Troj/Virtum-Gen virus detected by sophos [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

Troj/Virtum-Gen virus detected by sophos [RESOLVED], the details say its in C:\windows\system32\rqrjdwtq.dll

Options

amanda732 View Member Profile	Sep 22 2008, 01:40 PM Post #1
Member Posts: 14 OS: XP	My sophos antivirus found the troj/virtum-gen on my computer a couple of days ago. I ran a full computer scan and it then allowed me to clean up the virus. When i restarted my computer the virus was back and after another full computer scan was run it said the cleanup was incomplete and manual removal was required. When I tried to remove the virus components they were either not where they said they would be or they would come back after i removed them. I have tried vundofix as well as virtumundobegone to get rid of the virus but when i scan for the virus they both found no infected files. I have followed the steps in You Must Read This Before Posting A Hijack This Log but my computer wouldn't allow me to download the Malwarebytes' Anti-malware and i cant get to the windows updates page (my computer wont load the page). I ran the hijackthis and here is the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:38:53 PM, on 9/22/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001 C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\explorer.exe C:\Program Files\Sophos\Sophos Anti-Virus\SavMain.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\TEMP\sophos_autoupdate1.dir\alupdate.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://brockport.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [BMef074f97] Rundll32.exe "C:\WINDOWS\system32\mbbyqtxh.dll",s O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - Startup: Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Manda\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} (Echospin Proxy Control) - http://echospin.com/wizard/files/esWizard.cab O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail.baypath.edu/iNotes6.cab O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157046608906 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://mail.baypath.edu/dwa7W.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL vcrwyz.dll opbhcv.dll eqwgfu.dll jlmuti.dll oxpwdo.dll uvhzkf.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 12925 bytes Thanks in advance for any help you can give me.

Egwene View Member Profile	Sep 22 2008, 02:28 PM Post #2
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hello amanda732 ! Welcome to the site! My name's Egwene and I'll be helping clean up your computer. I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me. Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer: To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis� Logs Go Here. Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry! When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format \| Uncheck Word Wrap) Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know. NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask! Make sure you reply to this thread using the Add Reply button: Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Egwene View Member Profile	Sep 22 2008, 02:48 PM Post #3
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hello amanda732, Let's begin the removal 1) Disable real-time protections : --> Please disable Trend-Micor internet security real-time protection, more help here : http://www.bleepingcomputer.com/forums/topic114351.html --> While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean. Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. 2) Update Java : Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. 3) Run Vundofix : Please download VundoFix.exe to your desktop Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting. 4) Run LopSD option 1 : Disable resident protections (Antivirus...); you'll re-enable them after the scan Download Lop S&D < here Double-click Lop S&D.exe Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which is created: (%SystemDrive%\lopR.txt) Regards, Egwene.

amanda732 View Member Profile	Sep 22 2008, 07:55 PM Post #4
Member Posts: 14 OS: XP	I wasnt able to disable sophos so i went into msconfig and stopped it from starting up. i stopped tea-timer, i updated java, and i ran vundofix. However vundofix found no infected files. what should i do now?

Egwene View Member Profile	Sep 23 2008, 02:00 AM Post #5
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Please do the step 4 now : run LopSD option 1 Don't worry, we will fix your issue Regards, Egwene. This post has been edited by Egwene: Sep 23 2008, 02:01 AM

