Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Troj/Virtum-Gen virus detected by sophos [RESOLVED]

Started by amanda732 , Sep 22 2008 01:40 PM

  • This topic is locked This topic is locked

#1
amanda732
Posted 22 September 2008 - 01:40 PM

amanda732

    Member

  • Member
  • PipPip
  • 14 posts
My sophos antivirus found the troj/virtum-gen on my computer a couple of days ago. I ran a full computer scan and it then allowed me to clean up the virus. When i restarted my computer the virus was back and after another full computer scan was run it said the cleanup was incomplete and manual removal was required. When I tried to remove the virus components they were either not where they said they would be or they would come back after i removed them. I have tried vundofix as well as virtumundobegone to get rid of the virus but when i scan for the virus they both found no infected files. I have followed the steps in You Must Read This Before Posting A Hijack This Log but my computer wouldn't allow me to download the Malwarebytes' Anti-malware and i cant get to the windows updates page (my computer wont load the page). I ran the hijackthis and here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:53 PM, on 9/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavMain.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\TEMP\sophos_autoupdate1.dir\alupdate.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://brockport.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [BMef074f97] Rundll32.exe "C:\WINDOWS\system32\mbbyqtxh.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Manda\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} (Echospin Proxy Control) - http://echospin.com/...es/esWizard.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail.baypath.edu/iNotes6.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.co...InstallAsst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1157046608906
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://mail.baypath.edu/dwa7W.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL vcrwyz.dll opbhcv.dll eqwgfu.dll jlmuti.dll oxpwdo.dll uvhzkf.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12925 bytes

Thanks in advance for any help you can give me.
  • 0

Advertisements

#2
Egwene
Posted 22 September 2008 - 02:28 PM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello amanda732 !

Welcome to the site! :) My name's Egwene and I'll be helping clean up your computer. :) I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
  • 0

#3
Egwene
Posted 22 September 2008 - 02:48 PM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello amanda732,

Let's begin the removal :)

1) Disable real-time protections :

--> Please disable Trend-Micor internet security real-time protection, more help here : http://www.bleepingc...opic114351.html

--> While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

2) Update Java :

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

3) Run Vundofix :

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

4) Run LopSD option 1 :

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Regards,
Egwene.
  • 0

#4
amanda732
Posted 22 September 2008 - 07:55 PM

amanda732

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I wasnt able to disable sophos so i went into msconfig and stopped it from starting up. i stopped tea-timer, i updated java, and i ran vundofix. However vundofix found no infected files. what should i do now?
  • 0

#5
Egwene
Posted 23 September 2008 - 02:00 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Please do the step 4 now : run LopSD option 1 :)

Don't worry, we will fix your issue :)

Regards,
Egwene.

Edited by Egwene, 23 September 2008 - 02:01 AM.

  • 0

#6
amanda732
Posted 23 September 2008 - 07:39 AM

amanda732

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
here is the Lop S&D log:

--------------------\\ Lop S&D 4.2.4-4 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Genuine Intel® CPU T2250 @ 1.73GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : Manda ( Administrator )
BOOT : Normal boot
Antivirus : Sophos Anti-Virus (Activated)
C:\ (Local Disk) - NTFS - Total : 105 Go Free : 34 Go
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( Tue 09/23/2008| 7:35 )

--------------------\\ Listing folders in APPLIC~1

[08/16/2006|07:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> ATI
[08/16/2005|04:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[08/16/2006|07:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Intel
[08/16/2005|04:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[08/16/2006|07:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun

[09/09/2008|07:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/25/2007|06:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Advanced Chemistry Development
[08/31/2006|07:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[11/05/2007|09:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[03/09/2007|12:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[01/15/2007|03:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Brother
[08/16/2006|07:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Creative Labs
[10/26/2007|05:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Escape From Paradise
[08/26/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> esClient
[04/22/2007|05:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FloodLightGames
[09/06/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Fugazo
[12/16/2007|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Gogii
[04/22/2007|05:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[08/16/2006|07:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[05/03/2008|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HipSoft
[08/16/2006|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[08/16/2006|07:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intel
[09/03/2007|02:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iWin
[09/19/2008|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iWin Games
[11/20/2007|02:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> JollyBear
[08/26/2008|07:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Memeo
[03/23/2008|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[03/09/2008|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MumboJumbo
[04/24/2007|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> n7-89-o9-3r-4t-r9
[09/04/2007|03:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NannyMania
[08/25/2008|03:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NeoEdge Networks
[09/08/2007|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Oberon Games
[10/22/2006|02:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Oberon Media
[09/02/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PlayFirst
[03/07/2007|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[10/08/2006|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[09/04/2008|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sandlot Games
[01/15/2007|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ScanSoft
[01/31/2007|02:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sophos
[09/19/2008|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[09/19/2008|08:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[09/17/2006|01:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[09/05/2008|11:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Valusoft
[11/05/2007|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[08/31/2006|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[04/22/2007|05:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!
[09/07/2007|08:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Zylom

