[Egwene]

Hello amanda732,

We are nearly finished

1) Uninstall some programs :

Please go Start > Control Panel > Add/Remove Programs and remove the following (if present):

• Adobe Reader 7.0
• Azureus
• J2SE Runtime Environment 5.0 Update 8
• Java 2 Runtime Environment, SE v1.4.2_03
• LimeWire 4.12.6
• Viewpoint Manager (Remove Only)
• Viewpoint Media Player

Optional Removals : You have at least one peer-to-peer softwares on your computer. If you wish to find out whether the one you're using does, click Here.
Even if you are using a so called "safe" program,it's only the program that's safe.
You will be sharing files from uncertified sources,and these are often infected.

Optional Removals :
Viewpoint Manager is considered as softtware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546

2) Run Kaspersky Online :

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Regards,
Egwene.

[Advertisements]

i removed all the programs except for the limewire from my computer and i ran the kaspersky scan. here is the report:

Saturday, September 27, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, September 27, 2008 15:11:32
Records in database: 1265981


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\

Scan statistics
Files scanned 104909
Threat name 14
Infected objects 58
Suspicious objects 0
Duration of the scan 02:30:02

File name Threat name Threats count
C:\Documents and Settings\Manda\Shared\Saving Abel - She Got Over Me.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\i386\amltjecv.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\axqcgpqb.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\bcrpstwb.dll Infected: Trojan.Win32.Monder.pse 1

C:\i386\byXOghIy.dll Infected: Trojan.Win32.Monder.psi 1

C:\i386\chkheibj.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.efd 1

C:\i386\dmhvrslh.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\fcccbCst.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\geBqRhIx.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\ivbespuc.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\ixp6453.exe Infected: not-a-virus:AdWare.Win32.WebHancer.f 1

C:\i386\ixp6453.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 1

C:\i386\jkkJyASI.dll Infected: Trojan.Win32.Monder.pph 1

C:\i386\jlmuti.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.efd 1

C:\i386\mbwxpf.dll Infected: Trojan.Win32.Monder.pse 1

C:\i386\mC022328.exe Infected: Trojan-Downloader.Win32.VB.hpv 1

C:\i386\ngwrggcj.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\nnnkLfcD.dll Infected: Trojan.Win32.Monder.psf 1

C:\i386\opnkllMg.dll Infected: Trojan.Win32.Monder.psf 1

C:\i386\opnMGyyW.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\pmnkhFuR.dll Infected: Trojan.Win32.Monder.psf 1

C:\i386\smhsmkvn.dll Infected: Trojan.Win32.Monder.pse 1

C:\i386\TDSSgddn.dll Infected: Rootkit.Win32.Clbd.kf 1

C:\i386\tuvSljgD.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\tuvVPfeC.dll Infected: Trojan.Win32.Monder.psf 1

C:\i386\vcrwyz.dll Infected: Trojan.Win32.Monder.pse 1

C:\i386\yayvWPfF.dll.vir Infected: Trojan.Win32.Monder.pph 1

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1

C:\QooBox\Quarantine\C\smss.exe.vir Infected: Trojan-Downloader.Win32.VB.hpv 1

C:\QooBox\Quarantine\C\WINDOWS\system32\amltjecv.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\axqcgpqb.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\bcrpstwb.dll.vir Infected: Trojan.Win32.Monder.pse 1

C:\QooBox\Quarantine\C\WINDOWS\system32\byXOghIy.dll.vir Infected: Trojan.Win32.Monder.psi 1

C:\QooBox\Quarantine\C\WINDOWS\system32\chkheibj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.efd 1

C:\QooBox\Quarantine\C\WINDOWS\system32\dmhvrslh.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ES\ixp6453.exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.f 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ES\ixp6453.exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fcccbCst.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\geBqRhIx.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ivbespuc.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkJyASI.dll.vir Infected: Trojan.Win32.Monder.pph 1

C:\QooBox\Quarantine\C\WINDOWS\system32\jlmuti.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.efd 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mbwxpf.dll.vir Infected: Trojan.Win32.Monder.pse 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mC02\mC022328.exe.vir Infected: Trojan-Downloader.Win32.VB.hpv 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ngwrggcj.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\nnnkLfcD.dll.vir Infected: Trojan.Win32.Monder.psf 1

C:\QooBox\Quarantine\C\WINDOWS\system32\opnkllMg.dll.vir Infected: Trojan.Win32.Monder.psf 1

C:\QooBox\Quarantine\C\WINDOWS\system32\opnMGyyW.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\pmnkhFuR.dll.vir Infected: Trojan.Win32.Monder.psf 1

C:\QooBox\Quarantine\C\WINDOWS\system32\qvmlqniy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.alqc 1

C:\QooBox\Quarantine\C\WINDOWS\system32\smhsmkvn.dll.vir Infected: Trojan.Win32.Monder.pse 1

C:\QooBox\Quarantine\C\WINDOWS\system32\snnltsyy.dll.vir Infected: Trojan.Win32.Monder.qgq 1

C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSgddn.dll.vir Infected: Rootkit.Win32.Clbd.kf 1

C:\QooBox\Quarantine\C\WINDOWS\system32\tuvSljgD.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\tuvVPfeC.dll.vir Infected: Trojan.Win32.Monder.psf 1

C:\QooBox\Quarantine\C\WINDOWS\system32\vcrwyz.dll.vir Infected: Trojan.Win32.Monder.pse 1

C:\QooBox\Quarantine\C\WINDOWS\system32\vswcnqal.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.alqc 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yayvWPfF.dll.vir.vir Infected: Trojan.Win32.Monder.pph 1

The selected area was scanned.

[amanda732]

i removed all the programs except for the limewire from my computer and i ran the kaspersky scan. here is the report:

Saturday, September 27, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, September 27, 2008 15:11:32
Records in database: 1265981


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\

Scan statistics
Files scanned 104909
Threat name 14
Infected objects 58
Suspicious objects 0
Duration of the scan 02:30:02

File name Threat name Threats count
C:\Documents and Settings\Manda\Shared\Saving Abel - She Got Over Me.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\i386\amltjecv.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\axqcgpqb.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\bcrpstwb.dll Infected: Trojan.Win32.Monder.pse 1

C:\i386\byXOghIy.dll Infected: Trojan.Win32.Monder.psi 1

C:\i386\chkheibj.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.efd 1

C:\i386\dmhvrslh.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\fcccbCst.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\geBqRhIx.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\ivbespuc.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\ixp6453.exe Infected: not-a-virus:AdWare.Win32.WebHancer.f 1

C:\i386\ixp6453.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 1

C:\i386\jkkJyASI.dll Infected: Trojan.Win32.Monder.pph 1

C:\i386\jlmuti.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.efd 1

C:\i386\mbwxpf.dll Infected: Trojan.Win32.Monder.pse 1

C:\i386\mC022328.exe Infected: Trojan-Downloader.Win32.VB.hpv 1

C:\i386\ngwrggcj.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\nnnkLfcD.dll Infected: Trojan.Win32.Monder.psf 1

C:\i386\opnkllMg.dll Infected: Trojan.Win32.Monder.psf 1

C:\i386\opnMGyyW.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\pmnkhFuR.dll Infected: Trojan.Win32.Monder.psf 1

C:\i386\smhsmkvn.dll Infected: Trojan.Win32.Monder.pse 1

C:\i386\TDSSgddn.dll Infected: Rootkit.Win32.Clbd.kf 1

C:\i386\tuvSljgD.dll Infected: Trojan.Win32.Monder.psh 1

C:\i386\tuvVPfeC.dll Infected: Trojan.Win32.Monder.psf 1

C:\i386\vcrwyz.dll Infected: Trojan.Win32.Monder.pse 1

C:\i386\yayvWPfF.dll.vir Infected: Trojan.Win32.Monder.pph 1

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1

C:\QooBox\Quarantine\C\smss.exe.vir Infected: Trojan-Downloader.Win32.VB.hpv 1

C:\QooBox\Quarantine\C\WINDOWS\system32\amltjecv.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\axqcgpqb.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\bcrpstwb.dll.vir Infected: Trojan.Win32.Monder.pse 1

C:\QooBox\Quarantine\C\WINDOWS\system32\byXOghIy.dll.vir Infected: Trojan.Win32.Monder.psi 1

C:\QooBox\Quarantine\C\WINDOWS\system32\chkheibj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.efd 1

C:\QooBox\Quarantine\C\WINDOWS\system32\dmhvrslh.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ES\ixp6453.exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.f 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ES\ixp6453.exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fcccbCst.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\geBqRhIx.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ivbespuc.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkJyASI.dll.vir Infected: Trojan.Win32.Monder.pph 1

C:\QooBox\Quarantine\C\WINDOWS\system32\jlmuti.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.efd 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mbwxpf.dll.vir Infected: Trojan.Win32.Monder.pse 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mC02\mC022328.exe.vir Infected: Trojan-Downloader.Win32.VB.hpv 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ngwrggcj.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\nnnkLfcD.dll.vir Infected: Trojan.Win32.Monder.psf 1