amanda732 View Member Profile	Sep 23 2008, 07:39 AM Post #6
Member Posts: 14 OS: XP	here is the Lop S&D log: --------------------\\ Lop S&D 4.2.4-4 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Genuine Intel® CPU T2250 @ 1.73GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02 USER : Manda ( Administrator ) BOOT : Normal boot Antivirus : Sophos Anti-Virus (Activated) C:\ (Local Disk) - NTFS - Total : 105 Go Free : 34 Go D:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-09-2008\|22:20 ) Option : [1] ( Tue 09/23/2008\| 7:35 ) --------------------\\ Listing folders in APPLIC~1 [08/16/2006\|07:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> ATI [08/16/2005\|04:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities [08/16/2006\|07:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Intel [08/16/2005\|04:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft [08/16/2006\|07:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun [09/09/2008\|07:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe [09/25/2007\|06:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Advanced Chemistry Development [08/31/2006\|07:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL [11/05/2007\|09:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads [03/09/2007\|12:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP [01/15/2007\|03:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Brother [08/16/2006\|07:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Creative Labs [10/26/2007\|05:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Escape From Paradise [08/26/2008\|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> esClient [04/22/2007\|05:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FloodLightGames [09/06/2008\|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Fugazo [12/16/2007\|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Gogii [04/22/2007\|05:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google [08/16/2006\|07:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek [05/03/2008\|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HipSoft [08/16/2006\|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield [08/16/2006\|07:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intel [09/03/2007\|02:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iWin [09/19/2008\|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iWin Games [11/20/2007\|02:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> JollyBear [08/26/2008\|07:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Memeo [03/23/2008\|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [03/09/2008\|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MumboJumbo [04/24/2007\|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> n7-89-o9-3r-4t-r9 [09/04/2007\|03:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NannyMania [08/25/2008\|03:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NeoEdge Networks [09/08/2007\|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Oberon Games [10/22/2006\|02:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Oberon Media [09/02/2008\|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PlayFirst [03/07/2007\|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap [10/08/2006\|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime [09/04/2008\|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sandlot Games [01/15/2007\|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ScanSoft [01/31/2007\|02:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sophos [09/19/2008\|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy [09/19/2008\|08:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP [09/17/2006\|01:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia [09/05/2008\|11:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Valusoft [11/05/2007\|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint [08/31/2006\|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage [04/22/2007\|05:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo! [09/07/2007\|08:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Zylom [08/16/2006\|07:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> ATI [08/16/2005\|04:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities [08/16/2006\|07:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Intel [08/16/2005\|04:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [08/16/2006\|07:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun [03/23/2007\|03:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Intel [03/19/2008\|11:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [09/01/2006\|06:43] C:\DOCUME~1\Manda\APPLIC~1\<DIR> 7100Series [10/20/2007\|10:02] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Abra Academy2 [09/09/2006\|06:28] C:\DOCUME~1\Manda\APPLIC~1\<DIR> acccore [12/09/2007\|07:45] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Adobe [09/09/2008\|07:39] C:\DOCUME~1\Manda\APPLIC~1\<DIR> AdobeUM [08/16/2006\|07:44] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ATI [07/27/2008\|12:03] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Azureus [09/05/2008\|04:55] C:\DOCUME~1\Manda\APPLIC~1\<DIR> BeachPartyCraze [09/06/2008\|04:19] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Big Fish Games [03/02/2008\|11:36] C:\DOCUME~1\Manda\APPLIC~1\<DIR> BloodTies [01/16/2007\|02:22] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Brother [09/03/2006\|10:25] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Corel [10/02/2006\|11:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Corel Photo Album [08/22/2006\|08:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Creative [01/12/2007\|06:10] C:\DOCUME~1\Manda\APPLIC~1\<DIR> CyberLink [10/15/2006\|03:14] C:\DOCUME~1\Manda\APPLIC~1\<DIR> DivX [09/17/2006\|06:53] C:\DOCUME~1\Manda\APPLIC~1\<DIR> EA [09/03/2007\|10:42] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Eyeblaster [04/22/2007\|05:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> FloodLightGames [09/03/2007\|10:35] C:\DOCUME~1\Manda\APPLIC~1\<DIR> GameHouse [08/30/2008\|10:13] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Gamelab [09/02/2008\|02:57] C:\DOCUME~1\Manda\APPLIC~1\<DIR> GamesCafe [10/23/2006\|09:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Google [09/22/2008\|03:09] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Gtek [06/10/2008\|12:36] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Help [12/15/2007\|02:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Home Sweet Home [08/16/2005\|04:50] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Identities [10/16/2006\|10:10] C:\DOCUME~1\Manda\APPLIC~1\<DIR> IMVU [09/16/2008\|10:38] C:\DOCUME~1\Manda\APPLIC~1\<DIR> InstallShield [08/16/2006\|07:35] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Intel [09/11/2008\|04:00] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ITTNord [09/21/2008\|05:04] C:\DOCUME~1\Manda\APPLIC~1\<DIR> iWin [09/08/2008\|04:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> iWinArcade [10/20/2007\|01:17] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Jane s Hotel [09/04/2008\|10:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Jane s Hotel Family Hero [11/06/2007\|06:42] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Legends of pirates [09/06/2006\|10:49] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Macromedia [04/18/2007\|01:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Magic Academy [09/17/2006\|11:37] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Magic Match [08/25/2008\|03:51] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Microsoft [08/27/2006\|05:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Microsoft Web Folders [09/22/2008\|04:27] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Move Networks [09/06/2008\|11:25] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Mozilla [05/02/2008\|10:01] C:\DOCUME~1\Manda\APPLIC~1\<DIR> My Games [03/09/2008\|02:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> MysteryStudio [09/02/2008\|09:28] C:\DOCUME~1\Manda\APPLIC~1\<DIR> PlayFirst [08/30/2008\|11:17] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Righteous Kill [09/09/2007\|09:03] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Sandlot Games [10/08/2007\|08:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> SecuROM [12/09/2006\|05:13] C:\DOCUME~1\Manda\APPLIC~1\<DIR> SmartDraw [08/16/2006\|07:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Sun [03/09/2008\|03:15] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Total Eclipse [05/01/2008\|11:01] C:\DOCUME~1\Manda\APPLIC~1\<DIR> U3 [09/05/2008\|11:48] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Valusoft [09/29/2007\|05:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> VeniceMysteryData [01/17/2007\|07:39] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Viewpoint [09/02/2008\|04:59] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ViquaSoft [04/22/2007\|05:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> yahoo! [03/07/2007\|03:15] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft [08/16/2006\|07:44] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> ATI [09/22/2008\|03:01] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Gtek [08/16/2005\|04:50] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Identities [08/16/2006\|07:35] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Intel [03/23/2007\|03:11] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Microsoft [08/16/2006\|07:31] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Sun --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [09/22/2008 09:00 PM][--a------] C:\WINDOWS\tasks\Daily.job [09/22/2008 08:36 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/10/2004 05:00 AM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [02/07/2007\|12:22] C:\Program Files\<DIR> Activision Value [09/09/2008\|07:36] C:\Program Files\<DIR> Adobe [11/05/2007\|09:36] C:\Program Files\<DIR> AIM6 [12/17/2006\|10:20] C:\Program Files\<DIR> Alawar [12/16/2007\|08:52] C:\Program Files\<DIR> America Online 9.0 [11/12/2006\|04:10] C:\Program Files\<DIR> Ant War [09/09/2006\|06:28] C:\Program Files\<DIR> AOD [09/09/2006\|06:20] C:\Program Files\<DIR> AOL [08/16/2006\|07:49] C:\Program Files\<DIR> AOL Companion [08/16/2006\|07:40] C:\Program Files\<DIR> ATI Technologies [09/07/2008\|11:24] C:\Program Files\<DIR> Azada [01/30/2007\|06:05] C:\Program Files\<DIR> Azureus [08/16/2006\|07:57] C:\Program Files\<DIR> BAE [04/22/2007\|05:13] C:\Program Files\<DIR> BFG [08/16/2006\|07:34] C:\Program Files\<DIR> Broadcom [01/15/2007\|03:22] C:\Program Files\<DIR> Brother [11/12/2006\|04:10] C:\Program Files\<DIR> CakeMania_at [03/22/2008\|08:51] C:\Program Files\<DIR> Cate West The Vanishing Files [03/19/2008\|10:42] C:\Program Files\<DIR> Cathys Caribbean Club [02/07/2007\|04:39] C:\Program Files\<DIR> CoffeeTycoon_at [08/26/2008\|07:47] C:\Program Files\<DIR> Common Files [08/16/2005\|04:38] C:\Program Files\<DIR> ComPlus Applications [01/12/2007\|05:47] C:\Program Files\<DIR> Compton's Home Library [08/16/2006\|07:37] C:\Program Files\<DIR> CONEXANT [09/07/2008\|11:24] C:\Program Files\<DIR> Cooking Academy [08/16/2006\|07:54] C:\Program Files\<DIR> Corel [08/16/2006\|07:55] C:\Program Files\<DIR> Corel Corporation [08/16/2006\|07:43] C:\Program Files\<DIR> Creative [02/07/2007\|04:39] C:\Program Files\<DIR> Crime Puzzle [08/16/2006\|07:44] C:\Program Files\<DIR> CyberLink [02/07/2007\|04:39] C:\Program Files\<DIR> Deep Sea Tycoon 2_at [10/13/2007\|09:41] C:\Program Files\<DIR> DeliveryKing_at [08/16/2006\|08:00] C:\Program Files\<DIR> Dell [09/22/2008\|03:00] C:\Program Files\<DIR> DellSupport [03/19/2008\|11:16] C:\Program Files\<DIR> DIFX [08/16/2006\|07:41] C:\Program Files\<DIR> Digital Line Detect [03/01/2007\|07:42] C:\Program Files\<DIR> DivX [10/20/2007\|04:47] C:\Program Files\<DIR> DreamChronicles_at [10/08/2007\|07:08] C:\Program Files\<DIR> EA GAMES [08/16/2006\|07:49] C:\Program Files\<DIR> EarthLink Setup [08/26/2008\|09:21] C:\Program Files\<DIR> echospin [08/16/2005\|08:51] C:\Program Files\<DIR> EnglishOtto [09/22/2008\|02:33] C:\Program Files\<DIR> ERUNT [09/21/2008\|05:02] C:\Program Files\<DIR> Fenomen Games Downloader [03/19/2008\|10:42] C:\Program Files\<DIR> Feyruna Fairy Forest [08/23/2006\|02:27] C:\Program Files\<DIR> Game On [09/14/2008\|10:00] C:\Program Files\<DIR> GameHouse [09/14/2008\|10:00] C:\Program Files\<DIR> Games [09/30/2007\|02:29] C:\Program Files\<DIR> GamesBar [12/16/2007\|10:28] C:\Program Files\<DIR> GemMaster [12/01/2006\|05:30] C:\Program Files\<DIR> GlobalStar Software [09/21/2008\|11:58] C:\Program Files\<DIR> Google [03/19/2008\|10:43] C:\Program Files\<DIR> Grimms Hatchery [10/15/2006\|03:25] C:\Program Files\<DIR> GustoSoft [09/07/2008\|11:25] C:\Program Files\<DIR> Hawaiian Explorer The Lost Island [12/18/2006\|01:05] C:\Program Files\<DIR> Infogrames [06/22/2007\|03:05] C:\Program Files\<DIR> Infogrames Interactive [09/06/2008\|01:29] C:\Program Files\<DIR> InstallShield Installation Information [08/16/2006\|07:35] C:\Program Files\<DIR> Intel [08/16/2006\|07:35] C:\Program Files\<DIR> Intel, Inc [04/10/2008\|03:01] C:\Program Files\<DIR> Internet Explorer [09/21/2008\|12:55] C:\Program Files\<DIR> iWin.com [08/27/2006\|05:43] C:\Program Files\<DIR> Jasc Software Inc [09/22/2008\|08:58] C:\Program Files\<DIR> Java [09/07/2008\|11:27] C:\Program Files\<DIR> Kudos [12/16/2007\|10:28] C:\Program Files\<DIR> LawandOrderDarkObsession_at [11/12/2006\|04:12] C:\Program Files\<DIR> LawOrderVengefulHeart_at [08/16/2006\|07:49] C:\Program Files\<DIR> Learn2.com [10/09/2007\|10:20] C:\Program Files\<DIR> LimeWire [12/12/2006\|06:23] C:\Program Files\<DIR> Lx_cats [08/26/2008\|07:47] C:\Program Files\<DIR> Memeo [08/16/2006\|07:32] C:\Program Files\<DIR> Messenger [08/27/2006\|05:31] C:\Program Files\<DIR> microsoft frontpage [08/27/2006\|05:31] C:\Program Files\<DIR> Microsoft Office [08/16/2006\|07:47] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition [08/16/2006\|07:47] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE [09/09/2007\|08:51] C:\Program Files\<DIR> Microsoft Works [09/16/2008\|10:37] C:\Program Files\<DIR> Minitab 15 [08/16/2006\|07:41] C:\Program Files\<DIR> Modem Helper [10/11/2007\|07:09] C:\Program Files\<DIR> ModTheSims2.com [08/16/2005\|04:37] C:\Program Files\<DIR> Movie Maker [09/23/2008\|07:33] C:\Program Files\<DIR> Mozilla Firefox [08/16/2005\|04:37] C:\Program Files\<DIR> MSN [08/16/2005\|04:37] C:\Program Files\<DIR> MSN Gaming Zone [11/29/2006\|12:34] C:\Program Files\<DIR> MSXML 4.0 [08/16/2006\|07:52] C:\Program Files\<DIR> MUSICMATCH [03/22/2008\|10:02] C:\Program Files\<DIR> Mysteryville [06/11/2008\|01:04] C:\Program Files\<DIR> Nancy Drew [08/16/2005\|04:40] C:\Program Files\<DIR> NetMeeting [08/16/2006\|07:41] C:\Program Files\<DIR> NetWaiting [08/16/2006\|07:46] C:\Program Files\<DIR> NetZeroInstallers [11/17/2007\|03:16] C:\Program Files\<DIR> Oberon Media [02/07/2007\|05:15] C:\Program Files\<DIR> On2 Technologies [08/16/2005\|04:38] C:\Program Files\<DIR> Online Services [08/31/2006\|01:09] C:\Program Files\<DIR> Outlook Express [09/07/2008\|11:27] C:\Program Files\<DIR> Paparazzi [09/07/2008\|11:27] C:\Program Files\<DIR> Peggle Deluxe [02/07/2007\|04:43] C:\Program Files\<DIR> Pizza Frenzy [05/04/2008\|12:22] C:\Program Files\<DIR> PlayFirst [08/16/2006\|07:49] C:\Program Files\<DIR> QuickTime [09/21/2006\|12:06] C:\Program Files\<DIR> Real [09/14/2008\|10:01] C:\Program Files\<DIR> Red Cross ERU [12/17/2006\|10:04] C:\Program Files\<DIR> ReflexiveArcade [08/16/2005\|08:58] C:\Program Files\<DIR> RGB [01/15/2007\|03:17] C:\Program Files\<DIR> ScanSoft [08/16/2006\|07:57] C:\Program Files\<DIR> SearchAssist [08/29/2008\|08:21] C:\Program Files\<DIR> Shockwave.com [08/16/2006\|07:37] C:\Program Files\<DIR> Sigmatel [02/24/2007\|11:55] C:\Program Files\<DIR> SmartDraw 2007 [08/16/2006\|07:49] C:\Program Files\<DIR> Sonic [09/01/2007\|10:27] C:\Program Files\<DIR> Sophos [01/31/2007\|02:00] C:\Program Files\<DIR> Sophos SWEEP for NT [09/24/2006\|02:38] C:\Program Files\<DIR> SpongeBobDinerDash_at [09/19/2008\|09:12] C:\Program Files\<DIR> Spybot - Search & Destroy [11/17/2007\|03:25] C:\Program Files\<DIR> SuperCollapse3_at [05/04/2008\|12:09] C:\Program Files\<DIR> Supple [08/16/2006\|07:34] C:\Program Files\<DIR> Synaptics [02/21/2007\|01:16] C:\Program Files\<DIR> The Adventure Company [05/04/2008\|12:09] C:\Program Files\<DIR> The Game of Life - PTS [09/07/2008\|11:28] C:\Program Files\<DIR> The Game Of LIFE PTS [02/06/2007\|10:48] C:\Program Files\<DIR> TikGames [09/22/2008\|02:56] C:\Program Files\<DIR> Trend Micro [09/07/2008\|11:30] C:\Program Files\<DIR> Tropix 2 - The Quest for the Golden Banana [11/18/2006\|08:37] C:\Program Files\<DIR> TryMedia [08/16/2005\|04:50] C:\Program Files\<DIR> Uninstall Information [09/14/2008\|10:00] C:\Program Files\<DIR> Venture Arctic [02/25/2007\|10:01] C:\Program Files\<DIR> Viewpoint [04/22/2007\|05:30] C:\Program Files\<DIR> Virtual Laguna Beach [08/16/2006\|07:51] C:\Program Files\<DIR> WebCyberCoach [08/26/2008\|07:47] C:\Program Files\<DIR> Western Digital [08/26/2008\|07:45] C:\Program Files\<DIR> Western Digital Technologies [08/16/2006\|07:35] C:\Program Files\<DIR> WIDCOMM [08/22/2006\|08:16] C:\Program Files\<DIR> WildTangent [03/19/2008\|11:15] C:\Program Files\<DIR> Windows Media Player [08/16/2005\|04:37] C:\Program Files\<DIR> Windows NT [08/16/2005\|04:37] C:\Program Files\<DIR> Windows Plus [01/15/2007\|03:09] C:\Program Files\<DIR> WindowsUpdate [02/24/2008\|12:57] C:\Program Files\<DIR> WinRAR [08/16/2006\|07:50] C:\Program Files\<DIR> WordPerfect Office 12 [08/16/2005\|04:43] C:\Program Files\<DIR> xerox [02/28/2007\|10:45] C:\Program Files\<DIR> Yahoo! [09/21/2008\|05:04] C:\Program Files\<DIR> Yahoo! Games [09/23/2006\|05:38] C:\Program Files\<DIR> ZooVet_at [03/23/2008\|07:21] C:\Program Files\<DIR> Zune --------------------\\ Listing Folders in C:\Program Files\Common Files [08/31/2006\|09:23] C:\Program Files\Common Files\<DIR> Adobe [03/09/2007\|12:41] C:\Program Files\Common Files\<DIR> AOL [08/16/2006\|07:49] C:\Program Files\Common Files\<DIR> aolshare [08/16/2006\|07:50] C:\Program Files\Common Files\<DIR> Borland Shared [09/01/2007\|10:27] C:\Program Files\Common Files\<DIR> Cisco Systems [03/19/2008\|11:16] C:\Program Files\Common Files\<DIR> ComponentOne [08/16/2006\|07:50] C:\Program Files\Common Files\<DIR> Corel [08/16/2006\|07:41] C:\Program Files\Common Files\<DIR> Creative Labs Shared [08/27/2006\|05:33] C:\Program Files\Common Files\<DIR> Designer [08/26/2008\|07:47] C:\Program Files\Common Files\<DIR> eSellerate [09/15/2006\|07:24] C:\Program Files\Common Files\<DIR> Hypnotizer [08/16/2006\|07:49] C:\Program Files\Common Files\<DIR> InstallShield [08/16/2006\|07:31] C:\Program Files\Common Files\<DIR> Java [03/23/2008\|07:16] C:\Program Files\Common Files\<DIR> Microsoft Shared [08/16/2005\|04:40] C:\Program Files\Common Files\<DIR> MSSoap [08/16/2006\|07:49] C:\Program Files\Common Files\<DIR> Nullsoft [08/16/2005\|04:33] C:\Program Files\Common Files\<DIR> ODBC [08/16/2006\|07:49] C:\Program Files\Common Files\<DIR> Real [09/23/2006\|06:04] C:\Program Files\Common Files\<DIR> Sandlot Shared [01/15/2007\|03:18] C:\Program Files\Common Files\<DIR> ScanSoft Shared [08/16/2005\|04:40] C:\Program Files\Common Files\<DIR> Services [08/16/2006\|07:49] C:\Program Files\Common Files\<DIR> Sonic Shared [08/16/2005\|04:33] C:\Program Files\Common Files\<DIR> SpeechEngines [09/09/2006\|06:31] C:\Program Files\Common Files\<DIR> SWF Studio [08/31/2006\|01:09] C:\Program Files\Common Files\<DIR> System [08/16/2006\|07:47] C:\Program Files\Common Files\<DIR> TiVo Shared --------------------\\ Process ( 76 Processes ) IEXPLORE.EXE ~ [PID:5340] --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders C:\DOCUME~1\Manda\Cookies\manda@advertising[1].txt C:\DOCUME~1\Manda\Cookies\manda@adopt.euroclick[1].txt --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-23 07:47:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections C:\WINDOWS\system32\fhQXxGgh.ini2 C:\WINDOWS\system32\kTwxHRqr.ini2 C:\WINDOWS\system32\yIhgOXyb.ini C:\WINDOWS\system32\yIhgOXyb.ini2 ==> VUNDO <== --------------------\\ ROOTKIT !! Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Services\tdssserv] Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv] Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKLM\..\ControlSet001\Services\tdssserv] Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv] Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKLM\..\ControlSet003\Services\tdssserv] Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\tdssserv] Trojan ! .. C:\WINDOWS\system32\tdssservers.dat --------------------\\ Cracks & Keygens .. C:\DOCUME~1\Manda\Incomplete\CORRUPT-0-Brand New - Play Crack The Sky.mp3 [F:63][D:35]-> C:\DOCUME~1\Manda\LOCALS~1\Temp [F:67][D:0]-> C:\DOCUME~1\Manda\Cookies [F:129][D:6]-> C:\DOCUME~1\Manda\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Tue 09/23/2008\| 7:53 - Option : [1] --------------------\\ Scan completed at 7:53:58