[08/16/2006|07:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> ATI
[08/16/2005|04:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[08/16/2006|07:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Intel
[08/16/2005|04:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[08/16/2006|07:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[03/23/2007|03:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Intel
[03/19/2008|11:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[09/01/2006|06:43] C:\DOCUME~1\Manda\APPLIC~1\<DIR> 7100Series
[10/20/2007|10:02] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Abra Academy2
[09/09/2006|06:28] C:\DOCUME~1\Manda\APPLIC~1\<DIR> acccore
[12/09/2007|07:45] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Adobe
[09/09/2008|07:39] C:\DOCUME~1\Manda\APPLIC~1\<DIR> AdobeUM
[08/16/2006|07:44] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ATI
[07/27/2008|12:03] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Azureus
[09/05/2008|04:55] C:\DOCUME~1\Manda\APPLIC~1\<DIR> BeachPartyCraze
[09/06/2008|04:19] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Big Fish Games
[03/02/2008|11:36] C:\DOCUME~1\Manda\APPLIC~1\<DIR> BloodTies
[01/16/2007|02:22] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Brother
[09/03/2006|10:25] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Corel
[10/02/2006|11:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Corel Photo Album
[08/22/2006|08:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Creative
[01/12/2007|06:10] C:\DOCUME~1\Manda\APPLIC~1\<DIR> CyberLink
[10/15/2006|03:14] C:\DOCUME~1\Manda\APPLIC~1\<DIR> DivX
[09/17/2006|06:53] C:\DOCUME~1\Manda\APPLIC~1\<DIR> EA
[09/03/2007|10:42] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Eyeblaster
[04/22/2007|05:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> FloodLightGames
[09/03/2007|10:35] C:\DOCUME~1\Manda\APPLIC~1\<DIR> GameHouse
[08/30/2008|10:13] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Gamelab
[09/02/2008|02:57] C:\DOCUME~1\Manda\APPLIC~1\<DIR> GamesCafe
[10/23/2006|09:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Google
[09/22/2008|03:09] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Gtek
[06/10/2008|12:36] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Help
[12/15/2007|02:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Home Sweet Home
[08/16/2005|04:50] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Identities
[10/16/2006|10:10] C:\DOCUME~1\Manda\APPLIC~1\<DIR> IMVU
[09/16/2008|10:38] C:\DOCUME~1\Manda\APPLIC~1\<DIR> InstallShield
[08/16/2006|07:35] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Intel
[09/11/2008|04:00] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ITTNord
[09/21/2008|05:04] C:\DOCUME~1\Manda\APPLIC~1\<DIR> iWin
[09/08/2008|04:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> iWinArcade
[10/20/2007|01:17] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Jane s Hotel
[09/04/2008|10:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Jane s Hotel Family Hero
[11/06/2007|06:42] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Legends of pirates
[09/06/2006|10:49] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Macromedia
[04/18/2007|01:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Magic Academy
[09/17/2006|11:37] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Magic Match
[08/25/2008|03:51] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Microsoft
[08/27/2006|05:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Microsoft Web Folders
[09/22/2008|04:27] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Move Networks
[09/06/2008|11:25] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Mozilla
[05/02/2008|10:01] C:\DOCUME~1\Manda\APPLIC~1\<DIR> My Games
[03/09/2008|02:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> MysteryStudio
[09/02/2008|09:28] C:\DOCUME~1\Manda\APPLIC~1\<DIR> PlayFirst
[08/30/2008|11:17] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Righteous Kill
[09/09/2007|09:03] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Sandlot Games
[10/08/2007|08:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> SecuROM
[12/09/2006|05:13] C:\DOCUME~1\Manda\APPLIC~1\<DIR> SmartDraw
[08/16/2006|07:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Sun
[03/09/2008|03:15] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Total Eclipse
[05/01/2008|11:01] C:\DOCUME~1\Manda\APPLIC~1\<DIR> U3
[09/05/2008|11:48] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Valusoft
[09/29/2007|05:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> VeniceMysteryData
[01/17/2007|07:39] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Viewpoint
[09/02/2008|04:59] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ViquaSoft
[04/22/2007|05:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> yahoo!

[03/07/2007|03:15] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[08/16/2006|07:44] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> ATI
[09/22/2008|03:01] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Gtek
[08/16/2005|04:50] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Identities
[08/16/2006|07:35] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Intel
[03/23/2007|03:11] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Microsoft
[08/16/2006|07:31] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Sun