C:\QooBox\Quarantine\C\WINDOWS\system32\opnkllMg.dll.vir Infected: Trojan.Win32.Monder.psf 1

C:\QooBox\Quarantine\C\WINDOWS\system32\opnMGyyW.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\pmnkhFuR.dll.vir Infected: Trojan.Win32.Monder.psf 1

C:\QooBox\Quarantine\C\WINDOWS\system32\qvmlqniy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.alqc 1

C:\QooBox\Quarantine\C\WINDOWS\system32\smhsmkvn.dll.vir Infected: Trojan.Win32.Monder.pse 1

C:\QooBox\Quarantine\C\WINDOWS\system32\snnltsyy.dll.vir Infected: Trojan.Win32.Monder.qgq 1

C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSgddn.dll.vir Infected: Rootkit.Win32.Clbd.kf 1

C:\QooBox\Quarantine\C\WINDOWS\system32\tuvSljgD.dll.vir Infected: Trojan.Win32.Monder.psh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\tuvVPfeC.dll.vir Infected: Trojan.Win32.Monder.psf 1

C:\QooBox\Quarantine\C\WINDOWS\system32\vcrwyz.dll.vir Infected: Trojan.Win32.Monder.pse 1

C:\QooBox\Quarantine\C\WINDOWS\system32\vswcnqal.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.alqc 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yayvWPfF.dll.vir.vir Infected: Trojan.Win32.Monder.pph 1

The selected area was scanned.

[Egwene]

Hello amanda732,

Let's go on

Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo.com/forum/Troj-Virtum-Gen-virus-detected-sophos-t212603.html&st=15

Collect::
C:\i386\mC022328.exe

File::
C:\Documents and Settings\Manda\Shared\Saving Abel - She Got Over Me.mp3
C:\i386\amltjecv.dll
C:\i386\axqcgpqb.dll
C:\i386\bcrpstwb.dll
C:\i386\byXOghIy.dll
C:\i386\chkheibj.dll
C:\i386\dmhvrslh.dll
C:\i386\fcccbCst.dll
C:\i386\geBqRhIx.dll
C:\i386\ivbespuc.dll
C:\i386\ixp6453.exe
C:\i386\ixp6453.exe
C:\i386\jkkJyASI.dll
C:\i386\jlmuti.dll
C:\i386\mbwxpf.dll
C:\i386\ngwrggcj.dll
C:\i386\nnnkLfcD.dll
C:\i386\opnkllMg.dll
C:\i386\opnMGyyW.dll
C:\i386\pmnkhFuR.dll
C:\i386\smhsmkvn.dll
C:\i386\TDSSgddn.dll
C:\i386\tuvSljgD.dll
C:\i386\tuvVPfeC.dll
C:\i386\vcrwyz.dll
C:\i386\yayvWPfF.dll.vir
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz

Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.
• A browser will open.
• Simply follow the instructions to copy/paste/send the requested file.

Regards,
Egwene.

[amanda732]

Here is the combofix log:

ComboFix 08-09-27.05 - Manda 2008-09-28 17:05:38.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.484 [GMT -5:00]
Running from: C:\Documents and Settings\Manda\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Manda\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\Documents and Settings\Manda\Shared\Saving Abel - She Got Over Me.mp3
C:\i386\amltjecv.dll
C:\i386\axqcgpqb.dll
C:\i386\bcrpstwb.dll
C:\i386\byXOghIy.dll
C:\i386\chkheibj.dll
C:\i386\dmhvrslh.dll
C:\i386\fcccbCst.dll
C:\i386\geBqRhIx.dll
C:\i386\ivbespuc.dll
C:\i386\ixp6453.exe
C:\i386\jkkJyASI.dll
C:\i386\jlmuti.dll
C:\i386\mbwxpf.dll
C:\i386\ngwrggcj.dll
C:\i386\nnnkLfcD.dll
C:\i386\opnkllMg.dll
C:\i386\opnMGyyW.dll
C:\i386\pmnkhFuR.dll
C:\i386\smhsmkvn.dll
C:\i386\TDSSgddn.dll
C:\i386\tuvSljgD.dll
C:\i386\tuvVPfeC.dll
C:\i386\vcrwyz.dll
C:\i386\yayvWPfF.dll.vir
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV


((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-29 )))))))))))))))))))))))))))))))
.

2008-09-26 19:06 . 2008-09-26 19:09 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-26 19:06 . 2008-09-26 19:06 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Malwarebytes
2008-09-26 19:06 . 2008-09-26 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-26 19:06 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-26 19:06 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-25 16:11 . 2008-09-25 16:11 711 --a------ C:\Settings.ini
2008-09-25 12:15 . 2008-09-25 12:17 <DIR> d-------- C:\Combo-Fix
2008-09-24 17:40 . 2008-09-24 17:40 <DIR> d-------- C:\_OTMoveIt
2008-09-23 07:34 . 2008-09-23 07:53 <DIR> d-------- C:\Lop SD
2008-09-22 20:59 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-22 20:49 . 2008-09-22 20:49 <DIR> d-------- C:\Documents and Settings\Manda\JavaRa
2008-09-22 16:12 . 2008-09-22 16:12 0 --a------ C:\WINDOWS\BS.INI
2008-09-22 15:00 . 2008-09-22 15:00 <DIR> d-------- C:\Program Files\DellSupport
2008-09-22 14:33 . 2008-09-22 14:33 <DIR> d-------- C:\Program Files\ERUNT
2008-09-21 20:06 . 2008-09-21 20:06 <DIR> d-------- C:\VundoFix Backups
2008-09-16 22:38 . 2008-09-16 22:38 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\InstallShield
2008-09-16 22:37 . 2008-09-16 22:37 65 --a------ C:\WINDOWS\minitab.ini
2008-09-16 22:36 . 2008-09-16 22:37 <DIR> d-------- C:\Program Files\Minitab 15
2008-09-11 16:00 . 2008-09-11 16:00 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\ITTNord
2008-09-08 16:21 . 2008-09-21 00:55 <DIR> d-------- C:\Program Files\iWin.com
2008-09-08 16:18 . 2008-09-08 16:18 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\iWinArcade
2008-09-08 16:18 . 2008-09-19 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-09-07 15:58 . 2008-09-14 22:00 <DIR> d-------- C:\Program Files\Venture Arctic
2008-09-07 15:37 . 2008-09-14 22:01 <DIR> d-------- C:\Program Files\Red Cross ERU
2008-09-06 20:11 . 2008-09-06 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-09-06 16:19 . 2008-09-06 16:19 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Big Fish Games
2008-09-06 14:46 . 2008-09-07 11:28 <DIR> d-------- C:\Program Files\The Game Of LIFE PTS
2008-09-06 14:44 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Paparazzi
2008-09-06 14:41 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Peggle Deluxe
2008-09-06 13:23 . 2008-09-07 11:24 <DIR> d-------- C:\Program Files\Azada
2008-09-06 13:20 . 2008-09-07 11:25 <DIR> d-------- C:\Program Files\Hawaiian Explorer The Lost Island
2008-09-06 13:20 . 2008-09-14 22:00 <DIR> d-------- C:\Program Files\Games
2008-09-06 13:14 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Kudos
2008-09-06 13:12 . 2008-09-07 11:24 <DIR> d-------- C:\Program Files\Cooking Academy
2008-09-06 13:09 . 2008-09-21 17:02 <DIR> d-------- C:\Program Files\Fenomen Games Downloader
2008-09-05 23:48 . 2008-09-05 23:48 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Valusoft
2008-09-05 23:48 . 2008-09-05 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Valusoft
2008-09-05 16:54 . 2008-09-05 16:55 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\BeachPartyCraze
2008-09-05 16:45 . 2008-09-05 16:45 588 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-09-05 16:45 . 2008-09-05 16:45 588 --a------ C:\WINDOWS\system32\settings.sfm
2008-09-04 10:18 . 2008-09-04 10:18 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Jane s Hotel Family Hero
2008-09-03 19:05 . 2008-09-07 11:30 <DIR> d-------- C:\Program Files\Tropix 2 - The Quest for the Golden Banana
2008-09-02 16:59 . 2008-09-02 16:59 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\ViquaSoft
2008-09-02 14:57 . 2008-09-02 14:57 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\GamesCafe
2008-08-30 10:24 . 2008-08-30 11:17 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Righteous Kill

