.txt 2009-01-31 12:28:27
ComboFix2.txt 2009-01-31 12:16:53
Pre-Run: 30,960,263,168 bytes free
Post-Run: 30,940,696,576 bytes free
333 --- E O F --- 2009-01-14 12:22:29
ComboFix 09-01-21.04 - Benjamin 2009-01-31 12:23:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.128 [GMT 0:00]
Running from: c:\documents and settings\Benjamin\Desktop\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
FW: COMODO Firewall Pro *disabled*
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-31 )))))))))))))))))))))))))))))))
.
2009-01-30 22:11 . 2009-01-30 22:11 <DIR> d-------- c:\documents and settings\Benjamin\Application Data\PC Tools
2009-01-30 22:11 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-01-30 22:11 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-01-30 22:11 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-01-30 22:11 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-01-30 19:04 . 2009-01-30 19:04 <DIR> d-------- c:\program files\Norton PC Checkup
2009-01-30 09:56 . 2009-01-30 17:21 <DIR> d-------- c:\windows\system32\Adobe
2009-01-30 07:45 . 2009-01-30 07:46 <DIR> d-------- c:\documents and settings\Simon.KIDS\Tracing
2009-01-28 17:18 . 2009-01-28 17:19 <DIR> d-------- C:\rsit
2009-01-28 17:18 . 2009-01-28 17:21 <DIR> d-------- c:\program files\trend micro
2009-01-28 13:41 . 2009-01-28 13:41 <DIR> d-------- c:\documents and settings\Benjamin\Application Data\Malwarebytes
2009-01-28 13:40 . 2009-01-28 13:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-28 13:40 . 2009-01-28 13:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-28 13:40 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-28 13:40 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-27 08:34 . 2009-01-27 09:07 9,216 --a------ C:\p8.exe
2009-01-27 07:57 . 2009-01-27 08:31 4,014 --a------ C:\pps.exe
2009-01-26 19:59 . 2009-01-26 19:59 31,744 ---h----- c:\windows\system32\tqgzeloz.exe
2009-01-26 19:59 . 2009-01-26 19:59 31,744 ---h----- c:\windows\system32\rccaonae.exe
2009-01-26 19:59 . 2009-01-26 19:59 31,744 ---h----- c:\windows\system32\mvsgdnfq.exe
2009-01-26 19:59 . 2009-01-26 19:59 31,744 ---h----- c:\windows\system32\lqimjeqe.exe
2009-01-26 19:42 . 2009-01-26 19:42 31,744 ---h----- c:\windows\system32\jtimxfbm.exe
2009-01-26 19:42 . 2009-01-26 19:42 31,744 ---h----- c:\windows\system32\blljwsnz.exe
2009-01-26 19:41 . 2009-01-26 19:41 31,744 ---h----- c:\windows\system32\wssxtiuw.exe
2009-01-26 19:41 . 2009-01-26 19:41 31,744 ---h----- c:\windows\system32\bbznqodk.exe
2009-01-26 19:28 . 2009-01-26 19:28 31,744 ---h----- c:\windows\system32\yevobusf.exe
2009-01-26 19:28 . 2009-01-26 19:27 31,744 ---h----- c:\windows\system32\xdadrlef.exe
2009-01-26 19:28 . 2009-01-26 19:28 31,744 ---h----- c:\windows\system32\mwxybhgw.exe
2009-01-26 19:28 . 2009-01-26 19:28 31,744 ---h----- c:\windows\system32\bkkrqmub.exe
2009-01-26 19:28 . 2009-01-26 19:28 31,744 ---h----- c:\windows\system32\bdmmrwqn.exe
2009-01-26 19:26 . 2009-01-26 19:26 31,744 ---h----- c:\windows\system32\udplwput.exe
2009-01-26 19:26 . 2009-01-26 19:26 31,744 ---h----- c:\windows\system32\qyekrhkq.exe
2009-01-26 19:26 . 2009-01-26 19:26 31,744 ---h----- c:\windows\system32\puqolevw.exe
2009-01-26 19:26 . 2009-01-26 19:26 31,744 ---h----- c:\windows\system32\ovmlpiss.exe
2009-01-26 19:26 . 2009-01-26 19:26 31,744 ---h----- c:\windows\system32\leqwhvku.exe
2009-01-26 19:26 . 2009-01-26 19:26 31,744 ---h----- c:\windows\system32\iyczdlgi.exe