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[09/22/2008 09:00 PM][--a------] C:\WINDOWS\tasks\Daily.job
[09/22/2008 08:36 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 05:00 AM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/07/2007|12:22] C:\Program Files\<DIR> Activision Value
[09/09/2008|07:36] C:\Program Files\<DIR> Adobe
[11/05/2007|09:36] C:\Program Files\<DIR> AIM6
[12/17/2006|10:20] C:\Program Files\<DIR> Alawar
[12/16/2007|08:52] C:\Program Files\<DIR> America Online 9.0
[11/12/2006|04:10] C:\Program Files\<DIR> Ant War
[09/09/2006|06:28] C:\Program Files\<DIR> AOD
[09/09/2006|06:20] C:\Program Files\<DIR> AOL
[08/16/2006|07:49] C:\Program Files\<DIR> AOL Companion
[08/16/2006|07:40] C:\Program Files\<DIR> ATI Technologies
[09/07/2008|11:24] C:\Program Files\<DIR> Azada
[01/30/2007|06:05] C:\Program Files\<DIR> Azureus
[08/16/2006|07:57] C:\Program Files\<DIR> BAE
[04/22/2007|05:13] C:\Program Files\<DIR> BFG
[08/16/2006|07:34] C:\Program Files\<DIR> Broadcom
[01/15/2007|03:22] C:\Program Files\<DIR> Brother
[11/12/2006|04:10] C:\Program Files\<DIR> CakeMania_at
[03/22/2008|08:51] C:\Program Files\<DIR> Cate West The Vanishing Files
[03/19/2008|10:42] C:\Program Files\<DIR> Cathys Caribbean Club
[02/07/2007|04:39] C:\Program Files\<DIR> CoffeeTycoon_at
[08/26/2008|07:47] C:\Program Files\<DIR> Common Files
[08/16/2005|04:38] C:\Program Files\<DIR> ComPlus Applications
[01/12/2007|05:47] C:\Program Files\<DIR> Compton's Home Library
[08/16/2006|07:37] C:\Program Files\<DIR> CONEXANT
[09/07/2008|11:24] C:\Program Files\<DIR> Cooking Academy
[08/16/2006|07:54] C:\Program Files\<DIR> Corel
[08/16/2006|07:55] C:\Program Files\<DIR> Corel Corporation
[08/16/2006|07:43] C:\Program Files\<DIR> Creative
[02/07/2007|04:39] C:\Program Files\<DIR> Crime Puzzle
[08/16/2006|07:44] C:\Program Files\<DIR> CyberLink
[02/07/2007|04:39] C:\Program Files\<DIR> Deep Sea Tycoon 2_at
[10/13/2007|09:41] C:\Program Files\<DIR> DeliveryKing_at
[08/16/2006|08:00] C:\Program Files\<DIR> Dell
[09/22/2008|03:00] C:\Program Files\<DIR> DellSupport
[03/19/2008|11:16] C:\Program Files\<DIR> DIFX
[08/16/2006|07:41] C:\Program Files\<DIR> Digital Line Detect
[03/01/2007|07:42] C:\Program Files\<DIR> DivX
[10/20/2007|04:47] C:\Program Files\<DIR> DreamChronicles_at
[10/08/2007|07:08] C:\Program Files\<DIR> EA GAMES
[08/16/2006|07:49] C:\Program Files\<DIR> EarthLink Setup
[08/26/2008|09:21] C:\Program Files\<DIR> echospin
[08/16/2005|08:51] C:\Program Files\<DIR> EnglishOtto
[09/22/2008|02:33] C:\Program Files\<DIR> ERUNT
[09/21/2008|05:02] C:\Program Files\<DIR> Fenomen Games Downloader
[03/19/2008|10:42] C:\Program Files\<DIR> Feyruna Fairy Forest
[08/23/2006|02:27] C:\Program Files\<DIR> Game On
[09/14/2008|10:00] C:\Program Files\<DIR> GameHouse
[09/14/2008|10:00] C:\Program Files\<DIR> Games
[09/30/2007|02:29] C:\Program Files\<DIR> GamesBar
[12/16/2007|10:28] C:\Program Files\<DIR> GemMaster
[12/01/2006|05:30] C:\Program Files\<DIR> GlobalStar Software
[09/21/2008|11:58] C:\Program Files\<DIR> Google
[03/19/2008|10:43] C:\Program Files\<DIR> Grimms Hatchery
[10/15/2006|03:25] C:\Program Files\<DIR> GustoSoft
[09/07/2008|11:25] C:\Program Files\<DIR> Hawaiian Explorer The Lost Island
[12/18/2006|01:05] C:\Program Files\<DIR> Infogrames
[06/22/2007|03:05] C:\Program Files\<DIR> Infogrames Interactive
[09/06/2008|01:29] C:\Program Files\<DIR> InstallShield Installation Information
[08/16/2006|07:35] C:\Program Files\<DIR> Intel
[08/16/2006|07:35] C:\Program Files\<DIR> Intel, Inc
[04/10/2008|03:01] C:\Program Files\<DIR> Internet Explorer
[09/21/2008|12:55] C:\Program Files\<DIR> iWin.com
[08/27/2006|05:43] C:\Program Files\<DIR> Jasc Software Inc
[09/22/2008|08:58] C:\Program Files\<DIR> Java
[09/07/2008|11:27] C:\Program Files\<DIR> Kudos
[12/16/2007|10:28] C:\Program Files\<DIR> LawandOrderDarkObsession_at
[11/12/2006|04:12] C:\Program Files\<DIR> LawOrderVengefulHeart_at
[08/16/2006|07:49] C:\Program Files\<DIR> Learn2.com
[10/09/2007|10:20] C:\Program Files\<DIR> LimeWire
[12/12/2006|06:23] C:\Program Files\<DIR> Lx_cats
[08/26/2008|07:47] C:\Program Files\<DIR> Memeo
[08/16/2006|07:32] C:\Program Files\<DIR> Messenger
[08/27/2006|05:31] C:\Program Files\<DIR> microsoft frontpage
[08/27/2006|05:31] C:\Program Files\<DIR> Microsoft Office
[08/16/2006|07:47] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[08/16/2006|07:47] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[09/09/2007|08:51] C:\Program Files\<DIR> Microsoft Works
[09/16/2008|10:37] C:\Program Files\<DIR> Minitab 15
[08/16/2006|07:41] C:\Program Files\<DIR> Modem Helper
[10/11/2007|07:09] C:\Program Files\<DIR> ModTheSims2.com
[08/16/2005|04:37] C:\Program Files\<DIR> Movie Maker
[09/23/2008|07:33] C:\Program Files\<DIR> Mozilla Firefox
[08/16/2005|04:37] C:\Program Files\<DIR> MSN
[08/16/2005|04:37] C:\Program Files\<DIR> MSN Gaming Zone
[11/29/2006|12:34] C:\Program Files\<DIR> MSXML 4.0
[08/16/2006|07:52] C:\Program Files\<DIR> MUSICMATCH
[03/22/2008|10:02] C:\Program Files\<DIR> Mysteryville
[06/11/2008|01:04] C:\Program Files\<DIR> Nancy Drew
[08/16/2005|04:40] C:\Program Files\<DIR> NetMeeting
[08/16/2006|07:41] C:\Program Files\<DIR> NetWaiting
[08/16/2006|07:46] C:\Program Files\<DIR> NetZeroInstallers
[11/17/2007|03:16] C:\Program Files\<DIR> Oberon Media
[02/07/2007|05:15] C:\Program Files\<DIR> On2 Technologies
[08/16/2005|04:38] C:\Program Files\<DIR> Online Services
[08/31/2006|01:09] C:\Program Files\<DIR> Outlook Express
[09/07/2008|11:27] C:\Program Files\<DIR> Paparazzi
[09/07/2008|11:27] C:\Program Files\<DIR> Peggle Deluxe
[02/07/2007|04:43] C:\Program Files\<DIR> Pizza Frenzy
[05/04/2008|12:22] C:\Program Files\<DIR> PlayFirst
[08/16/2006|07:49] C:\Program Files\<DIR> QuickTime
[09/21/2006|12:06] C:\Program Files\<DIR> Real
[09/14/2008|10:01] C:\Program Files\<DIR> Red Cross ERU
[12/17/2006|10:04] C:\Program Files\<DIR> ReflexiveArcade
[08/16/2005|08:58] C:\Program Files\<DIR> RGB
[01/15/2007|03:17] C:\Program Files\<DIR> ScanSoft
[08/16/2006|07:57] C:\Program Files\<DIR> SearchAssist
[08/29/2008|08:21] C:\Program Files\<DIR> Shockwave.com
[08/16/2006|07:37] C:\Program Files\<DIR> Sigmatel
[02/24/2007|11:55] C:\Program Files\<DIR> SmartDraw 2007
[08/16/2006|07:49] C:\Program Files\<DIR> Sonic
[09/01/2007|10:27] C:\Program Files\<DIR> Sophos
[01/31/2007|02:00] C:\Program Files\<DIR> Sophos SWEEP for NT
[09/24/2006|02:38] C:\Program Files\<DIR> SpongeBobDinerDash_at
[09/19/2008|09:12] C:\Program Files\<DIR> Spybot - Search & Destroy
[11/17/2007|03:25] C:\Program Files\<DIR> SuperCollapse3_at
[05/04/2008|12:09] C:\Program Files\<DIR> Supple
[08/16/2006|07:34] C:\Program Files\<DIR> Synaptics
[02/21/2007|01:16] C:\Program Files\<DIR> The Adventure Company
[05/04/2008|12:09] C:\Program Files\<DIR> The Game of Life - PTS
[09/07/2008|11:28] C:\Program Files\<DIR> The Game Of LIFE PTS
[02/06/2007|10:48] C:\Program Files\<DIR> TikGames
[09/22/2008|02:56] C:\Program Files\<DIR> Trend Micro
[09/07/2008|11:30] C:\Program Files\<DIR> Tropix 2 - The Quest for the Golden Banana
[11/18/2006|08:37] C:\Program Files\<DIR> TryMedia
[08/16/2005|04:50] C:\Program Files\<DIR> Uninstall Information
[09/14/2008|10:00] C:\Program Files\<DIR> Venture Arctic
[02/25/2007|10:01] C:\Program Files\<DIR> Viewpoint
[04/22/2007|05:30] C:\Program Files\<DIR> Virtual Laguna Beach
[08/16/2006|07:51] C:\Program Files\<DIR> WebCyberCoach
[08/26/2008|07:47] C:\Program Files\<DIR> Western Digital
[08/26/2008|07:45] C:\Program Files\<DIR> Western Digital Technologies
[08/16/2006|07:35] C:\Program Files\<DIR> WIDCOMM
[08/22/2006|08:16] C:\Program Files\<DIR> WildTangent
[03/19/2008|11:15] C:\Program Files\<DIR> Windows Media Player
[08/16/2005|04:37] C:\Program Files\<DIR> Windows NT
[08/16/2005|04:37] C:\Program Files\<DIR> Windows Plus
[01/15/2007|03:09] C:\Program Files\<DIR> WindowsUpdate
[02/24/2008|12:57] C:\Program Files\<DIR> WinRAR
[08/16/2006|07:50] C:\Program Files\<DIR> WordPerfect Office 12
[08/16/2005|04:43] C:\Program Files\<DIR> xerox
[02/28/2007|10:45] C:\Program Files\<DIR> Yahoo!
[09/21/2008|05:04] C:\Program Files\<DIR> Yahoo! Games
[09/23/2006|05:38] C:\Program Files\<DIR> ZooVet_at
[03/23/2008|07:21] C:\Program Files\<DIR> Zune