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 01:15 --------- d-----w C:\Documents and Settings\Manda\Application Data\Move Networks
2008-09-27 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-27 16:30 --------- d-----w C:\Program Files\Java
2008-09-27 16:28 --------- d-----w C:\Program Files\Azureus
2008-09-22 20:09 --------- d--h--w C:\Documents and Settings\Manda\Application Data\Gtek
2008-09-22 20:01 --------- d-----w C:\Documents and Settings\Visitor\Application Data\Gtek
2008-09-22 19:56 --------- d-----w C:\Program Files\Trend Micro
2008-09-21 22:04 --------- d-----w C:\Program Files\Yahoo! Games
2008-09-21 22:04 --------- d-----w C:\Documents and Settings\Manda\Application Data\iWin
2008-09-21 16:58 --------- d-----w C:\Program Files\Google
2008-09-20 02:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-20 02:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-20 01:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-15 03:00 --------- d-----w C:\Program Files\GameHouse
2008-09-09 12:39 --------- d-----w C:\Documents and Settings\Manda\Application Data\AdobeUM
2008-09-06 18:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-05 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-03 02:28 --------- d-----w C:\Documents and Settings\Manda\Application Data\PlayFirst
2008-09-03 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-08-30 15:13 --------- d-----w C:\Documents and Settings\Manda\Application Data\Gamelab
2008-08-30 01:21 --------- d-----w C:\Program Files\Shockwave.com
2008-08-27 02:31 --------- d--h--w C:\Documents and Settings\All Users\Application Data\esClient
2008-08-27 02:21 15,172 ----a-w C:\WINDOWS\system32\drivers\PzWDM.sys
2008-08-27 02:21 --------- d-----w C:\Program Files\echospin
2008-08-27 00:47 --------- d-----w C:\Program Files\Western Digital
2008-08-27 00:47 --------- d-----w C:\Program Files\Memeo
2008-08-27 00:47 --------- d-----w C:\Program Files\Common Files\eSellerate
2008-08-27 00:46 --------- d-s---w C:\Documents and Settings\All Users\Application Data\Memeo
2008-08-27 00:45 --------- d-----w C:\Program Files\Western Digital Technologies
2008-08-25 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2006-09-21 05:05 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-07-26 21:01 114,688 ----a-w C:\Program Files\internet explorer\plugins\ChimeShim.dll
2007-06-14 19:52 56 -csh--r C:\WINDOWS\system32\54CC8C8FB6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 50528]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-16 98304]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:\WINDOWS\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2006-03-03 C:\WINDOWS\system32\CTMBHA.DLL]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-16 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=C:\WINDOWS\pss\AutoUpdate Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Manda^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=C:\Documents and Settings\Manda\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=C:\WINDOWS\pss\Memeo AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Manda^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=C:\Documents and Settings\Manda\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Manda\\Desktop\\VundoFix.exe"=

R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-08-26 15172]
R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2007-10-25 101120]
R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2007-10-25 33408]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 61856]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664]
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 19:10:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Zune\ZuneNss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-28 19:20:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-29 00:20:54
ComboFix2.txt 2008-09-28 21:48:48
ComboFix3.txt 2008-09-26 20:14:53
ComboFix4.txt 2008-09-26 03:44:39
ComboFix5.txt 2008-09-28 22:04:57

Pre-Run: 58,357,551,104 bytes free
Post-Run: 58,382,614,528 bytes free

246 --- E O F --- 2008-04-10 08:02:06

[Egwene]

Hello amanda732,

Something appears very strange to me, i would like to check it

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

And please tell me how your computer is running now.

Regards,
Egwene.

[amanda732]

here is the Lop S&D log:


--------------------\\ Lop S&D 4.2.4-4 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Genuine Intel® CPU T2250 @ 1.73GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : Manda ( Administrator )
BOOT : Normal boot
Antivirus : Sophos Anti-Virus (Activated)
C:\ (Local Disk) - NTFS - Total : 105 Go Free : 54 Go
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( Mon 09/29/2008|18:28 )

--------------------\\ Listing folders in APPLIC~1

[08/16/2006|07:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> ATI
[08/16/2005|04:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[08/16/2006|07:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Intel
[08/16/2005|04:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[08/16/2006|07:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun

[09/25/2007|06:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Advanced Chemistry Development
[08/31/2006|07:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[11/05/2007|09:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[03/09/2007|12:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[01/15/2007|03:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Brother
[08/16/2006|07:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Creative Labs
[10/26/2007|05:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Escape From Paradise
[08/26/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> esClient
[04/22/2007|05:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FloodLightGames
[09/06/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Fugazo
[12/16/2007|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Gogii
[04/22/2007|05:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[08/16/2006|07:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[05/03/2008|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HipSoft
[08/16/2006|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[08/16/2006|07:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intel
[09/03/2007|02:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iWin
[09/19/2008|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iWin Games
[11/20/2007|02:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> JollyBear
[09/26/2008|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[08/26/2008|07:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Memeo
[03/23/2008|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[03/09/2008|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MumboJumbo
[04/24/2007|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> n7-89-o9-3r-4t-r9
[09/04/2007|03:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NannyMania
[08/25/2008|03:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NeoEdge Networks
[09/08/2007|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Oberon Games
[10/22/2006|02:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Oberon Media
[09/02/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PlayFirst
[03/07/2007|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[10/08/2006|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[09/04/2008|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sandlot Games
[01/15/2007|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ScanSoft
[01/31/2007|02:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sophos
[09/19/2008|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[09/19/2008|08:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[09/17/2006|01:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[09/05/2008|11:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Valusoft
[09/27/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[08/31/2006|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[04/22/2007|05:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!
[09/07/2007|08:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Zylom

[08/16/2006|07:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> ATI
[08/16/2005|04:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[08/16/2006|07:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Intel
[08/16/2005|04:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[08/16/2006|07:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[03/23/2007|03:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Intel
[03/19/2008|11:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[09/01/2006|06:43] C:\DOCUME~1\Manda\APPLIC~1\<DIR> 7100Series
[10/20/2007|10:02] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Abra Academy2
[09/09/2006|06:28] C:\DOCUME~1\Manda\APPLIC~1\<DIR> acccore
[12/09/2007|07:45] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Adobe
[09/09/2008|07:39] C:\DOCUME~1\Manda\APPLIC~1\<DIR> AdobeUM
[08/16/2006|07:44] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ATI
[07/27/2008|12:03] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Azureus
[09/05/2008|04:55] C:\DOCUME~1\Manda\APPLIC~1\<DIR> BeachPartyCraze
[09/06/2008|04:19] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Big Fish Games
[03/02/2008|11:36] C:\DOCUME~1\Manda\APPLIC~1\<DIR> BloodTies
[01/16/2007|02:22] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Brother
[09/03/2006|10:25] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Corel
[10/02/2006|11:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Corel Photo Album
[08/22/2006|08:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Creative
[01/12/2007|06:10] C:\DOCUME~1\Manda\APPLIC~1\<DIR> CyberLink
[10/15/2006|03:14] C:\DOCUME~1\Manda\APPLIC~1\<DIR> DivX
[09/17/2006|06:53] C:\DOCUME~1\Manda\APPLIC~1\<DIR> EA
[09/03/2007|10:42] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Eyeblaster
[04/22/2007|05:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> FloodLightGames
[09/03/2007|10:35] C:\DOCUME~1\Manda\APPLIC~1\<DIR> GameHouse
[08/30/2008|10:13] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Gamelab
[09/02/2008|02:57] C:\DOCUME~1\Manda\APPLIC~1\<DIR> GamesCafe
[10/23/2006|09:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Google
[09/22/2008|03:09] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Gtek
[06/10/2008|12:36] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Help
[12/15/2007|02:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Home Sweet Home
[08/16/2005|04:50] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Identities
[10/16/2006|10:10] C:\DOCUME~1\Manda\APPLIC~1\<DIR> IMVU
[09/16/2008|10:38] C:\DOCUME~1\Manda\APPLIC~1\<DIR> InstallShield
[08/16/2006|07:35] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Intel
[09/11/2008|04:00] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ITTNord
[09/21/2008|05:04] C:\DOCUME~1\Manda\APPLIC~1\<DIR> iWin
[09/08/2008|04:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> iWinArcade
[10/20/2007|01:17] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Jane s Hotel
[09/04/2008|10:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Jane s Hotel Family Hero
[11/06/2007|06:42] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Legends of pirates
[09/06/2006|10:49] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Macromedia
[04/18/2007|01:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Magic Academy
[09/17/2006|11:37] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Magic Match
[09/26/2008|07:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Malwarebytes
[08/25/2008|03:51] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Microsoft
[08/27/2006|05:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Microsoft Web Folders
[09/27/2008|08:15] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Move Networks
[09/06/2008|11:25] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Mozilla
[05/02/2008|10:01] C:\DOCUME~1\Manda\APPLIC~1\<DIR> My Games
[03/09/2008|02:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> MysteryStudio
[09/02/2008|09:28] C:\DOCUME~1\Manda\APPLIC~1\<DIR> PlayFirst
[08/30/2008|11:17] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Righteous Kill
[09/09/2007|09:03] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Sandlot Games
[10/08/2007|08:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> SecuROM
[12/09/2006|05:13] C:\DOCUME~1\Manda\APPLIC~1\<DIR> SmartDraw
[08/16/2006|07:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Sun
[03/09/2008|03:15] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Total Eclipse
[05/01/2008|11:01] C:\DOCUME~1\Manda\APPLIC~1\<DIR> U3
[09/05/2008|11:48] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Valusoft
[09/29/2007|05:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> VeniceMysteryData
[09/02/2008|04:59] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ViquaSoft
[04/22/2007|05:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> yahoo!