Egwene View Member Profile	Sep 24 2008, 06:19 AM Post #7
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hello amanda732, Let's go on Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): [kill explorer] C:\DOCUME~1\Manda\Incomplete\CORRUPT-0-Brand New - Play Crack The Sky.mp3 purity emptytemp [start explorer] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste. Click the red Moveit! button. A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply. Close OTMoveIt2 If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. --- Please visit this web page for instructions for downloading and running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log. Regards, Egwene.

amanda732 View Member Profile	Sep 24 2008, 07:30 PM Post #8
Member Posts: 14 OS: XP	hi, I was able to run OTMoveIt but i when i downloaded combofix it would not allow me to run it. It said "you cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." Because of this the Windows XP recovery console wouldn't work either. Here is the OTMoveIt log though. Explorer killed successfully C:\DOCUME~1\Manda\Incomplete\CORRUPT-0-Brand New - Play Crack The Sky.mp3 moved successfully. < purity > < emptytemp > File delete failed. C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Manda\LOCALS~1\Temp\etilqs_rjHDoP5u1uzi3U6z03bC scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Manda\LOCALS~1\Temp\Perflib_Perfdata_15b4.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Manda\LOCALS~1\Temp\Perflib_Perfdata_aa8.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001.dir.0000\~efe2.tmp scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09242008_174007 Files moved on Reboot... C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001 moved successfully. File C:\DOCUME~1\Manda\LOCALS~1\Temp\etilqs_rjHDoP5u1uzi3U6z03bC not found! File C:\DOCUME~1\Manda\LOCALS~1\Temp\Perflib_Perfdata_15b4.dat not found! File C:\DOCUME~1\Manda\LOCALS~1\Temp\Perflib_Perfdata_aa8.dat not found! File C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp not found! File C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001.dir.0000\~efe2.tmp not found!