--------------------\\ Listing Folders in C:\Program Files\Common Files

[08/31/2006|09:23] C:\Program Files\Common Files\<DIR> Adobe
[03/09/2007|12:41] C:\Program Files\Common Files\<DIR> AOL
[08/16/2006|07:49] C:\Program Files\Common Files\<DIR> aolshare
[08/16/2006|07:50] C:\Program Files\Common Files\<DIR> Borland Shared
[09/01/2007|10:27] C:\Program Files\Common Files\<DIR> Cisco Systems
[03/19/2008|11:16] C:\Program Files\Common Files\<DIR> ComponentOne
[08/16/2006|07:50] C:\Program Files\Common Files\<DIR> Corel
[08/16/2006|07:41] C:\Program Files\Common Files\<DIR> Creative Labs Shared
[08/27/2006|05:33] C:\Program Files\Common Files\<DIR> Designer
[08/26/2008|07:47] C:\Program Files\Common Files\<DIR> eSellerate
[09/15/2006|07:24] C:\Program Files\Common Files\<DIR> Hypnotizer
[08/16/2006|07:49] C:\Program Files\Common Files\<DIR> InstallShield
[08/16/2006|07:31] C:\Program Files\Common Files\<DIR> Java
[03/23/2008|07:16] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/16/2005|04:40] C:\Program Files\Common Files\<DIR> MSSoap
[08/16/2006|07:49] C:\Program Files\Common Files\<DIR> Nullsoft
[08/16/2005|04:33] C:\Program Files\Common Files\<DIR> ODBC
[08/16/2006|07:49] C:\Program Files\Common Files\<DIR> Real
[09/23/2006|06:04] C:\Program Files\Common Files\<DIR> Sandlot Shared
[01/15/2007|03:18] C:\Program Files\Common Files\<DIR> ScanSoft Shared
[08/16/2005|04:40] C:\Program Files\Common Files\<DIR> Services
[08/16/2006|07:49] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/16/2005|04:33] C:\Program Files\Common Files\<DIR> SpeechEngines
[09/09/2006|06:31] C:\Program Files\Common Files\<DIR> SWF Studio
[08/31/2006|01:09] C:\Program Files\Common Files\<DIR> System
[08/16/2006|07:47] C:\Program Files\Common Files\<DIR> TiVo Shared

--------------------\\ Process

( 76 Processes )

IEXPLORE.EXE ~ [PID:5340]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Manda\Cookies\manda@advertising[1].txt
C:\DOCUME~1\Manda\Cookies\[email protected][1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 07:47:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\system32\fhQXxGgh.ini2
C:\WINDOWS\system32\kTwxHRqr.ini2
C:\WINDOWS\system32\yIhgOXyb.ini
C:\WINDOWS\system32\yIhgOXyb.ini2
==> VUNDO <==

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet003\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\tdssserv]


Trojan ! .. C:\WINDOWS\system32\tdssservers.dat

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Manda\Incomplete\CORRUPT-0-Brand New - Play Crack The Sky.mp3


[F:63][D:35]-> C:\DOCUME~1\Manda\LOCALS~1\Temp
[F:67][D:0]-> C:\DOCUME~1\Manda\Cookies
[F:129][D:6]-> C:\DOCUME~1\Manda\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 09/23/2008| 7:53 - Option : [1]

--------------------\\ Scan completed at 7:53:58
  • 0

#7
Egwene
Posted 24 September 2008 - 06:19 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello amanda732,

Let's go on :)

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\DOCUME~1\Manda\Incomplete\CORRUPT-0-Brand New - Play Crack The Sky.mp3
purity
emptytemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

---

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Regards,
Egwene.
  • 0

#8
amanda732
Posted 24 September 2008 - 07:30 PM

amanda732

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
hi,
I was able to run OTMoveIt but i when i downloaded combofix it would not allow me to run it. It said "you cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." Because of this the Windows XP recovery console wouldn't work either. Here is the OTMoveIt log though.