[03/07/2007|03:15] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[08/16/2006|07:44] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> ATI
[09/22/2008|03:01] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Gtek
[08/16/2005|04:50] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Identities
[08/16/2006|07:35] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Intel
[03/23/2007|03:11] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Microsoft
[08/16/2006|07:31] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Sun

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[09/28/2008 09:00 PM][--a------] C:\WINDOWS\tasks\Daily.job
[09/29/2008 01:38 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 05:00 AM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/07/2007|12:22] C:\Program Files\<DIR> Activision Value
[09/09/2008|07:36] C:\Program Files\<DIR> Adobe
[11/05/2007|09:36] C:\Program Files\<DIR> AIM6
[12/17/2006|10:20] C:\Program Files\<DIR> Alawar
[12/16/2007|08:52] C:\Program Files\<DIR> America Online 9.0
[11/12/2006|04:10] C:\Program Files\<DIR> Ant War
[09/09/2006|06:28] C:\Program Files\<DIR> AOD
[09/09/2006|06:20] C:\Program Files\<DIR> AOL
[08/16/2006|07:49] C:\Program Files\<DIR> AOL Companion
[08/16/2006|07:40] C:\Program Files\<DIR> ATI Technologies
[09/07/2008|11:24] C:\Program Files\<DIR> Azada
[09/27/2008|11:28] C:\Program Files\<DIR> Azureus
[08/16/2006|07:57] C:\Program Files\<DIR> BAE
[04/22/2007|05:13] C:\Program Files\<DIR> BFG
[08/16/2006|07:34] C:\Program Files\<DIR> Broadcom
[01/15/2007|03:22] C:\Program Files\<DIR> Brother
[11/12/2006|04:10] C:\Program Files\<DIR> CakeMania_at
[03/22/2008|08:51] C:\Program Files\<DIR> Cate West The Vanishing Files
[03/19/2008|10:42] C:\Program Files\<DIR> Cathys Caribbean Club
[02/07/2007|04:39] C:\Program Files\<DIR> CoffeeTycoon_at
[09/28/2008|05:07] C:\Program Files\<DIR> Common Files
[08/16/2005|04:38] C:\Program Files\<DIR> ComPlus Applications
[01/12/2007|05:47] C:\Program Files\<DIR> Compton's Home Library
[08/16/2006|07:37] C:\Program Files\<DIR> CONEXANT
[09/07/2008|11:24] C:\Program Files\<DIR> Cooking Academy
[08/16/2006|07:54] C:\Program Files\<DIR> Corel
[08/16/2006|07:55] C:\Program Files\<DIR> Corel Corporation
[08/16/2006|07:43] C:\Program Files\<DIR> Creative
[02/07/2007|04:39] C:\Program Files\<DIR> Crime Puzzle
[08/16/2006|07:44] C:\Program Files\<DIR> CyberLink
[02/07/2007|04:39] C:\Program Files\<DIR> Deep Sea Tycoon 2_at
[10/13/2007|09:41] C:\Program Files\<DIR> DeliveryKing_at
[08/16/2006|08:00] C:\Program Files\<DIR> Dell
[09/22/2008|03:00] C:\Program Files\<DIR> DellSupport
[03/19/2008|11:16] C:\Program Files\<DIR> DIFX
[08/16/2006|07:41] C:\Program Files\<DIR> Digital Line Detect
[03/01/2007|07:42] C:\Program Files\<DIR> DivX
[10/20/2007|04:47] C:\Program Files\<DIR> DreamChronicles_at
[10/08/2007|07:08] C:\Program Files\<DIR> EA GAMES
[08/16/2006|07:49] C:\Program Files\<DIR> EarthLink Setup
[08/26/2008|09:21] C:\Program Files\<DIR> echospin
[08/16/2005|08:51] C:\Program Files\<DIR> EnglishOtto
[09/22/2008|02:33] C:\Program Files\<DIR> ERUNT
[09/21/2008|05:02] C:\Program Files\<DIR> Fenomen Games Downloader
[03/19/2008|10:42] C:\Program Files\<DIR> Feyruna Fairy Forest
[08/23/2006|02:27] C:\Program Files\<DIR> Game On
[09/14/2008|10:00] C:\Program Files\<DIR> GameHouse
[09/14/2008|10:00] C:\Program Files\<DIR> Games
[09/30/2007|02:29] C:\Program Files\<DIR> GamesBar
[12/16/2007|10:28] C:\Program Files\<DIR> GemMaster
[12/01/2006|05:30] C:\Program Files\<DIR> GlobalStar Software
[09/21/2008|11:58] C:\Program Files\<DIR> Google
[03/19/2008|10:43] C:\Program Files\<DIR> Grimms Hatchery
[10/15/2006|03:25] C:\Program Files\<DIR> GustoSoft
[09/07/2008|11:25] C:\Program Files\<DIR> Hawaiian Explorer The Lost Island
[12/18/2006|01:05] C:\Program Files\<DIR> Infogrames
[06/22/2007|03:05] C:\Program Files\<DIR> Infogrames Interactive
[09/06/2008|01:29] C:\Program Files\<DIR> InstallShield Installation Information
[08/16/2006|07:35] C:\Program Files\<DIR> Intel
[08/16/2006|07:35] C:\Program Files\<DIR> Intel, Inc
[04/10/2008|03:01] C:\Program Files\<DIR> Internet Explorer
[09/21/2008|12:55] C:\Program Files\<DIR> iWin.com
[08/27/2006|05:43] C:\Program Files\<DIR> Jasc Software Inc
[09/27/2008|11:30] C:\Program Files\<DIR> Java
[09/07/2008|11:27] C:\Program Files\<DIR> Kudos
[12/16/2007|10:28] C:\Program Files\<DIR> LawandOrderDarkObsession_at
[11/12/2006|04:12] C:\Program Files\<DIR> LawOrderVengefulHeart_at
[08/16/2006|07:49] C:\Program Files\<DIR> Learn2.com
[10/09/2007|10:20] C:\Program Files\<DIR> LimeWire
[12/12/2006|06:23] C:\Program Files\<DIR> Lx_cats
[09/26/2008|07:09] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/26/2008|07:47] C:\Program Files\<DIR> Memeo
[08/16/2006|07:32] C:\Program Files\<DIR> Messenger
[08/27/2006|05:31] C:\Program Files\<DIR> microsoft frontpage
[08/27/2006|05:31] C:\Program Files\<DIR> Microsoft Office
[08/16/2006|07:47] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[08/16/2006|07:47] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[09/09/2007|08:51] C:\Program Files\<DIR> Microsoft Works
[09/16/2008|10:37] C:\Program Files\<DIR> Minitab 15
[08/16/2006|07:41] C:\Program Files\<DIR> Modem Helper
[10/11/2007|07:09] C:\Program Files\<DIR> ModTheSims2.com
[08/16/2005|04:37] C:\Program Files\<DIR> Movie Maker
[09/29/2008|06:24] C:\Program Files\<DIR> Mozilla Firefox
[08/16/2005|04:37] C:\Program Files\<DIR> MSN
[08/16/2005|04:37] C:\Program Files\<DIR> MSN Gaming Zone
[11/29/2006|12:34] C:\Program Files\<DIR> MSXML 4.0
[08/16/2006|07:52] C:\Program Files\<DIR> MUSICMATCH
[03/22/2008|10:02] C:\Program Files\<DIR> Mysteryville
[06/11/2008|01:04] C:\Program Files\<DIR> Nancy Drew
[08/16/2005|04:40] C:\Program Files\<DIR> NetMeeting
[08/16/2006|07:41] C:\Program Files\<DIR> NetWaiting
[08/16/2006|07:46] C:\Program Files\<DIR> NetZeroInstallers
[11/17/2007|03:16] C:\Program Files\<DIR> Oberon Media
[02/07/2007|05:15] C:\Program Files\<DIR> On2 Technologies
[08/16/2005|04:38] C:\Program Files\<DIR> Online Services
[08/31/2006|01:09] C:\Program Files\<DIR> Outlook Express
[09/07/2008|11:27] C:\Program Files\<DIR> Paparazzi
[09/07/2008|11:27] C:\Program Files\<DIR> Peggle Deluxe
[02/07/2007|04:43] C:\Program Files\<DIR> Pizza Frenzy
[05/04/2008|12:22] C:\Program Files\<DIR> PlayFirst
[08/16/2006|07:49] C:\Program Files\<DIR> QuickTime
[09/21/2006|12:06] C:\Program Files\<DIR> Real
[09/14/2008|10:01] C:\Program Files\<DIR> Red Cross ERU
[12/17/2006|10:04] C:\Program Files\<DIR> ReflexiveArcade
[08/16/2005|08:58] C:\Program Files\<DIR> RGB
[01/15/2007|03:17] C:\Program Files\<DIR> ScanSoft
[08/16/2006|07:57] C:\Program Files\<DIR> SearchAssist
[08/29/2008|08:21] C:\Program Files\<DIR> Shockwave.com
[08/16/2006|07:37] C:\Program Files\<DIR> Sigmatel
[02/24/2007|11:55] C:\Program Files\<DIR> SmartDraw 2007
[08/16/2006|07:49] C:\Program Files\<DIR> Sonic
[09/01/2007|10:27] C:\Program Files\<DIR> Sophos
[01/31/2007|02:00] C:\Program Files\<DIR> Sophos SWEEP for NT
[09/24/2006|02:38] C:\Program Files\<DIR> SpongeBobDinerDash_at
[09/19/2008|09:12] C:\Program Files\<DIR> Spybot - Search & Destroy
[11/17/2007|03:25] C:\Program Files\<DIR> SuperCollapse3_at
[05/04/2008|12:09] C:\Program Files\<DIR> Supple
[08/16/2006|07:34] C:\Program Files\<DIR> Synaptics
[02/21/2007|01:16] C:\Program Files\<DIR> The Adventure Company
[05/04/2008|12:09] C:\Program Files\<DIR> The Game of Life - PTS
[09/07/2008|11:28] C:\Program Files\<DIR> The Game Of LIFE PTS
[02/06/2007|10:48] C:\Program Files\<DIR> TikGames
[09/22/2008|02:56] C:\Program Files\<DIR> Trend Micro
[09/07/2008|11:30] C:\Program Files\<DIR> Tropix 2 - The Quest for the Golden Banana
[11/18/2006|08:37] C:\Program Files\<DIR> TryMedia
[08/16/2005|04:50] C:\Program Files\<DIR> Uninstall Information
[09/14/2008|10:00] C:\Program Files\<DIR> Venture Arctic
[04/22/2007|05:30] C:\Program Files\<DIR> Virtual Laguna Beach
[08/16/2006|07:51] C:\Program Files\<DIR> WebCyberCoach
[08/26/2008|07:47] C:\Program Files\<DIR> Western Digital
[08/26/2008|07:45] C:\Program Files\<DIR> Western Digital Technologies
[08/16/2006|07:35] C:\Program Files\<DIR> WIDCOMM
[08/22/2006|08:16] C:\Program Files\<DIR> WildTangent
[03/19/2008|11:15] C:\Program Files\<DIR> Windows Media Player
[08/16/2005|04:37] C:\Program Files\<DIR> Windows NT
[08/16/2005|04:37] C:\Program Files\<DIR> Windows Plus
[01/15/2007|03:09] C:\Program Files\<DIR> WindowsUpdate
[02/24/2008|12:57] C:\Program Files\<DIR> WinRAR
[08/16/2006|07:50] C:\Program Files\<DIR> WordPerfect Office 12
[08/16/2005|04:43] C:\Program Files\<DIR> xerox
[02/28/2007|10:45] C:\Program Files\<DIR> Yahoo!
[09/21/2008|05:04] C:\Program Files\<DIR> Yahoo! Games
[09/23/2006|05:38] C:\Program Files\<DIR> ZooVet_at
[03/23/2008|07:21] C:\Program Files\<DIR> Zune