2009-01-26 19:26 . 2009-01-26 19:26 31,744 ---h----- c:\windows\system32\cgfupugq.exe
2009-01-26 19:18 . 2009-01-26 19:18 32,200 ---h----- c:\windows\system32\iotomjmx.exe
2009-01-26 19:17 . 2009-01-26 19:17 0 --a------ C:\gtjxd.exe
2009-01-26 17:18 . 2009-01-26 17:18 32,200 ---h----- c:\windows\system32\qkiduahs.exe
2009-01-26 17:18 . 2009-01-26 17:18 32,200 ---h----- c:\windows\system32\lveasgfg.exe
2009-01-26 17:18 . 2009-01-26 17:18 32,200 ---h----- c:\windows\system32\exfoymss.exe
2009-01-26 17:16 . 2009-01-26 17:16 32,200 ---h----- c:\windows\system32\vijvtmyb.exe
2009-01-26 16:57 . 2009-01-26 16:57 32,200 ---h----- c:\windows\system32\uyotaoyq.exe
2009-01-26 16:57 . 2009-01-26 16:57 32,200 ---h----- c:\windows\system32\otjlmvre.exe
2009-01-26 16:57 . 2009-01-26 16:57 32,200 ---h----- c:\windows\system32\lfetzqaz.exe
2009-01-26 16:57 . 2009-01-26 16:57 32,200 ---h----- c:\windows\system32\ebjzmarf.exe
2009-01-26 16:57 . 2009-01-26 16:57 32,200 ---h----- c:\windows\system32\bueciqoa.exe
2009-01-26 16:54 . 2009-01-26 16:54 31,744 ---h----- c:\windows\system32\vryfcqah.exe
2009-01-26 16:25 . 2009-01-26 16:25 32,200 ---h----- c:\windows\system32\dklnxlcz.exe
2009-01-26 16:25 . 2009-01-26 16:25 32,200 ---h----- c:\windows\system32\apgtwhwq.exe
2009-01-26 16:25 . 2009-01-26 16:25 31,744 ---h----- c:\windows\system32\gijfljou.exe
2009-01-26 16:14 . 2009-01-26 16:14 31,744 ---h----- c:\windows\system32\wsyvlnha.exe
2009-01-26 16:14 . 2009-01-26 16:14 31,744 ---h----- c:\windows\system32\bbivnslx.exe
2009-01-26 15:54 . 2009-01-26 15:54 31,744 ---h----- c:\windows\system32\zemdpgdb.exe
2009-01-26 15:54 . 2009-01-26 15:54 31,744 ---h----- c:\windows\system32\ryvmkuow.exe
2009-01-26 15:54 . 2009-01-26 15:54 31,744 ---h----- c:\windows\system32\oyecalsx.exe
2009-01-26 15:52 . 2009-01-26 15:52 32,200 ---h----- c:\windows\system32\ngofhkuh.exe
2009-01-26 15:52 . 2009-01-26 15:52 32,200 ---h----- c:\windows\system32\funksmba.exe
2009-01-26 15:43 . 2009-01-26 15:43 32,200 ---h----- c:\windows\system32\wfnmyefn.exe
2009-01-26 15:43 . 2009-01-26 15:43 32,200 ---h----- c:\windows\system32\uoxhzvhy.exe
2009-01-26 15:28 . 2009-01-26 15:28 32,200 ---h----- c:\windows\system32\liqepwzx.exe
2009-01-26 15:28 . 2009-01-26 15:28 32,200 ---h----- c:\windows\system32\ikirjagu.exe
2009-01-26 15:27 . 2009-01-26 15:27 32,200 ---h----- c:\windows\system32\yrhfkpyn.exe
2009-01-26 15:27 . 2009-01-26 15:27 32,200 ---h----- c:\windows\system32\lqnhroki.exe
2009-01-26 15:27 . 2009-01-26 15:27 31,744 ---h----- c:\windows\system32\gigowfnd.exe
2009-01-26 15:27 . 2009-01-26 15:27 31,744 ---h----- c:\windows\system32\aohkvohq.exe
2009-01-26 15:24 . 2009-01-26 15:24 31,744 ---h----- c:\windows\system32\vniqxmas.exe
2009-01-26 15:21 . 2009-01-26 15:21 31,744 ---h----- c:\windows\system32\rkqxzhcd.exe
2009-01-26 15:18 . 2009-01-26 15:18 31,744 ---h----- c:\windows\system32\flqrmcac.exe
2009-01-26 15:16 . 2009-01-26 15:16 32,200 ---h----- c:\windows\system32\qhfdngug.exe
2009-01-26 15:16 . 2009-01-26 15:16 32,200 ---h----- c:\windows\system32\laqpxtuc.exe
2009-01-26 15:15 . 2009-01-26 15:15 32,200 ---h----- c:\windows\system32\zbqpvfph.exe
2009-01-26 15:15 . 2009-01-26 15:15 32,200 ---h----- c:\windows\system32\qusaauju.exe
2009-01-26 15:13 . 2009-01-26 15:13 31,744 ---h----- c:\windows\system32\ddgjhaal.exe
2009-01-26 14:56 . 2009-01-26 14:56 31,744 ---h----- c:\windows\system32\hxijkhoa.exe
2009-01-26 14:55 . 2009-01-26 14:55 31,744 ---h----- c:\windows\system32\egledcsr.exe