Explorer killed successfully
C:\DOCUME~1\Manda\Incomplete\CORRUPT-0-Brand New - Play Crack The Sky.mp3 moved successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manda\LOCALS~1\Temp\etilqs_rjHDoP5u1uzi3U6z03bC scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manda\LOCALS~1\Temp\Perflib_Perfdata_15b4.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manda\LOCALS~1\Temp\Perflib_Perfdata_aa8.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001.dir.0000\~efe2.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09242008_174007

Files moved on Reboot...
C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001 moved successfully.
File C:\DOCUME~1\Manda\LOCALS~1\Temp\etilqs_rjHDoP5u1uzi3U6z03bC not found!
File C:\DOCUME~1\Manda\LOCALS~1\Temp\Perflib_Perfdata_15b4.dat not found!
File C:\DOCUME~1\Manda\LOCALS~1\Temp\Perflib_Perfdata_aa8.dat not found!
File C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp not found!
File C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001.dir.0000\~efe2.tmp not found!
  • 0

#9
Egwene
Posted 25 September 2008 - 07:45 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello amanda732,

Please delete combofix.exe by right-click on it and delete. Then please do the following :

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Please visit this web page for instructions for running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Regards,
Egwene.
  • 0

#10
amanda732
Posted 25 September 2008 - 10:12 PM

amanda732

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I was able to get combofix to work. Here is the combofix log:

ComboFix 08-09-25.03 - Manda 2008-09-25 21:16:49.2 - NTFSx86
Running from: C:\Documents and Settings\Manda\Desktop\Combo-Fix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV


((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.