--------------------\\ Listing Folders in C:\Program Files\Common Files

[08/31/2006|09:23] C:\Program Files\Common Files\<DIR> Adobe
[03/09/2007|12:41] C:\Program Files\Common Files\<DIR> AOL
[08/16/2006|07:49] C:\Program Files\Common Files\<DIR> aolshare
[08/16/2006|07:50] C:\Program Files\Common Files\<DIR> Borland Shared
[09/01/2007|10:27] C:\Program Files\Common Files\<DIR> Cisco Systems
[03/19/2008|11:16] C:\Program Files\Common Files\<DIR> ComponentOne
[08/16/2006|07:50] C:\Program Files\Common Files\<DIR> Corel
[08/16/2006|07:41] C:\Program Files\Common Files\<DIR> Creative Labs Shared
[08/27/2006|05:33] C:\Program Files\Common Files\<DIR> Designer
[08/26/2008|07:47] C:\Program Files\Common Files\<DIR> eSellerate
[09/15/2006|07:24] C:\Program Files\Common Files\<DIR> Hypnotizer
[08/16/2006|07:49] C:\Program Files\Common Files\<DIR> InstallShield
[08/16/2006|07:31] C:\Program Files\Common Files\<DIR> Java
[03/23/2008|07:16] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/16/2005|04:40] C:\Program Files\Common Files\<DIR> MSSoap
[08/16/2006|07:49] C:\Program Files\Common Files\<DIR> Nullsoft
[08/16/2005|04:33] C:\Program Files\Common Files\<DIR> ODBC
[08/16/2006|07:49] C:\Program Files\Common Files\<DIR> Real
[09/23/2006|06:04] C:\Program Files\Common Files\<DIR> Sandlot Shared
[01/15/2007|03:18] C:\Program Files\Common Files\<DIR> ScanSoft Shared
[08/16/2005|04:40] C:\Program Files\Common Files\<DIR> Services
[08/16/2006|07:49] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/16/2005|04:33] C:\Program Files\Common Files\<DIR> SpeechEngines
[09/09/2006|06:31] C:\Program Files\Common Files\<DIR> SWF Studio
[08/31/2006|01:09] C:\Program Files\Common Files\<DIR> System
[08/16/2006|07:47] C:\Program Files\Common Files\<DIR> TiVo Shared

--------------------\\ Process

( 72 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Manda\Cookies\manda@advertising[2].txt
C:\DOCUME~1\Manda\Cookies\[email protected][1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-29 18:29:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\tdssserv]



[F:13][D:5]-> C:\DOCUME~1\Manda\LOCALS~1\Temp
[F:139][D:0]-> C:\DOCUME~1\Manda\Cookies
[F:23][D:4]-> C:\DOCUME~1\Manda\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 09/23/2008| 7:53 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Mon 09/29/2008|18:31 - Option : [1]

--------------------\\ Scan completed at 18:31:33




My computer seems to be running well. There hasnt been any sign of the virus.

[Egwene]

Hello amanda732,

I was right, there is still something to do here : there is a leftover registry key.

It appears that each time you have run Combofix, you forget to disable your real-time protection ( resident AV ).

* Resident AV is active

This prevents combofix to delete the bad key of the rootkit :

Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\tdssserv]

So, i will ask you to run again combofix, without any CFscript, just by double-clicking on it as you did it for the first time. But before running Combofix again, please disable your AV resident !

You need to disable Spybot and Sophos real-time protections.

Do you understand ?

Post me the new combofix repport in your next answer.

Regards,
Egwene.

[amanda732]

i disabled sophos and ran combofix. here is the log:

ComboFix 08-09-28.05 - Manda 2008-09-30 9:38:25.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512 [GMT -5:00]
Running from: C:\Documents and Settings\Manda\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV


((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))
.

2008-09-26 19:06 . 2008-09-26 19:09 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-26 19:06 . 2008-09-26 19:06 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Malwarebytes
2008-09-26 19:06 . 2008-09-26 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-26 19:06 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-26 19:06 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-25 16:11 . 2008-09-25 16:11 711 --a------ C:\Settings.ini
2008-09-25 12:15 . 2008-09-25 12:17 <DIR> d-------- C:\Combo-Fix
2008-09-24 17:40 . 2008-09-24 17:40 <DIR> d-------- C:\_OTMoveIt
2008-09-23 07:34 . 2008-09-29 18:31 <DIR> d-------- C:\Lop SD
2008-09-22 20:59 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-22 20:49 . 2008-09-22 20:49 <DIR> d-------- C:\Documents and Settings\Manda\JavaRa
2008-09-22 16:12 . 2008-09-22 16:12 0 --a------ C:\WINDOWS\BS.INI
2008-09-22 15:00 . 2008-09-22 15:00 <DIR> d-------- C:\Program Files\DellSupport
2008-09-22 14:33 . 2008-09-22 14:33 <DIR> d-------- C:\Program Files\ERUNT
2008-09-21 20:06 . 2008-09-21 20:06 <DIR> d-------- C:\VundoFix Backups
2008-09-16 22:38 . 2008-09-16 22:38 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\InstallShield
2008-09-16 22:37 . 2008-09-16 22:37 65 --a------ C:\WINDOWS\minitab.ini
2008-09-16 22:36 . 2008-09-16 22:37 <DIR> d-------- C:\Program Files\Minitab 15
2008-09-11 16:00 . 2008-09-11 16:00 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\ITTNord
2008-09-08 16:21 . 2008-09-21 00:55 <DIR> d-------- C:\Program Files\iWin.com
2008-09-08 16:18 . 2008-09-08 16:18 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\iWinArcade
2008-09-08 16:18 . 2008-09-19 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-09-07 15:58 . 2008-09-14 22:00 <DIR> d-------- C:\Program Files\Venture Arctic
2008-09-07 15:37 . 2008-09-14 22:01 <DIR> d-------- C:\Program Files\Red Cross ERU
2008-09-06 20:11 . 2008-09-06 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-09-06 16:19 . 2008-09-06 16:19 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Big Fish Games
2008-09-06 14:46 . 2008-09-07 11:28 <DIR> d-------- C:\Program Files\The Game Of LIFE PTS
2008-09-06 14:44 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Paparazzi
2008-09-06 14:41 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Peggle Deluxe
2008-09-06 13:23 . 2008-09-07 11:24 <DIR> d-------- C:\Program Files\Azada
2008-09-06 13:20 . 2008-09-07 11:25 <DIR> d-------- C:\Program Files\Hawaiian Explorer The Lost Island
2008-09-06 13:20 . 2008-09-14 22:00 <DIR> d-------- C:\Program Files\Games
2008-09-06 13:14 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Kudos
2008-09-06 13:12 . 2008-09-07 11:24 <DIR> d-------- C:\Program Files\Cooking Academy
2008-09-06 13:09 . 2008-09-21 17:02 <DIR> d-------- C:\Program Files\Fenomen Games Downloader
2008-09-05 23:48 . 2008-09-05 23:48 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Valusoft
2008-09-05 23:48 . 2008-09-05 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Valusoft
2008-09-05 16:54 . 2008-09-05 16:55 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\BeachPartyCraze
2008-09-05 16:45 . 2008-09-05 16:45 588 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-09-05 16:45 . 2008-09-05 16:45 588 --a------ C:\WINDOWS\system32\settings.sfm
2008-09-04 10:18 . 2008-09-04 10:18 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Jane s Hotel Family Hero
2008-09-03 19:05 . 2008-09-07 11:30 <DIR> d-------- C:\Program Files\Tropix 2 - The Quest for the Golden Banana
2008-09-02 16:59 . 2008-09-02 16:59 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\ViquaSoft
2008-09-02 14:57 . 2008-09-02 14:57 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\GamesCafe
2008-08-30 10:24 . 2008-08-30 11:17 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Righteous Kill
2008-08-26 21:21 . 2008-08-26 21:21 <DIR> d-------- C:\Program Files\echospin
2008-08-26 21:21 . 2008-08-26 21:31 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\esClient
2008-08-26 21:21 . 2008-08-26 21:21 15,172 --a------ C:\WINDOWS\system32\drivers\PzWDM.sys
2008-08-26 19:47 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Western Digital
2008-08-26 19:47 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Common Files\eSellerate
2008-08-26 19:46 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Memeo
2008-08-26 19:45 . 2008-08-26 19:45 <DIR> d-------- C:\Program Files\Western Digital Technologies
2008-08-26 19:45 . 2008-08-26 19:46 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Memeo
2008-08-26 15:53 . 2008-08-26 15:53 131 --a------ C:\todolist.htm
2008-08-25 15:52 . 2008-08-25 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 01:15 --------- d-----w C:\Documents and Settings\Manda\Application Data\Move Networks
2008-09-27 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-27 16:30 --------- d-----w C:\Program Files\Java
2008-09-27 16:28 --------- d-----w C:\Program Files\Azureus
2008-09-22 20:09 --------- d--h--w C:\Documents and Settings\Manda\Application Data\Gtek
2008-09-22 20:01 --------- d-----w C:\Documents and Settings\Visitor\Application Data\Gtek
2008-09-22 19:56 --------- d-----w C:\Program Files\Trend Micro
2008-09-21 22:04 --------- d-----w C:\Program Files\Yahoo! Games
2008-09-21 22:04 --------- d-----w C:\Documents and Settings\Manda\Application Data\iWin
2008-09-21 16:58 --------- d-----w C:\Program Files\Google
2008-09-20 02:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-20 02:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-20 01:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-15 03:00 --------- d-----w C:\Program Files\GameHouse
2008-09-09 12:39 --------- d-----w C:\Documents and Settings\Manda\Application Data\AdobeUM
2008-09-06 18:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-05 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-03 02:28 --------- d-----w C:\Documents and Settings\Manda\Application Data\PlayFirst
2008-09-03 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-08-30 15:13 --------- d-----w C:\Documents and Settings\Manda\Application Data\Gamelab
2008-08-30 01:21 --------- d-----w C:\Program Files\Shockwave.com
2006-09-21 05:05 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-07-26 21:01 114,688 ----a-w C:\Program Files\internet explorer\plugins\ChimeShim.dll
2007-06-14 19:52 56 -csh--r C:\WINDOWS\system32\54CC8C8FB6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 50528]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-16 98304]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:\WINDOWS\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2006-03-03 C:\WINDOWS\system32\CTMBHA.DLL]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-16 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=C:\WINDOWS\pss\AutoUpdate Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Manda^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=C:\Documents and Settings\Manda\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=C:\WINDOWS\pss\Memeo AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Manda^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=C:\Documents and Settings\Manda\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Manda\\Desktop\\VundoFix.exe"=

R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-08-26 15172]
R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2007-10-25 101120]
R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2007-10-25 33408]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 61856]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Manda\Application Data\Mozilla\Firefox\Profiles\tl7cygpl.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\echospin\npesProxy.dll
FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 10:45:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Zune\ZuneNss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\ComboFix\pv.cfexe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-09-30 10:56:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-30 15:56:19
ComboFix2.txt 2008-09-29 00:21:00
ComboFix3.txt 2008-09-28 21:48:48
ComboFix4.txt 2008-09-26 20:14:53
ComboFix5.txt 2008-09-30 14:37:42

Pre-Run: 58,316,132,352 bytes free
Post-Run: 58,344,271,872 bytes free

229 --- E O F --- 2008-04-10 08:02:06

[Egwene]

Hello amanda732,

Good work

Could you please post me a fresh LopSD repport option 1 to check it's ok now ?

Regards,
Egwene.

[amanda732]

here is the new LopS&D log:

--------------------\\ Lop S&D 4.2.4-4 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Genuine Intel® CPU T2250 @ 1.73GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : Manda ( Administrator )
BOOT : Normal boot
Antivirus : Sophos Anti-Virus (Not Activated)
C:\ (Local Disk) - NTFS - Total : 105 Go Free : 54 Go
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( Tue 09/30/2008|19:27 )

--------------------\\ Listing folders in APPLIC~1

[08/16/2006|07:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> ATI
[08/16/2005|04:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[08/16/2006|07:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Intel
[08/16/2005|04:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[08/16/2006|07:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun

[09/25/2007|06:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Advanced Chemistry Development
[08/31/2006|07:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[11/05/2007|09:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[03/09/2007|12:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[01/15/2007|03:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Brother
[08/16/2006|07:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Creative Labs
[10/26/2007|05:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Escape From Paradise
[08/26/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> esClient
[04/22/2007|05:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FloodLightGames
[09/06/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Fugazo
[12/16/2007|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Gogii
[04/22/2007|05:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[08/16/2006|07:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[05/03/2008|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HipSoft
[08/16/2006|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[08/16/2006|07:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intel
[09/03/2007|02:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iWin
[09/19/2008|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iWin Games
[11/20/2007|02:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> JollyBear
[09/26/2008|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[08/26/2008|07:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Memeo
[03/23/2008|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[03/09/2008|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MumboJumbo
[04/24/2007|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> n7-89-o9-3r-4t-r9
[09/04/2007|03:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NannyMania
[08/25/2008|03:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NeoEdge Networks
[09/08/2007|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Oberon Games
[10/22/2006|02:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Oberon Media
[09/02/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PlayFirst
[03/07/2007|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[10/08/2006|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[09/04/2008|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sandlot Games
[01/15/2007|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ScanSoft
[01/31/2007|02:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sophos
[09/19/2008|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[09/19/2008|08:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[09/17/2006|01:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[09/05/2008|11:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Valusoft
[09/27/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[08/31/2006|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[04/22/2007|05:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!
[09/07/2007|08:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Zylom