Egwene View Member Profile	Sep 25 2008, 07:45 AM Post #9
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hello amanda732, Please delete combofix.exe by right-click on it and delete. Then please do the following : Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 Link 3 -------------------------------------------------------------------- Please visit this web page for instructions for running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log. Regards, Egwene.

amanda732 View Member Profile	Sep 25 2008, 10:12 PM Post #10
Member Posts: 14 OS: XP	I was able to get combofix to work. Here is the combofix log: ComboFix 08-09-25.03 - Manda 2008-09-25 21:16:49.2 - NTFSx86 Running from: C:\Documents and Settings\Manda\Desktop\Combo-Fix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV ((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 ))))))))))))))))))))))))))))))) . 2008-09-25 16:11 . 2008-09-25 16:11 711 --a------ C:\Settings.ini 2008-09-24 17:40 . 2008-09-24 17:40 <DIR> d-------- C:\_OTMoveIt 2008-09-23 07:34 . 2008-09-23 07:53 <DIR> d-------- C:\Lop SD 2008-09-22 20:59 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-09-22 20:49 . 2008-09-22 20:49 <DIR> d-------- C:\Documents and Settings\Manda\JavaRa 2008-09-22 16:12 . 2008-09-22 16:12 0 --a------ C:\WINDOWS\BS.INI 2008-09-22 15:00 . 2008-09-22 15:00 <DIR> d-------- C:\Program Files\DellSupport 2008-09-22 14:33 . 2008-09-22 14:33 <DIR> d-------- C:\Program Files\ERUNT 2008-09-21 20:06 . 2008-09-21 20:06 <DIR> d-------- C:\VundoFix Backups 2008-09-20 15:54 . 2008-09-20 22:26 865,301 --ahs---- C:\WINDOWS\system32\kTwxHRqr.ini2 2008-09-19 19:47 . 2008-09-20 14:43 889,501 --ahs---- C:\WINDOWS\system32\fhQXxGgh.ini2 2008-09-19 18:23 . 2008-09-20 14:39 <DIR> d-------- C:\WINDOWS\system32\p 2008-09-19 18:23 . 2008-09-20 15:37 <DIR> d-------- C:\WINDOWS\system32\np5 2008-09-19 18:23 . 2008-09-19 18:23 <DIR> d-------- C:\WINDOWS\system32\mC02 2008-09-19 18:23 . 2008-09-25 19:54 <DIR> d-------- C:\WINDOWS\system32\inf 2008-09-19 18:23 . 2008-09-19 18:23 <DIR> d-------- C:\WINDOWS\system32\ES 2008-09-19 18:23 . 2008-09-19 18:23 <DIR> d-------- C:\Temp\mtc2 2008-09-19 18:23 . 2008-09-19 18:23 107,008 --a------ C:\ctfmon.exe 2008-09-19 18:23 . 2008-09-19 18:23 71,711 --a------ C:\WINDOWS\system32\mrtpfhefkdvvwlz.exe 2008-09-19 18:23 . 2008-09-19 18:23 34,816 --a------ C:\WINDOWS\system32\yayvWPfF.dll.vir 2008-09-19 18:23 . 2008-09-19 18:23 355 --a------ C:\753.bat 2008-09-16 22:38 . 2008-09-16 22:38 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\InstallShield 2008-09-16 22:37 . 2008-09-16 22:37 65 --a------ C:\WINDOWS\minitab.ini 2008-09-16 22:36 . 2008-09-16 22:37 <DIR> d-------- C:\Program Files\Minitab 15 2008-09-11 16:00 . 2008-09-11 16:00 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\ITTNord 2008-09-08 16:21 . 2008-09-21 00:55 <DIR> d-------- C:\Program Files\iWin.com 2008-09-08 16:18 . 2008-09-08 16:18 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\iWinArcade 2008-09-08 16:18 . 2008-09-19 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games 2008-09-07 15:58 . 2008-09-14 22:00 <DIR> d-------- C:\Program Files\Venture Arctic 2008-09-07 15:37 . 2008-09-14 22:01 <DIR> d-------- C:\Program Files\Red Cross ERU 2008-09-06 20:11 . 2008-09-06 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo 2008-09-06 16:19 . 2008-09-06 16:19 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Big Fish Games 2008-09-06 14:46 . 2008-09-07 11:28 <DIR> d-------- C:\Program Files\The Game Of LIFE PTS 2008-09-06 14:44 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Paparazzi 2008-09-06 14:41 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Peggle Deluxe 2008-09-06 13:23 . 2008-09-07 11:24 <DIR> d-------- C:\Program Files\Azada 2008-09-06 13:20 . 2008-09-07 11:25 <DIR> d-------- C:\Program Files\Hawaiian Explorer The Lost Island 2008-09-06 13:20 . 2008-09-14 22:00 <DIR> d-------- C:\Program Files\Games 2008-09-06 13:14 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Kudos 2008-09-06 13:12 . 2008-09-07 11:24 <DIR> d-------- C:\Program Files\Cooking Academy 2008-09-06 13:09 . 2008-09-21 17:02 <DIR> d-------- C:\Program Files\Fenomen Games Downloader 2008-09-05 23:48 . 2008-09-05 23:48 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Valusoft 2008-09-05 23:48 . 2008-09-05 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Valusoft 2008-09-05 16:54 . 2008-09-05 16:55 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\BeachPartyCraze 2008-09-05 16:45 . 2008-09-05 16:45 588 --a------ C:\WINDOWS\system32\settingsbkup.sfm 2008-09-05 16:45 . 2008-09-05 16:45 588 --a------ C:\WINDOWS\system32\settings.sfm 2008-09-04 10:18 . 2008-09-04 10:18 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Jane s Hotel Family Hero 2008-09-03 19:05 . 2008-09-07 11:30 <DIR> d-------- C:\Program Files\Tropix 2 - The Quest for the Golden Banana 2008-09-02 16:59 . 2008-09-02 16:59 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\ViquaSoft 2008-09-02 14:57 . 2008-09-02 14:57 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\GamesCafe 2008-08-30 10:24 . 2008-08-30 11:17 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Righteous Kill 2008-08-26 21:21 . 2008-08-26 21:21 <DIR> d-------- C:\Program Files\echospin 2008-08-26 21:21 . 2008-08-26 21:31 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\esClient 2008-08-26 21:21 . 2008-08-26 21:21 15,172 --a------ C:\WINDOWS\system32\drivers\PzWDM.sys 2008-08-26 19:47 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Western Digital 2008-08-26 19:47 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Common Files\eSellerate 2008-08-26 19:46 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Memeo 2008-08-26 19:45 . 2008-08-26 19:45 <DIR> d-------- C:\Program Files\Western Digital Technologies 2008-08-26 19:45 . 2008-08-26 19:46 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Memeo 2008-08-26 15:53 . 2008-08-26 15:53 131 --a------ C:\todolist.htm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-23 01:58 --------- d-----w C:\Program Files\Java 2008-09-22 21:27 --------- d-----w C:\Documents and Settings\Manda\Application Data\Move Networks 2008-09-22 20:09 --------- d--h--w C:\Documents and Settings\Manda\Application Data\Gtek 2008-09-22 20:01 --------- d-----w C:\Documents and Settings\Visitor\Application Data\Gtek 2008-09-22 19:56 --------- d-----w C:\Program Files\Trend Micro 2008-09-21 22:04 --------- d-----w C:\Program Files\Yahoo! Games 2008-09-21 22:04 --------- d-----w C:\Documents and Settings\Manda\Application Data\iWin 2008-09-21 16:58 --------- d-----w C:\Program Files\Google 2008-09-20 02:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-20 02:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-20 01:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-15 03:00 --------- d-----w C:\Program Files\GameHouse 2008-09-09 12:39 --------- d-----w C:\Documents and Settings\Manda\Application Data\AdobeUM 2008-09-06 18:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-05 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2008-09-03 02:28 --------- d-----w C:\Documents and Settings\Manda\Application Data\PlayFirst 2008-09-03 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-08-30 15:13 --------- d-----w C:\Documents and Settings\Manda\Application Data\Gamelab 2008-08-30 01:21 --------- d-----w C:\Program Files\Shockwave.com 2008-08-29 23:33 0 ----a-w C:\Program Files\temp01 2008-08-25 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeoEdge Networks 2008-07-27 05:03 --------- d-----w C:\Documents and Settings\Manda\Application Data\Azureus 2006-09-21 05:05 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2007-07-26 21:01 114,688 ----a-w C:\Program Files\internet explorer\plugins\ChimeShim.dll 2007-06-14 19:52 56 -csh--r C:\WINDOWS\system32\54CC8C8FB6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 50528] "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 C:\WINDOWS\MIDIDEF.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-16 98304] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:\WINDOWS\stsystra.exe] "MBMon"="CTMBHA.DLL" [2006-03-03 C:\WINDOWS\system32\CTMBHA.DLL] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-16 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] @="service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk backup=C:\WINDOWS\pss\AutoUpdate Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Manda^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk] path=C:\Documents and Settings\Manda\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk backup=C:\WINDOWS\pss\Memeo AutoBackup Launcher.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Manda^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk] path=C:\Documents and Settings\Manda\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "C:\\Program Files\\America Online 9.0\\waol.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Documents and Settings\\Manda\\Desktop\\VundoFix.exe"= R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-08-26 15172] R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2007-10-25 101120] R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2007-10-25 33408] R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832] R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 61856] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76c5b459-3e7e-11db-9fae-0016cffcea3c}] \Shell\AutoRun\command - E:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88a5330d-73b8-11dd-a115-0016cffcea3c}] \Shell\AutoRun\command - E:\wd_windows_tools\WDSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeb13eb9-857b-11db-a020-0016cffcea3c}] \Shell\AutoRun\command - E:\LaunchU3.exe . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Manda\Application Data\Mozilla\Firefox\Profiles\tl7cygpl.default\ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Program Files\echospin\npesProxy.dll FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-25 22:30:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\WINDOWS\system32\ati2evxx.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Dell\QuickSet\NicConfigSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Zune\ZuneNss.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001 C:\WINDOWS\ehome\ehmsas.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\AIM6\anotify.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************ . Completion time: 2008-09-25 22:44:38 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-26 03:44:31 ComboFix2.txt 2008-09-26 02:12:32 Pre-Run: 36,325,707,776 bytes free Post-Run: 36,313,812,992 bytes free 245 --- E O F --- 2008-04-10 08:02:06 and here is the hijackthis log as well: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:09, on 2008-09-25 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\system32\Rundll32.exe C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001 C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\AIM6\aim6.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://brockport.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Manda\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} (Echospin Proxy Control) - http://echospin.com/wizard/files/esWizard.cab O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail.baypath.edu/iNotes6.cab O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157046608906 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://mail.baypath.edu/dwa7W.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 12099 bytes