2008-09-25 16:11 . 2008-09-25 16:11 711 --a------ C:\Settings.ini
2008-09-24 17:40 . 2008-09-24 17:40 <DIR> d-------- C:\_OTMoveIt
2008-09-23 07:34 . 2008-09-23 07:53 <DIR> d-------- C:\Lop SD
2008-09-22 20:59 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-22 20:49 . 2008-09-22 20:49 <DIR> d-------- C:\Documents and Settings\Manda\JavaRa
2008-09-22 16:12 . 2008-09-22 16:12 0 --a------ C:\WINDOWS\BS.INI
2008-09-22 15:00 . 2008-09-22 15:00 <DIR> d-------- C:\Program Files\DellSupport
2008-09-22 14:33 . 2008-09-22 14:33 <DIR> d-------- C:\Program Files\ERUNT
2008-09-21 20:06 . 2008-09-21 20:06 <DIR> d-------- C:\VundoFix Backups
2008-09-20 15:54 . 2008-09-20 22:26 865,301 --ahs---- C:\WINDOWS\system32\kTwxHRqr.ini2
2008-09-19 19:47 . 2008-09-20 14:43 889,501 --ahs---- C:\WINDOWS\system32\fhQXxGgh.ini2
2008-09-19 18:23 . 2008-09-20 14:39 <DIR> d-------- C:\WINDOWS\system32\p
2008-09-19 18:23 . 2008-09-20 15:37 <DIR> d-------- C:\WINDOWS\system32\np5
2008-09-19 18:23 . 2008-09-19 18:23 <DIR> d-------- C:\WINDOWS\system32\mC02
2008-09-19 18:23 . 2008-09-25 19:54 <DIR> d-------- C:\WINDOWS\system32\inf
2008-09-19 18:23 . 2008-09-19 18:23 <DIR> d-------- C:\WINDOWS\system32\ES
2008-09-19 18:23 . 2008-09-19 18:23 <DIR> d-------- C:\Temp\mtc2
2008-09-19 18:23 . 2008-09-19 18:23 107,008 --a------ C:\ctfmon.exe
2008-09-19 18:23 . 2008-09-19 18:23 71,711 --a------ C:\WINDOWS\system32\mrtpfhefkdvvwlz.exe
2008-09-19 18:23 . 2008-09-19 18:23 34,816 --a------ C:\WINDOWS\system32\yayvWPfF.dll.vir
2008-09-19 18:23 . 2008-09-19 18:23 355 --a------ C:\753.bat
2008-09-16 22:38 . 2008-09-16 22:38 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\InstallShield
2008-09-16 22:37 . 2008-09-16 22:37 65 --a------ C:\WINDOWS\minitab.ini
2008-09-16 22:36 . 2008-09-16 22:37 <DIR> d-------- C:\Program Files\Minitab 15
2008-09-11 16:00 . 2008-09-11 16:00 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\ITTNord
2008-09-08 16:21 . 2008-09-21 00:55 <DIR> d-------- C:\Program Files\iWin.com
2008-09-08 16:18 . 2008-09-08 16:18 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\iWinArcade
2008-09-08 16:18 . 2008-09-19 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-09-07 15:58 . 2008-09-14 22:00 <DIR> d-------- C:\Program Files\Venture Arctic
2008-09-07 15:37 . 2008-09-14 22:01 <DIR> d-------- C:\Program Files\Red Cross ERU
2008-09-06 20:11 . 2008-09-06 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-09-06 16:19 . 2008-09-06 16:19 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Big Fish Games
2008-09-06 14:46 . 2008-09-07 11:28 <DIR> d-------- C:\Program Files\The Game Of LIFE PTS
2008-09-06 14:44 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Paparazzi
2008-09-06 14:41 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Peggle Deluxe
2008-09-06 13:23 . 2008-09-07 11:24 <DIR> d-------- C:\Program Files\Azada
2008-09-06 13:20 . 2008-09-07 11:25 <DIR> d-------- C:\Program Files\Hawaiian Explorer The Lost Island
2008-09-06 13:20 . 2008-09-14 22:00 <DIR> d-------- C:\Program Files\Games
2008-09-06 13:14 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Kudos
2008-09-06 13:12 . 2008-09-07 11:24 <DIR> d-------- C:\Program Files\Cooking Academy
2008-09-06 13:09 . 2008-09-21 17:02 <DIR> d-------- C:\Program Files\Fenomen Games Downloader
2008-09-05 23:48 . 2008-09-05 23:48 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Valusoft
2008-09-05 23:48 . 2008-09-05 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Valusoft
2008-09-05 16:54 . 2008-09-05 16:55 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\BeachPartyCraze
2008-09-05 16:45 . 2008-09-05 16:45 588 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-09-05 16:45 . 2008-09-05 16:45 588 --a------ C:\WINDOWS\system32\settings.sfm
2008-09-04 10:18 . 2008-09-04 10:18 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Jane s Hotel Family Hero
2008-09-03 19:05 . 2008-09-07 11:30 <DIR> d-------- C:\Program Files\Tropix 2 - The Quest for the Golden Banana
2008-09-02 16:59 . 2008-09-02 16:59 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\ViquaSoft
2008-09-02 14:57 . 2008-09-02 14:57 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\GamesCafe
2008-08-30 10:24 . 2008-08-30 11:17 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Righteous Kill
2008-08-26 21:21 . 2008-08-26 21:21 <DIR> d-------- C:\Program Files\echospin
2008-08-26 21:21 . 2008-08-26 21:31 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\esClient
2008-08-26 21:21 . 2008-08-26 21:21 15,172 --a------ C:\WINDOWS\system32\drivers\PzWDM.sys
2008-08-26 19:47 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Western Digital
2008-08-26 19:47 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Common Files\eSellerate
2008-08-26 19:46 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Memeo
2008-08-26 19:45 . 2008-08-26 19:45 <DIR> d-------- C:\Program Files\Western Digital Technologies
2008-08-26 19:45 . 2008-08-26 19:46 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Memeo
2008-08-26 15:53 . 2008-08-26 15:53 131 --a------ C:\todolist.htm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 01:58 --------- d-----w C:\Program Files\Java
2008-09-22 21:27 --------- d-----w C:\Documents and Settings\Manda\Application Data\Move Networks
2008-09-22 20:09 --------- d--h--w C:\Documents and Settings\Manda\Application Data\Gtek
2008-09-22 20:01 --------- d-----w C:\Documents and Settings\Visitor\Application Data\Gtek
2008-09-22 19:56 --------- d-----w C:\Program Files\Trend Micro
2008-09-21 22:04 --------- d-----w C:\Program Files\Yahoo! Games
2008-09-21 22:04 --------- d-----w C:\Documents and Settings\Manda\Application Data\iWin
2008-09-21 16:58 --------- d-----w C:\Program Files\Google
2008-09-20 02:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-20 02:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-20 01:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-15 03:00 --------- d-----w C:\Program Files\GameHouse
2008-09-09 12:39 --------- d-----w C:\Documents and Settings\Manda\Application Data\AdobeUM
2008-09-06 18:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-05 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-03 02:28 --------- d-----w C:\Documents and Settings\Manda\Application Data\PlayFirst
2008-09-03 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-08-30 15:13 --------- d-----w C:\Documents and Settings\Manda\Application Data\Gamelab
2008-08-30 01:21 --------- d-----w C:\Program Files\Shockwave.com
2008-08-29 23:33 0 ----a-w C:\Program Files\temp01
2008-08-25 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-07-27 05:03 --------- d-----w C:\Documents and Settings\Manda\Application Data\Azureus
2006-09-21 05:05 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-07-26 21:01 114,688 ----a-w C:\Program Files\internet explorer\plugins\ChimeShim.dll
2007-06-14 19:52 56 -csh--r C:\WINDOWS\system32\54CC8C8FB6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 50528]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-16 98304]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:\WINDOWS\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2006-03-03 C:\WINDOWS\system32\CTMBHA.DLL]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-16 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=C:\WINDOWS\pss\AutoUpdate Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Manda^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=C:\Documents and Settings\Manda\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=C:\WINDOWS\pss\Memeo AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Manda^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=C:\Documents and Settings\Manda\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Documents and Settings\\Manda\\Desktop\\VundoFix.exe"=

R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-08-26 15172]
R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2007-10-25 101120]
R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2007-10-25 33408]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 61856]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76c5b459-3e7e-11db-9fae-0016cffcea3c}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88a5330d-73b8-11dd-a115-0016cffcea3c}]
\Shell\AutoRun\command - E:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeb13eb9-857b-11db-a020-0016cffcea3c}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Manda\Application Data\Mozilla\Firefox\Profiles\tl7cygpl.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\echospin\npesProxy.dll
FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 22:30:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Zune\ZuneNss.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\anotify.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-09-25 22:44:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-26 03:44:31
ComboFix2.txt 2008-09-26 02:12:32

Pre-Run: 36,325,707,776 bytes free
Post-Run: 36,313,812,992 bytes free

245 --- E O F --- 2008-04-10 08:02:06


and here is the hijackthis log as well:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09, on 2008-09-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://brockport.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Manda\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} (Echospin Proxy Control) - http://echospin.com/...es/esWizard.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail.baypath.edu/iNotes6.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.co...InstallAsst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1157046608906
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://mail.baypath.edu/dwa7W.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12099 bytes
  • 0

Advertisements

#11
amanda732
Posted 25 September 2008 - 10:19 PM

amanda732

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I realized after i just posted my most recent reply that it said the windows recovery never installed so i just installed it and here is the log it gave me:

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
  • 0

#12
Egwene
Posted 26 September 2008 - 08:30 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello amanda732,

Let's go on :)

Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo.com/forum/Troj-Virtum-Gen-virus-detected-sophos-t212603.html&gopid=1338226#entry1338226

Collect::
C:\WINDOWS\system32\mrtpfhefkdvvwlz.exe

Sysrst::

File::
C:\WINDOWS\system32\kTwxHRqr.ini2
C:\WINDOWS\system32\fhQXxGgh.ini2
C:\ctfmon.exe
C:\WINDOWS\system32\yayvWPfF.dll.vir
C:\753.bat
C:\Program Files\temp01

Folder::
C:\WINDOWS\system32\p
C:\WINDOWS\system32\np5
C:\WINDOWS\system32\mC02
C:\WINDOWS\system32\inf
C:\WINDOWS\system32\ES
C:\Temp\mtc2

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76c5b459-3e7e-11db-9fae-0016cffcea3c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88a5330d-73b8-11dd-a115-0016cffcea3c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeb13eb9-857b-11db-a020-0016cffcea3c}]

Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.