[08/16/2006|07:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> ATI
[08/16/2005|04:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[08/16/2006|07:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Intel
[08/16/2005|04:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[08/16/2006|07:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[03/23/2007|03:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Intel
[03/19/2008|11:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[09/01/2006|06:43] C:\DOCUME~1\Manda\APPLIC~1\<DIR> 7100Series
[10/20/2007|10:02] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Abra Academy2
[09/09/2006|06:28] C:\DOCUME~1\Manda\APPLIC~1\<DIR> acccore
[12/09/2007|07:45] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Adobe
[09/09/2008|07:39] C:\DOCUME~1\Manda\APPLIC~1\<DIR> AdobeUM
[08/16/2006|07:44] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ATI
[07/27/2008|12:03] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Azureus
[09/05/2008|04:55] C:\DOCUME~1\Manda\APPLIC~1\<DIR> BeachPartyCraze
[09/06/2008|04:19] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Big Fish Games
[03/02/2008|11:36] C:\DOCUME~1\Manda\APPLIC~1\<DIR> BloodTies
[01/16/2007|02:22] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Brother
[09/03/2006|10:25] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Corel
[10/02/2006|11:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Corel Photo Album
[08/22/2006|08:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Creative
[01/12/2007|06:10] C:\DOCUME~1\Manda\APPLIC~1\<DIR> CyberLink
[10/15/2006|03:14] C:\DOCUME~1\Manda\APPLIC~1\<DIR> DivX
[09/17/2006|06:53] C:\DOCUME~1\Manda\APPLIC~1\<DIR> EA
[09/03/2007|10:42] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Eyeblaster
[04/22/2007|05:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> FloodLightGames
[09/03/2007|10:35] C:\DOCUME~1\Manda\APPLIC~1\<DIR> GameHouse
[08/30/2008|10:13] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Gamelab
[09/02/2008|02:57] C:\DOCUME~1\Manda\APPLIC~1\<DIR> GamesCafe
[10/23/2006|09:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Google
[09/22/2008|03:09] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Gtek
[06/10/2008|12:36] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Help
[12/15/2007|02:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Home Sweet Home
[08/16/2005|04:50] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Identities
[10/16/2006|10:10] C:\DOCUME~1\Manda\APPLIC~1\<DIR> IMVU
[09/16/2008|10:38] C:\DOCUME~1\Manda\APPLIC~1\<DIR> InstallShield
[08/16/2006|07:35] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Intel
[09/11/2008|04:00] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ITTNord
[09/21/2008|05:04] C:\DOCUME~1\Manda\APPLIC~1\<DIR> iWin
[09/08/2008|04:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> iWinArcade
[10/20/2007|01:17] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Jane s Hotel
[09/04/2008|10:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Jane s Hotel Family Hero
[11/06/2007|06:42] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Legends of pirates
[09/06/2006|10:49] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Macromedia
[04/18/2007|01:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Magic Academy
[09/17/2006|11:37] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Magic Match
[09/26/2008|07:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Malwarebytes
[08/25/2008|03:51] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Microsoft
[08/27/2006|05:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Microsoft Web Folders
[09/27/2008|08:15] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Move Networks
[09/06/2008|11:25] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Mozilla
[05/02/2008|10:01] C:\DOCUME~1\Manda\APPLIC~1\<DIR> My Games
[03/09/2008|02:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> MysteryStudio
[09/02/2008|09:28] C:\DOCUME~1\Manda\APPLIC~1\<DIR> PlayFirst
[08/30/2008|11:17] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Righteous Kill
[09/09/2007|09:03] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Sandlot Games
[10/08/2007|08:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> SecuROM
[12/09/2006|05:13] C:\DOCUME~1\Manda\APPLIC~1\<DIR> SmartDraw
[08/16/2006|07:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Sun
[03/09/2008|03:15] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Total Eclipse
[05/01/2008|11:01] C:\DOCUME~1\Manda\APPLIC~1\<DIR> U3
[09/05/2008|11:48] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Valusoft
[09/29/2007|05:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> VeniceMysteryData
[09/02/2008|04:59] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ViquaSoft
[04/22/2007|05:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> yahoo!

[03/07/2007|03:15] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[08/16/2006|07:44] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> ATI
[09/22/2008|03:01] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Gtek
[08/16/2005|04:50] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Identities
[08/16/2006|07:35] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Intel
[03/23/2007|03:11] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Microsoft
[08/16/2006|07:31] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Sun

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[09/29/2008 09:00 PM][--a------] C:\WINDOWS\tasks\Daily.job
[09/30/2008 09:45 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 05:00 AM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/07/2007|12:22] C:\Program Files\<DIR> Activision Value
[09/09/2008|07:36] C:\Program Files\<DIR> Adobe
[11/05/2007|09:36] C:\Program Files\<DIR> AIM6
[12/17/2006|10:20] C:\Program Files\<DIR> Alawar
[12/16/2007|08:52] C:\Program Files\<DIR> America Online 9.0
[11/12/2006|04:10] C:\Program Files\<DIR> Ant War
[09/09/2006|06:28] C:\Program Files\<DIR> AOD
[09/09/2006|06:20] C:\Program Files\<DIR> AOL
[08/16/2006|07:49] C:\Program Files\<DIR> AOL Companion
[08/16/2006|07:40] C:\Program Files\<DIR> ATI Technologies
[09/07/2008|11:24] C:\Program Files\<DIR> Azada
[09/27/2008|11:28] C:\Program Files\<DIR> Azureus
[08/16/2006|07:57] C:\Program Files\<DIR> BAE
[04/22/2007|05:13] C:\Program Files\<DIR> BFG
[08/16/2006|07:34] C:\Program Files\<DIR> Broadcom
[01/15/2007|03:22] C:\Program Files\<DIR> Brother
[11/12/2006|04:10] C:\Program Files\<DIR> CakeMania_at
[03/22/2008|08:51] C:\Program Files\<DIR> Cate West The Vanishing Files
[03/19/2008|10:42] C:\Program Files\<DIR> Cathys Caribbean Club
[02/07/2007|04:39] C:\Program Files\<DIR> CoffeeTycoon_at
[09/30/2008|09:40] C:\Program Files\<DIR> Common Files
[08/16/2005|04:38] C:\Program Files\<DIR> ComPlus Applications
[01/12/2007|05:47] C:\Program Files\<DIR> Compton's Home Library
[08/16/2006|07:37] C:\Program Files\<DIR> CONEXANT
[09/07/2008|11:24] C:\Program Files\<DIR> Cooking Academy
[08/16/2006|07:54] C:\Program Files\<DIR> Corel
[08/16/2006|07:55] C:\Program Files\<DIR> Corel Corporation
[08/16/2006|07:43] C:\Program Files\<DIR> Creative
[02/07/2007|04:39] C:\Program Files\<DIR> Crime Puzzle
[08/16/2006|07:44] C:\Program Files\<DIR> CyberLink
[02/07/2007|04:39] C:\Program Files\<DIR> Deep Sea Tycoon 2_at
[10/13/2007|09:41] C:\Program Files\<DIR> DeliveryKing_at
[08/16/2006|08:00] C:\Program Files\<DIR> Dell
[09/22/2008|03:00] C:\Program Files\<DIR> DellSupport
[03/19/2008|11:16] C:\Program Files\<DIR> DIFX
[08/16/2006|07:41] C:\Program Files\<DIR> Digital Line Detect
[03/01/2007|07:42] C:\Program Files\<DIR> DivX
[10/20/2007|04:47] C:\Program Files\<DIR> DreamChronicles_at
[10/08/2007|07:08] C:\Program Files\<DIR> EA GAMES
[08/16/2006|07:49] C:\Program Files\<DIR> EarthLink Setup
[08/26/2008|09:21] C:\Program Files\<DIR> echospin
[08/16/2005|08:51] C:\Program Files\<DIR> EnglishOtto
[09/22/2008|02:33] C:\Program Files\<DIR> ERUNT
[09/21/2008|05:02] C:\Program Files\<DIR> Fenomen Games Downloader
[03/19/2008|10:42] C:\Program Files\<DIR> Feyruna Fairy Forest
[08/23/2006|02:27] C:\Program Files\<DIR> Game On
[09/14/2008|10:00] C:\Program Files\<DIR> GameHouse
[09/14/2008|10:00] C:\Program Files\<DIR> Games
[09/30/2007|02:29] C:\Program Files\<DIR> GamesBar
[12/16/2007|10:28] C:\Program Files\<DIR> GemMaster
[12/01/2006|05:30] C:\Program Files\<DIR> GlobalStar Software
[09/21/2008|11:58] C:\Program Files\<DIR> Google
[03/19/2008|10:43] C:\Program Files\<DIR> Grimms Hatchery
[10/15/2006|03:25] C:\Program Files\<DIR> GustoSoft
[09/07/2008|11:25] C:\Program Files\<DIR> Hawaiian Explorer The Lost Island
[12/18/2006|01:05] C:\Program Files\<DIR> Infogrames
[06/22/2007|03:05] C:\Program Files\<DIR> Infogrames Interactive
[09/06/2008|01:29] C:\Program Files\<DIR> InstallShield Installation Information
[08/16/2006|07:35] C:\Program Files\<DIR> Intel
[08/16/2006|07:35] C:\Program Files\<DIR> Intel, Inc
[04/10/2008|03:01] C:\Program Files\<DIR> Internet Explorer
[09/21/2008|12:55] C:\Program Files\<DIR> iWin.com
[08/27/2006|05:43] C:\Program Files\<DIR> Jasc Software Inc
[09/27/2008|11:30] C:\Program Files\<DIR> Java
[09/07/2008|11:27] C:\Program Files\<DIR> Kudos
[12/16/2007|10:28] C:\Program Files\<DIR> LawandOrderDarkObsession_at
[11/12/2006|04:12] C:\Program Files\<DIR> LawOrderVengefulHeart_at
[08/16/2006|07:49] C:\Program Files\<DIR> Learn2.com
[10/09/2007|10:20] C:\Program Files\<DIR> LimeWire
[12/12/2006|06:23] C:\Program Files\<DIR> Lx_cats
[09/26/2008|07:09] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/26/2008|07:47] C:\Program Files\<DIR> Memeo
[08/16/2006|07:32] C:\Program Files\<DIR> Messenger
[08/27/2006|05:31] C:\Program Files\<DIR> microsoft frontpage
[08/27/2006|05:31] C:\Program Files\<DIR> Microsoft Office
[08/16/2006|07:47] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[08/16/2006|07:47] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[09/09/2007|08:51] C:\Program Files\<DIR> Microsoft Works
[09/16/2008|10:37] C:\Program Files\<DIR> Minitab 15
[08/16/2006|07:41] C:\Program Files\<DIR> Modem Helper
[10/11/2007|07:09] C:\Program Files\<DIR> ModTheSims2.com
[08/16/2005|04:37] C:\Program Files\<DIR> Movie Maker
[09/30/2008|03:17] C:\Program Files\<DIR> Mozilla Firefox
[08/16/2005|04:37] C:\Program Files\<DIR> MSN
[08/16/2005|04:37] C:\Program Files\<DIR> MSN Gaming Zone
[11/29/2006|12:34] C:\Program Files\<DIR> MSXML 4.0
[08/16/2006|07:52] C:\Program Files\<DIR> MUSICMATCH
[03/22/2008|10:02] C:\Program Files\<DIR> Mysteryville
[06/11/2008|01:04] C:\Program Files\<DIR> Nancy Drew
[08/16/2005|04:40] C:\Program Files\<DIR> NetMeeting
[08/16/2006|07:41] C:\Program Files\<DIR> NetWaiting
[08/16/2006|07:46] C:\Program Files\<DIR> NetZeroInstallers
[11/17/2007|03:16] C:\Program Files\<DIR> Oberon Media
[02/07/2007|05:15] C:\Program Files\<DIR> On2 Technologies
[08/16/2005|04:38] C:\Program Files\<DIR> Online Services
[08/31/2006|01:09] C:\Program Files\<DIR> Outlook Express
[09/07/2008|11:27] C:\Program Files\<DIR> Paparazzi
[09/07/2008|11:27] C:\Program Files\<DIR> Peggle Deluxe
[02/07/2007|04:43] C:\Program Files\<DIR> Pizza Frenzy
[05/04/2008|12:22] C:\Program Files\<DIR> PlayFirst
[08/16/2006|07:49] C:\Program Files\<DIR> QuickTime
[09/21/2006|12:06] C:\Program Files\<DIR> Real
[09/14/2008|10:01] C:\Program Files\<DIR> Red Cross ERU
[12/17/2006|10:04] C:\Program Files\<DIR> ReflexiveArcade
[08/16/2005|08:58] C:\Program Files\<DIR> RGB
[01/15/2007|03:17] C:\Program Files\<DIR> ScanSoft
[08/16/2006|07:57] C:\Program Files\<DIR> SearchAssist
[08/29/2008|08:21] C:\Program Files\<DIR> Shockwave.com
[08/16/2006|07:37] C:\Program Files\<DIR> Sigmatel
[02/24/2007|11:55] C:\Program Files\<DIR> SmartDraw 2007
[08/16/2006|07:49] C:\Program Files\<DIR> Sonic
[09/01/2007|10:27] C:\Program Files\<DIR> Sophos
[01/31/2007|02:00] C:\Program Files\<DIR> Sophos SWEEP for NT
[09/24/2006|02:38] C:\Program Files\<DIR> SpongeBobDinerDash_at
[09/19/2008|09:12] C:\Program Files\<DIR> Spybot - Search & Destroy
[11/17/2007|03:25] C:\Program Files\<DIR> SuperCollapse3_at
[05/04/2008|12:09] C:\Program Files\<DIR> Supple
[08/16/2006|07:34] C:\Program Files\<DIR> Synaptics
[02/21/2007|01:16] C:\Program Files\<DIR> The Adventure Company
[05/04/2008|12:09] C:\Program Files\<DIR> The Game of Life - PTS
[09/07/2008|11:28] C:\Program Files\<DIR> The Game Of LIFE PTS
[02/06/2007|10:48] C:\Program Files\<DIR> TikGames
[09/22/2008|02:56] C:\Program Files\<DIR> Trend Micro
[09/07/2008|11:30] C:\Program Files\<DIR> Tropix 2 - The Quest for the Golden Banana
[11/18/2006|08:37] C:\Program Files\<DIR> TryMedia
[08/16/2005|04:50] C:\Program Files\<DIR> Uninstall Information
[09/14/2008|10:00] C:\Program Files\<DIR> Venture Arctic
[04/22/2007|05:30] C:\Program Files\<DIR> Virtual Laguna Beach
[08/16/2006|07:51] C:\Program Files\<DIR> WebCyberCoach
[08/26/2008|07:47] C:\Program Files\<DIR> Western Digital
[08/26/2008|07:45] C:\Program Files\<DIR> Western Digital Technologies
[08/16/2006|07:35] C:\Program Files\<DIR> WIDCOMM
[08/22/2006|08:16] C:\Program Files\<DIR> WildTangent
[03/19/2008|11:15] C:\Program Files\<DIR> Windows Media Player
[08/16/2005|04:37] C:\Program Files\<DIR> Windows NT
[08/16/2005|04:37] C:\Program Files\<DIR> Windows Plus
[01/15/2007|03:09] C:\Program Files\<DIR> WindowsUpdate
[02/24/2008|12:57] C:\Program Files\<DIR> WinRAR
[08/16/2006|07:50] C:\Program Files\<DIR> WordPerfect Office 12
[08/16/2005|04:43] C:\Program Files\<DIR> xerox
[02/28/2007|10:45] C:\Program Files\<DIR> Yahoo!
[09/21/2008|05:04] C:\Program Files\<DIR> Yahoo! Games
[09/23/2006|05:38] C:\Program Files\<DIR> ZooVet_at
[03/23/2008|07:21] C:\Program Files\<DIR> Zune

--------------------\\ Listing Folders in C:\Program Files\Common Files

[08/31/2006|09:23] C:\Program Files\Common Files\<DIR> Adobe
[03/09/2007|12:41] C:\Program Files\Common Files\<DIR> AOL
[08/16/2006|07:49] C:\Program Files\Common Files\<DIR> aolshare
[08/16/2006|07:50] C:\Program Files\Common Files\<DIR> Borland Shared
[09/01/2007|10:27] C:\Program Files\Common Files\<DIR> Cisco Systems
[03/19/2008|11:16] C:\Program Files\Common Files\<DIR> ComponentOne
[08/16/2006|07:50] C:\Program Files\Common Files\<DIR> Corel
[08/16/2006|07:41] C:\Program Files\Common Files\<DIR> Creative Labs Shared
[08/27/2006|05:33] C:\Program Files\Common Files\<DIR> Designer
[08/26/2008|07:47] C:\Program Files\Common Files\<DIR> eSellerate
[09/15/2006|07:24] C:\Program Files\Common Files\<DIR> Hypnotizer
[08/16/2006|07:49] C:\Program Files\Common Files\<DIR> InstallShield
[08/16/2006|07:31] C:\Program Files\Common Files\<DIR> Java
[03/23/2008|07:16] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/16/2005|04:40] C:\Program Files\Common Files\<DIR> MSSoap
[08/16/2006|07:49] C:\Program Files\Common Files\<DIR> Nullsoft
[08/16/2005|04:33] C:\Program Files\Common Files\<DIR> ODBC
[08/16/2006|07:49] C:\Program Files\Common Files\<DIR> Real
[09/23/2006|06:04] C:\Program Files\Common Files\<DIR> Sandlot Shared
[01/15/2007|03:18] C:\Program Files\Common Files\<DIR> ScanSoft Shared
[08/16/2005|04:40] C:\Program Files\Common Files\<DIR> Services
[08/16/2006|07:49] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/16/2005|04:33] C:\Program Files\Common Files\<DIR> SpeechEngines
[09/09/2006|06:31] C:\Program Files\Common Files\<DIR> SWF Studio
[08/31/2006|01:09] C:\Program Files\Common Files\<DIR> System
[08/16/2006|07:47] C:\Program Files\Common Files\<DIR> TiVo Shared

--------------------\\ Process

( 72 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Manda\Cookies\manda@advertising[2].txt
C:\DOCUME~1\Manda\Cookies\[email protected][1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 19:28:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:6][D:2]-> C:\DOCUME~1\Manda\LOCALS~1\Temp
[F:139][D:0]-> C:\DOCUME~1\Manda\Cookies
[F:23][D:4]-> C:\DOCUME~1\Manda\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 09/23/2008| 7:53 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Mon 09/29/2008|18:31 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - Tue 09/30/2008|19:30 - Option : [1]

--------------------\\ Scan completed at 19:30:25

[Egwene]

Hello amanda732,

Congralutations, your log looks clean

1) Uninstall combofix :

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

2) Run OTcleanIT :

Please Download OTcleanIT (OldTimer) : http://download.blee...r/OTCleanIt.exe

Open it and double-click on the "CleanUp" boutton.

3) Update windows :

Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

* Click Start.
* Select Settings and then Control Panel.
* Select Automatic Updates.
* Click Automatic (recommended)
* Choose a day and a time when you know the computer will be on and connected to the internet.
* Click Apply then OK.

4) Prevention/protection :

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

• If you haven't a firewall on your computer, I advice you to install one of the following : Kerio / Commodo / ZoneAlarme.
  
• Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  
• AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  
• SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  
• SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  
• IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  
• Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
• To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
  
• SpywareBlaster protects against bad ActiveX.
  
• IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
  Have a look at this tutorial for IE-Spyad here
  
  Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here

Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Regards,
Egwene.

[amanda732]

Thank you for all the help. I have done what you advised and my computer seems to be nicely protected and it is running great. Thanks again.

[Egwene]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.