amanda732 View Member Profile	Sep 25 2008, 10:19 PM Post #11
Member Posts: 14 OS: XP	I realized after i just posted my most recent reply that it said the windows recovery never installed so i just installed it and here is the log it gave me: WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Egwene View Member Profile	Sep 26 2008, 08:30 AM Post #12
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hello amanda732, Let's go on Open notepad and copy/paste the text in the quotebox below into it: http://www.geekstogo.com/forum/Troj-Virtum-Gen-virus-detected-sophos-t212603.html&gopid=1338226#entry1338226 Collect:: C:\WINDOWS\system32\mrtpfhefkdvvwlz.exe Sysrst:: File:: C:\WINDOWS\system32\kTwxHRqr.ini2 C:\WINDOWS\system32\fhQXxGgh.ini2 C:\ctfmon.exe C:\WINDOWS\system32\yayvWPfF.dll.vir C:\753.bat C:\Program Files\temp01 Folder:: C:\WINDOWS\system32\p C:\WINDOWS\system32\np5 C:\WINDOWS\system32\mC02 C:\WINDOWS\system32\inf C:\WINDOWS\system32\ES C:\Temp\mtc2 Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76c5b459-3e7e-11db-9fae-0016cffcea3c}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88a5330d-73b8-11dd-a115-0016cffcea3c}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeb13eb9-857b-11db-a020-0016cffcea3c}] Save this as CFScript.txt Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you. Post that log in your next reply. Note When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file. Regards, Egwene.

amanda732 View Member Profile	Sep 26 2008, 01:46 PM Post #13
Member Posts: 14 OS: XP	here is the log that i got after i ran the cfscript with combofix. However when it was done i didn't get a message box like it said there would be. ComboFix 08-09-25.03 - Manda 2008-09-26 13:46:42.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.429 [GMT -5:00] Running from: C:\Documents and Settings\Manda\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Manda\Desktop\CFScript.txt * Created a new restore point * Resident AV is active FILE :: C:\753.bat C:\ctfmon.exe C:\Program Files\temp01 C:\WINDOWS\system32\fhQXxGgh.ini2 C:\WINDOWS\system32\kTwxHRqr.ini2 C:\WINDOWS\system32\yayvWPfF.dll.vir . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\753.bat C:\ctfmon.exe C:\Program Files\temp01 C:\Temp\mtc2 C:\Temp\mtc2\h5v.log C:\WINDOWS\system32\ES C:\WINDOWS\system32\ES\ixp6453.exe C:\WINDOWS\system32\fhQXxGgh.ini2 C:\WINDOWS\system32\inf C:\WINDOWS\system32\kTwxHRqr.ini2 C:\WINDOWS\system32\mC02 C:\WINDOWS\system32\mC02\mC022328.exe C:\WINDOWS\system32\mrtpfhefkdvvwlz.exe C:\WINDOWS\system32\np5 C:\WINDOWS\system32\p C:\WINDOWS\system32\yayvWPfF.dll.vir . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV ((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 ))))))))))))))))))))))))))))))) . 2008-09-25 16:11 . 2008-09-25 16:11 711 --a------ C:\Settings.ini 2008-09-25 12:15 . 2008-09-25 12:17 <DIR> d-------- C:\Combo-Fix 2008-09-24 17:40 . 2008-09-24 17:40 <DIR> d-------- C:\_OTMoveIt 2008-09-23 07:34 . 2008-09-23 07:53 <DIR> d-------- C:\Lop SD 2008-09-22 20:59 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-09-22 20:49 . 2008-09-22 20:49 <DIR> d-------- C:\Documents and Settings\Manda\JavaRa 2008-09-22 16:12 . 2008-09-22 16:12 0 --a------ C:\WINDOWS\BS.INI 2008-09-22 15:00 . 2008-09-22 15:00 <DIR> d-------- C:\Program Files\DellSupport 2008-09-22 14:33 . 2008-09-22 14:33 <DIR> d-------- C:\Program Files\ERUNT 2008-09-21 20:06 . 2008-09-21 20:06 <DIR> d-------- C:\VundoFix Backups 2008-09-16 22:38 . 2008-09-16 22:38 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\InstallShield 2008-09-16 22:37 . 2008-09-16 22:37 65 --a------ C:\WINDOWS\minitab.ini 2008-09-16 22:36 . 2008-09-16 22:37 <DIR> d-------- C:\Program Files\Minitab 15 2008-09-11 16:00 . 2008-09-11 16:00 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\ITTNord 2008-09-08 16:21 . 2008-09-21 00:55 <DIR> d-------- C:\Program Files\iWin.com 2008-09-08 16:18 . 2008-09-08 16:18 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\iWinArcade 2008-09-08 16:18 . 2008-09-19 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games 2008-09-07 15:58 . 2008-09-14 22:00 <DIR> d-------- C:\Program Files\Venture Arctic 2008-09-07 15:37 . 2008-09-14 22:01 <DIR> d-------- C:\Program Files\Red Cross ERU 2008-09-06 20:11 . 2008-09-06 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo 2008-09-06 16:19 . 2008-09-06 16:19 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Big Fish Games 2008-09-06 14:46 . 2008-09-07 11:28 <DIR> d-------- C:\Program Files\The Game Of LIFE PTS 2008-09-06 14:44 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Paparazzi 2008-09-06 14:41 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Peggle Deluxe 2008-09-06 13:23 . 2008-09-07 11:24 <DIR> d-------- C:\Program Files\Azada 2008-09-06 13:20 . 2008-09-07 11:25 <DIR> d-------- C:\Program Files\Hawaiian Explorer The Lost Island 2008-09-06 13:20 . 2008-09-14 22:00 <DIR> d-------- C:\Program Files\Games 2008-09-06 13:14 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Kudos 2008-09-06 13:12 . 2008-09-07 11:24 <DIR> d-------- C:\Program Files\Cooking Academy 2008-09-06 13:09 . 2008-09-21 17:02 <DIR> d-------- C:\Program Files\Fenomen Games Downloader 2008-09-05 23:48 . 2008-09-05 23:48 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Valusoft 2008-09-05 23:48 . 2008-09-05 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Valusoft 2008-09-05 16:54 . 2008-09-05 16:55 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\BeachPartyCraze 2008-09-05 16:45 . 2008-09-05 16:45 588 --a------ C:\WINDOWS\system32\settingsbkup.sfm 2008-09-05 16:45 . 2008-09-05 16:45 588 --a------ C:\WINDOWS\system32\settings.sfm 2008-09-04 10:18 . 2008-09-04 10:18 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Jane s Hotel Family Hero 2008-09-03 19:05 . 2008-09-07 11:30 <DIR> d-------- C:\Program Files\Tropix 2 - The Quest for the Golden Banana 2008-09-02 16:59 . 2008-09-02 16:59 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\ViquaSoft 2008-09-02 14:57 . 2008-09-02 14:57 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\GamesCafe 2008-08-30 10:24 . 2008-08-30 11:17 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Righteous Kill 2008-08-26 21:21 . 2008-08-26 21:21 <DIR> d-------- C:\Program Files\echospin 2008-08-26 21:21 . 2008-08-26 21:31 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\esClient 2008-08-26 21:21 . 2008-08-26 21:21 15,172 --a------ C:\WINDOWS\system32\drivers\PzWDM.sys 2008-08-26 19:47 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Western Digital 2008-08-26 19:47 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Common Files\eSellerate 2008-08-26 19:46 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Memeo 2008-08-26 19:45 . 2008-08-26 19:45 <DIR> d-------- C:\Program Files\Western Digital Technologies 2008-08-26 19:45 . 2008-08-26 19:46 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Memeo 2008-08-26 15:53 . 2008-08-26 15:53 131 --a------ C:\todolist.htm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-23 01:58 --------- d-----w C:\Program Files\Java 2008-09-22 21:27 --------- d-----w C:\Documents and Settings\Manda\Application Data\Move Networks 2008-09-22 21:10 6,214 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-09-22 20:09 --------- d--h--w C:\Documents and Settings\Manda\Application Data\Gtek 2008-09-22 20:01 --------- d-----w C:\Documents and Settings\Visitor\Application Data\Gtek 2008-09-22 19:56 --------- d-----w C:\Program Files\Trend Micro 2008-09-21 22:04 --------- d-----w C:\Program Files\Yahoo! Games 2008-09-21 22:04 --------- d-----w C:\Documents and Settings\Manda\Application Data\iWin 2008-09-21 16:58 --------- d-----w C:\Program Files\Google 2008-09-20 02:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-20 02:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-20 01:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-15 03:00 --------- d-----w C:\Program Files\GameHouse 2008-09-09 12:39 --------- d-----w C:\Documents and Settings\Manda\Application Data\AdobeUM 2008-09-06 18:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-05 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2008-09-03 02:28 --------- d-----w C:\Documents and Settings\Manda\Application Data\PlayFirst 2008-09-03 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-08-30 15:13 --------- d-----w C:\Documents and Settings\Manda\Application Data\Gamelab 2008-08-30 01:21 --------- d-----w C:\Program Files\Shockwave.com 2008-08-25 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeoEdge Networks 2008-07-27 05:03 --------- d-----w C:\Documents and Settings\Manda\Application Data\Azureus 2006-09-21 05:05 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2007-07-26 21:01 114,688 ----a-w C:\Program Files\internet explorer\plugins\ChimeShim.dll 2007-06-14 19:52 56 -csh--r C:\WINDOWS\system32\54CC8C8FB6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] @="service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk backup=C:\WINDOWS\pss\AutoUpdate Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Manda^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk] path=C:\Documents and Settings\Manda\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk backup=C:\WINDOWS\pss\Memeo AutoBackup Launcher.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Manda^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk] path=C:\Documents and Settings\Manda\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "C:\\Program Files\\America Online 9.0\\waol.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Documents and Settings\\Manda\\Desktop\\VundoFix.exe"= R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-08-26 15172] R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2007-10-25 101120] R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2007-10-25 33408] R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832] R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 61856] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664] . Contents of the 'Scheduled Tasks' folder . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-26 15:03:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Dell\QuickSet\NicConfigSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Zune\ZuneNss.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\NetWaiting\netwaiting.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\ComboFix\pv.cfexe C:\WINDOWS\temp\sophos_autoupdate1.dir\ALUpdate.exe . ************************************************************************ . Completion time: 2008-09-26 15:14:51 - machine was rebooted [Manda] ComboFix-quarantined-files.txt 2008-09-26 20:14:46 ComboFix2.txt 2008-09-26 03:44:39 ComboFix3.txt 2008-09-26 02:12:32 Pre-Run: 36,212,015,104 bytes free Post-Run: 36,201,795,584 bytes free 230 --- E O F --- 2008-04-10 08:02:06