Regards,
Egwene.
  • 0

#13
amanda732
Posted 26 September 2008 - 01:46 PM

amanda732

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
here is the log that i got after i ran the cfscript with combofix. However when it was done i didn't get a message box like it said there would be.

ComboFix 08-09-25.03 - Manda 2008-09-26 13:46:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.429 [GMT -5:00]
Running from: C:\Documents and Settings\Manda\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Manda\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\753.bat
C:\ctfmon.exe
C:\Program Files\temp01
C:\WINDOWS\system32\fhQXxGgh.ini2
C:\WINDOWS\system32\kTwxHRqr.ini2
C:\WINDOWS\system32\yayvWPfF.dll.vir
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\753.bat
C:\ctfmon.exe
C:\Program Files\temp01
C:\Temp\mtc2
C:\Temp\mtc2\h5v.log
C:\WINDOWS\system32\ES
C:\WINDOWS\system32\ES\ixp6453.exe
C:\WINDOWS\system32\fhQXxGgh.ini2
C:\WINDOWS\system32\inf
C:\WINDOWS\system32\kTwxHRqr.ini2
C:\WINDOWS\system32\mC02
C:\WINDOWS\system32\mC02\mC022328.exe
C:\WINDOWS\system32\mrtpfhefkdvvwlz.exe
C:\WINDOWS\system32\np5
C:\WINDOWS\system32\p
C:\WINDOWS\system32\yayvWPfF.dll.vir

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV


((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.

2008-09-25 16:11 . 2008-09-25 16:11 711 --a------ C:\Settings.ini
2008-09-25 12:15 . 2008-09-25 12:17 <DIR> d-------- C:\Combo-Fix
2008-09-24 17:40 . 2008-09-24 17:40 <DIR> d-------- C:\_OTMoveIt
2008-09-23 07:34 . 2008-09-23 07:53 <DIR> d-------- C:\Lop SD
2008-09-22 20:59 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-22 20:49 . 2008-09-22 20:49 <DIR> d-------- C:\Documents and Settings\Manda\JavaRa
2008-09-22 16:12 . 2008-09-22 16:12 0 --a------ C:\WINDOWS\BS.INI
2008-09-22 15:00 . 2008-09-22 15:00 <DIR> d-------- C:\Program Files\DellSupport
2008-09-22 14:33 . 2008-09-22 14:33 <DIR> d-------- C:\Program Files\ERUNT
2008-09-21 20:06 . 2008-09-21 20:06 <DIR> d-------- C:\VundoFix Backups
2008-09-16 22:38 . 2008-09-16 22:38 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\InstallShield
2008-09-16 22:37 . 2008-09-16 22:37 65 --a------ C:\WINDOWS\minitab.ini
2008-09-16 22:36 . 2008-09-16 22:37 <DIR> d-------- C:\Program Files\Minitab 15
2008-09-11 16:00 . 2008-09-11 16:00 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\ITTNord
2008-09-08 16:21 . 2008-09-21 00:55 <DIR> d-------- C:\Program Files\iWin.com
2008-09-08 16:18 . 2008-09-08 16:18 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\iWinArcade
2008-09-08 16:18 . 2008-09-19 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-09-07 15:58 . 2008-09-14 22:00 <DIR> d-------- C:\Program Files\Venture Arctic
2008-09-07 15:37 . 2008-09-14 22:01 <DIR> d-------- C:\Program Files\Red Cross ERU
2008-09-06 20:11 . 2008-09-06 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-09-06 16:19 . 2008-09-06 16:19 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Big Fish Games
2008-09-06 14:46 . 2008-09-07 11:28 <DIR> d-------- C:\Program Files\The Game Of LIFE PTS
2008-09-06 14:44 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Paparazzi
2008-09-06 14:41 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Peggle Deluxe
2008-09-06 13:23 . 2008-09-07 11:24 <DIR> d-------- C:\Program Files\Azada
2008-09-06 13:20 . 2008-09-07 11:25 <DIR> d-------- C:\Program Files\Hawaiian Explorer The Lost Island
2008-09-06 13:20 . 2008-09-14 22:00 <DIR> d-------- C:\Program Files\Games
2008-09-06 13:14 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Kudos
2008-09-06 13:12 . 2008-09-07 11:24 <DIR> d-------- C:\Program Files\Cooking Academy
2008-09-06 13:09 . 2008-09-21 17:02 <DIR> d-------- C:\Program Files\Fenomen Games Downloader
2008-09-05 23:48 . 2008-09-05 23:48 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Valusoft
2008-09-05 23:48 . 2008-09-05 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Valusoft
2008-09-05 16:54 . 2008-09-05 16:55 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\BeachPartyCraze
2008-09-05 16:45 . 2008-09-05 16:45 588 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-09-05 16:45 . 2008-09-05 16:45 588 --a------ C:\WINDOWS\system32\settings.sfm
2008-09-04 10:18 . 2008-09-04 10:18 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Jane s Hotel Family Hero
2008-09-03 19:05 . 2008-09-07 11:30 <DIR> d-------- C:\Program Files\Tropix 2 - The Quest for the Golden Banana
2008-09-02 16:59 . 2008-09-02 16:59 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\ViquaSoft
2008-09-02 14:57 . 2008-09-02 14:57 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\GamesCafe
2008-08-30 10:24 . 2008-08-30 11:17 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Righteous Kill
2008-08-26 21:21 . 2008-08-26 21:21 <DIR> d-------- C:\Program Files\echospin
2008-08-26 21:21 . 2008-08-26 21:31 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\esClient
2008-08-26 21:21 . 2008-08-26 21:21 15,172 --a------ C:\WINDOWS\system32\drivers\PzWDM.sys
2008-08-26 19:47 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Western Digital
2008-08-26 19:47 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Common Files\eSellerate
2008-08-26 19:46 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Memeo
2008-08-26 19:45 . 2008-08-26 19:45 <DIR> d-------- C:\Program Files\Western Digital Technologies
2008-08-26 19:45 . 2008-08-26 19:46 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Memeo
2008-08-26 15:53 . 2008-08-26 15:53 131 --a------ C:\todolist.htm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 01:58 --------- d-----w C:\Program Files\Java
2008-09-22 21:27 --------- d-----w C:\Documents and Settings\Manda\Application Data\Move Networks
2008-09-22 21:10 6,214 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-09-22 20:09 --------- d--h--w C:\Documents and Settings\Manda\Application Data\Gtek
2008-09-22 20:01 --------- d-----w C:\Documents and Settings\Visitor\Application Data\Gtek
2008-09-22 19:56 --------- d-----w C:\Program Files\Trend Micro
2008-09-21 22:04 --------- d-----w C:\Program Files\Yahoo! Games
2008-09-21 22:04 --------- d-----w C:\Documents and Settings\Manda\Application Data\iWin
2008-09-21 16:58 --------- d-----w C:\Program Files\Google
2008-09-20 02:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-20 02:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-20 01:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-15 03:00 --------- d-----w C:\Program Files\GameHouse
2008-09-09 12:39 --------- d-----w C:\Documents and Settings\Manda\Application Data\AdobeUM
2008-09-06 18:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-05 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-03 02:28 --------- d-----w C:\Documents and Settings\Manda\Application Data\PlayFirst
2008-09-03 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-08-30 15:13 --------- d-----w C:\Documents and Settings\Manda\Application Data\Gamelab
2008-08-30 01:21 --------- d-----w C:\Program Files\Shockwave.com
2008-08-25 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-07-27 05:03 --------- d-----w C:\Documents and Settings\Manda\Application Data\Azureus
2006-09-21 05:05 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-07-26 21:01 114,688 ----a-w C:\Program Files\internet explorer\plugins\ChimeShim.dll
2007-06-14 19:52 56 -csh--r C:\WINDOWS\system32\54CC8C8FB6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=C:\WINDOWS\pss\AutoUpdate Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Manda^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=C:\Documents and Settings\Manda\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=C:\WINDOWS\pss\Memeo AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Manda^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=C:\Documents and Settings\Manda\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Documents and Settings\\Manda\\Desktop\\VundoFix.exe"=