2009-01-26 14:54 . 2009-01-26 14:54 31,744 ---h----- c:\windows\system32\arauxfym.exe
2009-01-25 22:17 . 2007-12-24 17:37 138,384 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-25 22:14 . 2009-01-25 22:30 <DIR> d-------- c:\documents and settings\Benjamin\Application Data\HouseCall 6.6
2009-01-25 16:42 . 2009-01-31 11:39 <DIR> d-------- c:\documents and settings\Benjamin\Tracing
2009-01-25 16:36 . 2009-01-25 16:36 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-25 16:36 . 2009-01-25 16:36 <DIR> d-------- c:\program files\Microsoft
2009-01-25 16:22 . 2009-01-25 16:22 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-25 09:20 . 2009-01-25 09:20 86,066 --a------ c:\windows\system32\bphos.exe
2009-01-24 21:58 . 2009-01-24 21:58 86,066 --a------ c:\windows\system32\jdohzsr.exe
2009-01-24 21:33 . 2009-01-24 21:33 86,066 --a------ c:\windows\system32\ccmcxmxi.exe
2009-01-24 21:00 . 2009-01-24 21:00 86,066 --a------ c:\windows\system32\ztoi.exe
2009-01-24 17:15 . 2009-01-24 19:09 780,392 --a------ C:\love.exe
2008-12-26 14:54 . 2008-12-26 14:54 <DIR> d-------- c:\program files\Salix
2008-12-26 14:54 . 2008-02-13 13:17 618,112 --a------ c:\windows\system32\drivers\PFC027.SYS
2008-12-26 14:54 . 2008-02-18 09:15 129,024 --a------ c:\windows\system32\SP207.ax
2008-12-26 14:54 . 2007-10-04 17:42 48,128 --------- c:\windows\system32\Remove.exe
2008-12-26 14:54 . 2006-10-12 11:57 14,336 --a------ c:\windows\system32\P207USD.dll
2008-12-26 14:54 . 2007-10-25 19:02 566 --a------ c:\windows\system32\SP207.ini
2008-12-26 14:54 . 2007-10-05 15:40 399 --------- c:\windows\system32\Remover.ini
2008-12-26 14:53 . 2008-12-26 14:53 <DIR> d-------- c:\documents and settings\Benjamin\Application Data\InstallShield
2008-12-26 14:50 . 2008-12-26 14:56 <DIR> d-------- c:\program files\Common Files\PAC207
2008-12-25 11:16 . 2008-12-26 14:52 <DIR> d-------- c:\windows\PixArt
2008-12-25 11:16 . 2007-11-02 11:07 6,656 --a------ c:\windows\system32\CoInst_080213.dll
2008-12-11 23:21 . 2008-12-11 23:21 118 --a------ c:\windows\system32\MRT.INI
2008-12-05 19:39 . 2009-01-30 21:11 173 --a------ c:\windows\wininit.ini
2008-12-05 13:49 . 2008-12-05 13:49 <DIR> d-------- c:\windows\system32\scripting
2008-12-05 13:49 . 2008-12-05 13:49 <DIR> d-------- c:\windows\system32\en
2008-12-05 13:49 . 2008-12-05 13:49 <DIR> d-------- c:\windows\system32\bits
2008-12-05 13:49 . 2008-12-05 13:49 <DIR> d-------- c:\windows\l2schemas
2008-12-05 13:44 . 2008-12-05 13:49 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-05 13:34 . 2008-12-05 13:34 <DIR> d-------- c:\windows\EHome
2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 12:24 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-01-31 11:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-31 00:09 --------- d-----w c:\program files\BAMZOOKi
2009-01-30 23:54 --------- d-----w c:\documents and settings\Benjamin\Application Data\uTorrent
2009-01-30 23:52 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-30 23:52 --------- d-----w c:\program files\Common Files\Adobe
2009-01-30 19:04 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-30 08:00 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2009-01-26 08:19 --------- d-----w c:\documents and settings\Benjamin\Application Data\AVG7
2009-01-25 16:38 --------- d-----w c:\program files\Windows Live
2009-01-07 19:58 --------- d-----w c:\program files\LimeWire
2008-12-26 14:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-18 20:46 --------- d-----w c:\documents and settings\Simon.KIDS\Application Data\LimeWire
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-06 13:30 --------- d-----w c:\program files\myBabylon
2008-12-06 13:30 --------- d-----w c:\program files\Conduit
2008-12-05 19:42 --------- d-----w c:\program files\SweetIM
2008-12-05 19:37 --------- d-----w c:\program files\Electronic Arts
2008-12-02 14:37 --------- d-----w c:\program files\EA SPORTS
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2007-11-15 20:39 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-12-29 19:43 24,192 ----a-w c:\documents and settings\Benjamin\usbsermptxp.sys
2006-12-29 19:43 22,768 ----a-w c:\documents and settings\Benjamin\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-01-25 1032376]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-17 590848]
"Comodo Personal Firewall"="c:\program files\Comodo\Personal Firewall\CPF.exe" [2007-02-09 1115728]
"Comodo Launch Pad Tray"="c:\program files\Comodo\LaunchPad\CLPTray.exe" [2007-04-01 229448]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-08 543232]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-09-02 26112]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 219136]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerMenu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerMenu.lnk
backup=c:\windows\pss\PowerMenu.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
--a------ 2002-03-19 16:30 45632 c:\windows\system32\TaskSwitch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-06-07 01:41 118784 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-06-07 01:45 155648 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a------ 2004-08-04 12:00 44032 c:\windows\ime\imkr6_1\imekrmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 12:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-04 12:00 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 12:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 12:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-09-02 02:57 98304 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2004-09-02 02:57 26112 c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2005-11-16 13:38 3759104 c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2004-07-06 08:05 2550272 c:\windows\ALCWZRD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2004-05-18 00:30 543232 c:\windows\zHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2004-03-17 21:10 61952 c:\windows\system32\Hdaudpropshortcut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-07-02 01:58 73728 c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SDhelper"=2 (0x2)
"Boonty Games"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" /Q
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_07\bin\jusched.exe
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" -minimize
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Internet Explorer\\iexplore.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\WINDOWS\\system32\\ztoi.exe"=
"c:\\WINDOWS\\system32\\ccmcxmxi.exe"=
"c:\\WINDOWS\\system32\\bphos.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 SSI;SSI;c:\windows\system32\drivers\ssi.sys [2006-07-20 78336]
S3 AtmElan;ATM Emulated LAN;c:\windows\system32\drivers\atmlane.sys [2006-07-31 55808]
S3 AtmLane;ATM LAN Emulation;c:\windows\system32\drivers\atmlane.sys [2006-07-31 55808]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\SIMON~1.KID\LOCALS~1\Temp\ewdmaudn.sys --> c:\docume~1\SIMON~1.KID\LOCALS~1\Temp\ewdmaudn.sys [?]
S3 Freeserve;TIDSLInstaller Device Driver;c:\windows\system32\drivers\instl.sys [2005-07-29 11878]
S3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys --> c:\windows\system32\DRIVERS\glauiad.sys [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2007-08-21 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2007-08-21 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2007-08-21 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2007-08-21 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2007-08-21 83344]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2008-12-26 618112]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
S3 TIAu5Bt;Copperjet ADSL modem Boot Device;c:\windows\system32\Drivers\tiau5bt.sys --> c:\windows\system32\Drivers\tiau5bt.sys [?]
S3 TIAU5CO;Copperjet ADSL modem connecting with Freeserve Broadband;c:\windows\system32\DRIVERS\TIAU5CO.sys --> c:\windows\system32\DRIVERS\TIAU5CO.sys [?]
S3 ZSMC302;PCL-W310;c:\windows\system32\drivers\usbvm302.sys [2005-11-27 93962]
S4 Boonty Games;Boonty Games;c:\program files\Common Files\BOONTY Shared\Service\Boonty.exe [2005-10-16 69120]
.
Contents of the 'Scheduled Tasks' folder
2009-01-30 c:\windows\Tasks\At1.job
- c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 21:50]
2009-01-30 c:\windows\Tasks\At2.job
- c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 21:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Benjamin\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: overthegardengate.net\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://games.bigfishgames.com/en_dairy-dash-game/online/DairyDashWeb.1.0.0.15.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} - hxxp://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://192.171.156.180/activex/AMC.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://games.bigfishgames.com/en_wedding-dash-2-rings-around-world-game/online/WeddingDash2Web.1.0.0.11.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-31 12:24:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\WRLogonNTF.dll
.
Completion time: 2009-01-31 12:29:23
ComboFix-quarantined-files.txt 2009-01-31 12:28:27
ComboFix2.txt 2009-01-31 12:16:53
Pre-Run: 30,960,263,168 bytes free
Post-Run: 30,940,696,576 bytes free
333 --- E O F --- 2009-01-14 12:22:29
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
2. Open notepad and copy/paste the text in the quotebox below into it:
QUOTE
KillAll::
File::
C:\p8.exe
C:\pps.exe
c:\windows\system32\tqgzeloz.exe
c:\windows\system32\rccaonae.exe
c:\windows\system32\mvsgdnfq.exe
c:\windows\system32\lqimjeqe.exe
c:\windows\system32\jtimxfbm.exe
c:\windows\system32\blljwsnz.exe
c:\windows\system32\wssxtiuw.exe
c:\windows\system32\bbznqodk.exe
c:\windows\system32\yevobusf.exe
c:\windows\system32\xdadrlef.exe
c:\windows\system32\mwxybhgw.exe
c:\windows\system32\bkkrqmub.exe
c:\windows\system32\bdmmrwqn.exe
c:\windows\system32\udplwput.exe
c:\windows\system32\qyekrhkq.exe
c:\windows\system32\puqolevw.exe
c:\windows\system32\ovmlpiss.exe
c:\windows\system32\leqwhvku.exe
c:\windows\system32\iyczdlgi.exe
c:\windows\system32\cgfupugq.exe
c:\windows\system32\iotomjmx.exe
C:\gtjxd.exe
c:\windows\system32\qkiduahs.exe
c:\windows\system32\lveasgfg.exe
c:\windows\system32\exfoymss.exe
c:\windows\system32\vijvtmyb.exe
c:\windows\system32\uyotaoyq.exe
c:\windows\system32\otjlmvre.exe
c:\windows\system32\lfetzqaz.exe
c:\windows\system32\ebjzmarf.exe
c:\windows\system32\bueciqoa.exe
c:\windows\system32\vryfcqah.exe
c:\windows\system32\dklnxlcz.exe
c:\windows\system32\apgtwhwq.exe
c:\windows\system32\gijfljou.exe
c:\windows\system32\wsyvlnha.exe
c:\windows\system32\bbivnslx.exe
c:\windows\system32\zemdpgdb.exe
c:\windows\system32\ryvmkuow.exe
c:\windows\system32\oyecalsx.exe
c:\windows\system32\ngofhkuh.exe
c:\windows\system32\funksmba.exe
c:\windows\system32\wfnmyefn.exe
c:\windows\system32\uoxhzvhy.exe
c:\windows\system32\liqepwzx.exe
c:\windows\system32\ikirjagu.exe
c:\windows\system32\yrhfkpyn.exe
c:\windows\system32\lqnhroki.exe
c:\windows\system32\gigowfnd.exe
c:\windows\system32\aohkvohq.exe
c:\windows\system32\vniqxmas.exe
c:\windows\system32\rkqxzhcd.exe
c:\windows\system32\flqrmcac.exe
c:\windows\system32\qhfdngug.exe
c:\windows\system32\laqpxtuc.exe
c:\windows\system32\zbqpvfph.exe
c:\windows\system32\qusaauju.exe
c:\windows\system32\ddgjhaal.exe
c:\windows\system32\hxijkhoa.exe
c:\windows\system32\egledcsr.exe
c:\windows\system32\arauxfym.exe
c:\windows\system32\bphos.exe
c:\windows\system32\jdohzsr.exe
c:\windows\system32\ccmcxmxi.exe
c:\windows\system32\ztoi.exe
C:\love.exe
File::
C:\p8.exe
C:\pps.exe
c:\windows\system32\tqgzeloz.exe
c:\windows\system32\rccaonae.exe
c:\windows\system32\mvsgdnfq.exe
c:\windows\system32\lqimjeqe.exe
c:\windows\system32\jtimxfbm.exe
c:\windows\system32\blljwsnz.exe
c:\windows\system32\wssxtiuw.exe
c:\windows\system32\bbznqodk.exe
c:\windows\system32\yevobusf.exe
c:\windows\system32\xdadrlef.exe
c:\windows\system32\mwxybhgw.exe
c:\windows\system32\bkkrqmub.exe
c:\windows\system32\bdmmrwqn.exe
c:\windows\system32\udplwput.exe
c:\windows\system32\qyekrhkq.exe
c:\windows\system32\puqolevw.exe
c:\windows\system32\ovmlpiss.exe
c:\windows\system32\leqwhvku.exe
c:\windows\system32\iyczdlgi.exe
c:\windows\system32\cgfupugq.exe
c:\windows\system32\iotomjmx.exe
C:\gtjxd.exe
c:\windows\system32\qkiduahs.exe
c:\windows\system32\lveasgfg.exe
c:\windows\system32\exfoymss.exe
c:\windows\system32\vijvtmyb.exe
c:\windows\system32\uyotaoyq.exe
c:\windows\system32\otjlmvre.exe
c:\windows\system32\lfetzqaz.exe
c:\windows\system32\ebjzmarf.exe
c:\windows\system32\bueciqoa.exe
c:\windows\system32\vryfcqah.exe
c:\windows\system32\dklnxlcz.exe
c:\windows\system32\apgtwhwq.exe
c:\windows\system32\gijfljou.exe
c:\windows\system32\wsyvlnha.exe
c:\windows\system32\bbivnslx.exe
c:\windows\system32\zemdpgdb.exe
c:\windows\system32\ryvmkuow.exe
c:\windows\system32\oyecalsx.exe
c:\windows\system32\ngofhkuh.exe
c:\windows\system32\funksmba.exe
c:\windows\system32\wfnmyefn.exe
c:\windows\system32\uoxhzvhy.exe
c:\windows\system32\liqepwzx.exe
c:\windows\system32\ikirjagu.exe
c:\windows\system32\yrhfkpyn.exe
c:\windows\system32\lqnhroki.exe
c:\windows\system32\gigowfnd.exe
c:\windows\system32\aohkvohq.exe
c:\windows\system32\vniqxmas.exe
c:\windows\system32\rkqxzhcd.exe
c:\windows\system32\flqrmcac.exe
c:\windows\system32\qhfdngug.exe
c:\windows\system32\laqpxtuc.exe
c:\windows\system32\zbqpvfph.exe
c:\windows\system32\qusaauju.exe
c:\windows\system32\ddgjhaal.exe
c:\windows\system32\hxijkhoa.exe
c:\windows\system32\egledcsr.exe
c:\windows\system32\arauxfym.exe
c:\windows\system32\bphos.exe
c:\windows\system32\jdohzsr.exe
c:\windows\system32\ccmcxmxi.exe
c:\windows\system32\ztoi.exe
C:\love.exe
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.