Egwene View Member Profile	Sep 26 2008, 04:26 PM Post #14
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hello amanda732, 1) Get an uninstall list : Please open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) Click Save, copy and paste the results in your next post. 2) Run MBAM : Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. And please tell me how your computer is running now. Regards, Egwene.

amanda732 View Member Profile	Sep 26 2008, 05:34 PM Post #15
Member Posts: 14 OS: XP	Hi, Here is the hijackthis uninstall log: ACD/Labs Software in C:\ACDFREE10\ Ace Media Player Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 7.0 Adobe Shockwave Player AIM 6 Andrea VoiceCenter AOL Coach Version 1.0(Build:20040229.1 en) AOL Connectivity Services AOL Uninstaller (Choose which Products to Remove) AOLIcon ATI Catalyst Control Center ATI Display Driver Azureus Broadcom Management Programs Brother MFL-Pro Suite CEP - Color Enable Package Conexant HDA D110 MDC V.92 Modem Corel Photo Album 6 Creative MediaSource Dell Digital Jukebox Driver Dell Game Console DellSupport Digital Content Portal Digital Line Detect DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player Documentation & Support Launcher EarthLink setup files ebgcInfra ebgcRes ebgcSDK Echospin Delivery Wizard EducateU ELIcon Enhancement Browser Tools Bambanner ERUNT 1.1j Games, Music, & Photos Launcher High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB888795) Hotfix for Windows XP (KB891593) Hotfix for Windows XP (KB895961) Hotfix for Windows XP (KB899337) Hotfix for Windows XP (KB899510) Hotfix for Windows XP (KB902841) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Intel® PROSet/Wireless Software Internet Service Offers Launcher J2SE Runtime Environment 5.0 Update 8 Java 2 Runtime Environment, SE v1.4.2_03 Java™ 6 Update 7 Learn2 Player (Uninstall Only) LimeWire 4.12.6 mCore MDL Chime/Chime Pro for Internet Explorer mDrWiFi mHlpDell Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Professional Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works 2000 Minitab 15 English mIWA mLogView mMHouse Modem Helper Mozilla Firefox (3.0.2) mPfMgr mPfWiz mProSafe mSSO MSXML 4.0 SP2 (KB927978) MSXML 6.0 Parser (KB927977) Musicmatch for Windows Media Player Musicmatch� Jukebox mWlsSafe mWMI mXML mZConfig Nancy Drew: The Curse of Blackmoor Manor NetWaiting NetZeroInstallers On2 VP7 Personal Edition Otto Paint Shop Pro 7 PaperPort PowerDVD 5.7 Qualxserve Service Agreement QuickSet QuickTime Q-Xpress Installer 1.1.9 RealPlayer Basic Search Assist Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Solitaire Antics Deluxe Sonic DLA Sonic Encoders Sonic MyDVD LE Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sophos Anti-Virus Sophos AutoUpdate Sound Blaster ADVANCED MB Drivers Sound Blaster Audigy ADVANCED MB Sound Blaster Audigy ADVANCED MB Product Registration Spybot - Search & Destroy Synaptics Pointing Device Driver The Sims 2 The Sims 2 Glamour Life Stuff The Sims 2 Nightlife The Sims 2 Open For Business The Sims 2 Pets The Sims 2 University The Sims� 2 Bon Voyage The Sims� 2 Seasons Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB936357) Update Rollup 2 for Windows XP Media Center Edition 2005 URL Assistant Viewpoint Manager (Remove Only) Viewpoint Media Player WD Diagnostics WebCyberCoach 3.2 Dell WIDCOMM Bluetooth Software Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890927 Windows XP Media Center Edition 2005 KB908246 WinRAR archiver WordPerfect Office 12 Zune and here is the MBAM log: Malwarebytes' Anti-Malware 1.28 Database version: 1211 Windows 5.1.2600 Service Pack 2 9/26/2008 7:18:06 PM mbam-log-2008-09-26 (19-18-06).txt Scan type: Quick Scan Objects scanned: 54191 Time elapsed: 7 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) My computer seems to be running a lot better now and when i am online i havent gotten any pop-ups telling me to download antivirus/cleaners for my computer.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Troj/Virtum-Gen Virus [RESOLVED]	10 / 737	12th February 2008 - 03:01 AM socceraddict07 started - last by kahdah
Virus, Spyware and Trojan Removal Troj/Virtum-Gen! Please Help! [RESOLVED]	12 / 607	9th December 2008 - 05:03 PM Killabyte started - last by Rorschach112
Virus, Spyware and Trojan Removal Need help removing Troj/Virtum-Gen virus [RESOLVED]	12 / 1,591	9th December 2008 - 05:05 PM klay44 started - last by Essexboy
Virus, Spyware and Trojan Removal Need help removing Troj/Virtum-Gen Virus [RESOLVED]	3 / 406	9th December 2008 - 10:38 PM bwelty started - last by fenzodahl512