R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-08-26 15172]
R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2007-10-25 101120]
R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2007-10-25 33408]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 61856]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664]
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 15:03:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Zune\ZuneNss.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetWaiting\netwaiting.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\ComboFix\pv.cfexe
C:\WINDOWS\temp\sophos_autoupdate1.dir\ALUpdate.exe
.
**************************************************************************
.
Completion time: 2008-09-26 15:14:51 - machine was rebooted [Manda]
ComboFix-quarantined-files.txt 2008-09-26 20:14:46
ComboFix2.txt 2008-09-26 03:44:39
ComboFix3.txt 2008-09-26 02:12:32

Pre-Run: 36,212,015,104 bytes free
Post-Run: 36,201,795,584 bytes free

230 --- E O F --- 2008-04-10 08:02:06
  • 0

#14
Egwene
Posted 26 September 2008 - 04:26 PM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello amanda732,

1) Get an uninstall list :

Please open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

2) Run MBAM :

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

And please tell me how your computer is running now.

Regards,
Egwene.
  • 0

#15
amanda732
Posted 26 September 2008 - 05:34 PM

amanda732

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi,

Here is the hijackthis uninstall log:

ACD/Labs Software in C:\ACDFREE10\
Ace Media Player
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0
Adobe Shockwave Player
AIM 6
Andrea VoiceCenter
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
ATI Catalyst Control Center
ATI Display Driver
Azureus
Broadcom Management Programs
Brother MFL-Pro Suite
CEP - Color Enable Package
Conexant HDA D110 MDC V.92 Modem
Corel Photo Album 6
Creative MediaSource
Dell Digital Jukebox Driver
Dell Game Console
DellSupport
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Documentation & Support Launcher
EarthLink setup files
ebgcInfra
ebgcRes
ebgcSDK
Echospin Delivery Wizard
EducateU
ELIcon
Enhancement Browser Tools Bambanner
ERUNT 1.1j
Games, Music, & Photos Launcher
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel® PROSet/Wireless Software
Internet Service Offers Launcher
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 7
Learn2 Player (Uninstall Only)
LimeWire 4.12.6
mCore
MDL Chime/Chime Pro for Internet Explorer
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 2000
Minitab 15 English
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.2)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB927977)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mWMI
mXML
mZConfig
Nancy Drew: The Curse of Blackmoor Manor
NetWaiting
NetZeroInstallers
On2 VP7 Personal Edition
Otto
Paint Shop Pro 7
PaperPort
PowerDVD 5.7
Qualxserve Service Agreement
QuickSet
QuickTime
Q-Xpress Installer 1.1.9
RealPlayer Basic
Search Assist
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Solitaire Antics Deluxe
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sophos Anti-Virus
Sophos AutoUpdate
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Spybot - Search & Destroy
Synaptics Pointing Device Driver
The Sims 2
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Bon Voyage
The Sims™ 2 Seasons
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WD Diagnostics
WebCyberCoach 3.2 Dell
WIDCOMM Bluetooth Software
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB908246
WinRAR archiver
WordPerfect Office 12
Zune


and here is the MBAM log:


Malwarebytes' Anti-Malware 1.28
Database version: 1211
Windows 5.1.2600 Service Pack 2

9/26/2008 7:18:06 PM
mbam-log-2008-09-26 (19-18-06).txt

Scan type: Quick Scan
Objects scanned: 54191
Time elapsed: 7 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


My computer seems to be running a lot better now and when i am online i havent gotten any pop-ups telling me to download antivirus/cleaners for my computer.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP