Computer Hope
Software => Computer viruses and spyware => Topic started by: Griffonics on March 15, 2009, 08:51:02 PM
-
Allright, ive finally gotten sick enough of this, and after running several safe mode virus scans using avast and shaw secure. We have nothing. And im getting angry.
So.
When i search in google, i am redirected to any number of smartbizsearch items. The first link i double click on redirects me, and some of the subsequent ones do as well, and all of the following open in new tab link (on the first time i click on them) redirect. There seems to be no pattern of recurrent redirects after the first. and here is my hijackthis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:50 PM, on 15/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6" -"http://www.neopets.com/games/dgs/play_shockwave.phtml?va=&game_id=480&nc_referer=&age=1&hiscore=&sp=0&questionSet=&r=59681&width=640&height=560&quality=high"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227344959296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227345001156
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://shawsecure.ca/virusscanner/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BDA7CA6-5E35-4F31-B9B4-7BDBB2455BE1}: NameServer = 85.255.112.187,85.255.112.208
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.187,85.255.112.208
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.187,85.255.112.208
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
--
End of file - 8295 bytes
Thanks
Cara
-
Download Malwarebytes' Anti-Malware (MBAM) (http://www.besttechie.net/tools/mbam-setup.exe)
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
----------
Download random's system information tool (RSIT) (http://images.malwareremoval.com/random/RSIT.exe) by random/random from and save it to your Desktop.
- Double click on RSIT.exe to run.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open.
- log.txt <will be maximized and info.txt <will be minimized
- Please post the contents of both logs in the next reply.
-
Thank you!
Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-03-16 01:02:13
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 289 GB (61%) free of 477 GB
Total RAM: 2046 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:19 AM, on 16/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6" -"http://www.neopets.com/games/dgs/play_shockwave.phtml?va=&game_id=480&nc_referer=&age=1&hiscore=&sp=0&questionSet=&r=59681&width=640&height=560&quality=high"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227344959296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227345001156
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://shawsecure.ca/virusscanner/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BDA7CA6-5E35-4F31-B9B4-7BDBB2455BE1}: NameServer = 85.255.112.187,85.255.112.208
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.187,85.255.112.208
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.187,85.255.112.208
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
--
End of file - 8382 bytes
-
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-03 16876032]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"NWEReboot"= []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-11-24 460216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-28 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\FalloutLauncher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e12aa6e-0a02-11de-9514-001fd0a14593}]
shell\AutoRun\command - J:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{821e5bf9-b9a7-11dd-94f8-001fd0a14593}]
shell\AutoRun\command - N:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff32b111-b8b0-11dd-b5db-806d6172696f}]
shell\AutoRun\command - D:\Autorun.exe
======List of files/folders created in the last 1 months======
2009-03-16 01:02:13 ----D---- C:\rsit
2009-03-16 00:54:04 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-03-16 00:53:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-16 00:53:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-15 21:37:33 ----D---- C:\Program Files\Trend Micro
2009-03-13 14:51:32 ----D---- C:\TEMP
2009-03-13 14:51:32 ----D---- C:\DVD
2009-03-13 14:50:40 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-03-13 14:50:40 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-03-13 14:50:40 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-03-13 14:50:40 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-03-13 14:50:38 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-03-13 14:50:38 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-03-11 23:07:54 ----D---- C:\fsaua.data
2009-03-11 20:32:01 ----D---- C:\WINDOWS\pss
2009-03-11 15:30:48 ----D---- C:\WINDOWS\.jagex_cache_32
2009-03-11 15:27:14 ----RASHD---- C:\autorun.inf
2009-03-08 22:51:24 ----D---- C:\Program Files\Microsoft
2009-03-08 22:51:07 ----D---- C:\Program Files\Windows Live SkyDrive
2009-03-08 22:49:27 ----D---- C:\Program Files\Common Files\Windows Live
2009-02-25 04:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-21 14:58:40 ----D---- C:\Documents and Settings\Owner\Application Data\Canon
2009-02-18 00:38:03 ----D---- C:\Program Files\Virtools
======List of files/folders modified in the last 1 months======
2009-03-16 01:02:10 ----D---- C:\WINDOWS\Prefetch
2009-03-16 00:54:02 ----D---- C:\WINDOWS\system32\drivers
2009-03-16 00:53:59 ----RD---- C:\Program Files
2009-03-16 00:50:33 ----D---- C:\Program Files\Mozilla Firefox
2009-03-16 00:25:48 ----D---- C:\WINDOWS\Temp
2009-03-15 21:56:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-15 21:47:38 ----D---- C:\Documents and Settings\Owner\Application Data\BitTorrent
2009-03-13 15:47:57 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-13 15:47:48 ----D---- C:\Program Files\Aurora MPEG To DVD Burner
2009-03-13 14:50:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-13 14:50:40 ----D---- C:\WINDOWS\system32
2009-03-13 14:50:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-13 14:48:40 ----A---- C:\WINDOWS\Aurora MPEG To DVD.INI
2009-03-12 00:15:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-12 00:10:10 ----RSH---- C:\boot.ini
2009-03-12 00:10:10 ----A---- C:\WINDOWS\win.ini
2009-03-12 00:10:10 ----A---- C:\WINDOWS\system.ini
2009-03-12 00:03:31 ----SHD---- C:\RECYCLER
2009-03-12 00:02:36 ----D---- C:\Documents and Settings
2009-03-11 20:32:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-11 20:32:01 ----D---- C:\WINDOWS
2009-03-11 18:06:19 ----D---- C:\WINDOWS\network diagnostic
2009-03-11 15:04:53 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-11 15:00:50 ----D---- C:\Program Files\Bonjour
2009-03-11 14:52:54 ----D---- C:\Documents and Settings\Owner\Application Data\DNA
2009-03-08 22:52:49 ----SHD---- C:\WINDOWS\Installer
2009-03-08 22:52:01 ----D---- C:\WINDOWS\WinSxS
2009-03-08 22:51:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-08 22:51:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-08 22:50:49 ----RSD---- C:\WINDOWS\Fonts
2009-03-08 22:50:43 ----D---- C:\Program Files\Windows Live
2009-03-08 22:50:31 ----HD---- C:\WINDOWS\inf
2009-03-08 22:49:27 ----D---- C:\Program Files\Common Files
2009-03-05 02:39:27 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-24 20:05:14 ----D---- C:\Documents and Settings\Owner\Application Data\Winamp
2009-02-24 18:42:43 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-22 03:50:25 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2009-02-18 00:38:11 ----D---- C:\WINDOWS\system32\DirectX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2007-01-16 11986]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-10-28 3341824]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-03 4745216]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2008-06-17 3692288]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-11-22 105088]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 gaopdxserv.sys;gaopdxserv.sys; C:\WINDOWS\system32\drivers\gaopdxserv.sys []
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 ICAM5USB;Intel(r) PC Camera CS110; C:\WINDOWS\System32\Drivers\Icam5USB.sys [2001-08-17 100992]
S3 maa950c;maa950c; C:\WINDOWS\System32\Drivers\maa950c.sys [2005-06-16 24784]
S3 maa950m;maa950m; C:\WINDOWS\System32\Drivers\maa950m.sys [2005-06-16 25044]
S3 maa950u;maa950u; C:\WINDOWS\System32\Drivers\maa950u.sys [2007-01-18 49237]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-10-28 585728]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-28 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
-----------------EOF-----------------
-
info.txt logfile of random's system information tool 1.05 2009-03-16 01:02:21
======Uninstall list======
-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DVIA player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8C E.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Age of Empires III - The WarChiefs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Aurora MPEG To DVD Burner 5.2.4-->"C:\Program Files\Aurora MPEG To DVD Burner\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitPim 1.0.6-->"C:\Program Files\BitPim\unins000.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Browser Configuration Utility-->"C:\Program Files\InstallShield Installation Information\{E8AEA11B-E60A-455E-B008-E4E763604612}\setup.exe" -runfromtemp -l0x0009 -removeonly
Canon MP530-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{3215EBED-1D06-42fb-A05C-A752A46FB24C}\DelDrv.exe" /U:{3215EBED-1D06-42fb-A05C-A752A46FB24C} /L0x0009
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CorelDRAW Graphics Suite X4 - Capture-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF012}
CorelDRAW Graphics Suite X4 - Content-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF016}
CorelDRAW Graphics Suite X4 - Draw-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF013}
CorelDRAW Graphics Suite X4 - Filters-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF017}
CorelDRAW Graphics Suite X4 - FontNav-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF019}
CorelDRAW Graphics SUite X4 - ICA-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF010}
CorelDRAW Graphics Suite X4 - IPM-->MsiExec.exe /I{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}
CorelDRAW Graphics Suite X4 - Lang EN-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF100}
CorelDRAW Graphics Suite X4 - PP-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF014}
CorelDRAW Graphics Suite X4 - VBA-->MsiExec.exe /I{BF439B41-0252-48DE-8B8B-0430CB26A181}
CorelDRAW Graphics Suite X4-->MsiExec.exe /I{44A27085-0616-4181-A0C3-81C7ECA17F73}
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->c:\Program Files\Common Files\Corel\Shared\Shell Extension\Uninst.exe
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->MsiExec.exe /X{CE2DA11A-917F-4CF5-AB55-755EC115DD10}
CorelDRAW(R) Graphics Suite X4-->c:\Program Files\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe /arp
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB938759)-->"C:\WINDOWS\$NtUninstallKB938759$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Small Business-->MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Nero 7 Ultra Edition-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
QPST-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31228E31-2BFF-11D2-8866-00805F0D9D40}\Setup.exe" -uninst
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
-
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SimPE 0.72 (alpha)-->"C:\Program Files\SimPE\unins000.exe"
Sims 2 RoboFileMaid 3000-->"C:\Program Files\Sims2RoboFileMaid3000\uninstall.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Sims 2 Family Fun Stuff-->C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 2 Bon Voyage-->C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 Celebration! Stuff-->C:\Program Files\EA GAMES\The Sims 2 Celebration! Stuff\EAUninstall.exe
The Sims™ 2 FreeTime-->C:\Program Files\EA GAMES\The Sims 2 FreeTime\EAUninstall.exe
The Sims™ 2 Seasons-->C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
======Security center information======
AV: avast! antivirus 4.8.1335 [VPS 090315-1]
System event log
Computer Name: BRIAN-PC
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
Record Number: 959
Source Name: SideBySide
Time Written: 20081207172206.000000-360
Event Type: error
User:
Computer Name: BRIAN-PC
Event Code: 59
Message: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference error message: The operation completed successfully.
.
Record Number: 958
Source Name: SideBySide
Time Written: 20081207172203.000000-360
Event Type: error
User:
Computer Name: BRIAN-PC
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.
Record Number: 957
Source Name: SideBySide
Time Written: 20081207172203.000000-360
Event Type: error
User:
Computer Name: BRIAN-PC
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
Record Number: 956
Source Name: SideBySide
Time Written: 20081207172203.000000-360
Event Type: error
User:
Computer Name: BRIAN-PC
Event Code: 59
Message: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference error message: The operation completed successfully.
.
Record Number: 955
Source Name: SideBySide
Time Written: 20081207172202.000000-360
Event Type: error
User:
Application event log
Computer Name: BRIAN-PC
Event Code: 700
Message: msnmsgr (2408) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_D610_51C9_1051_B16B\dfsr.db'.
Record Number: 684
Source Name: ESENT
Time Written: 20090102170022.000000-360
Event Type: information
User:
Computer Name: BRIAN-PC
Event Code: 701
Message: msnmsgr (2408) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_D610_51C9_1051_B16B\dfsr.db'.
Record Number: 683
Source Name: ESENT
Time Written: 20090102160022.000000-360
Event Type: information
User:
Computer Name: BRIAN-PC
Event Code: 700
Message: msnmsgr (2408) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_D610_51C9_1051_B16B\dfsr.db'.
Record Number: 682
Source Name: ESENT
Time Written: 20090102160022.000000-360
Event Type: information
User:
Computer Name: BRIAN-PC
Event Code: 701
Message: msnmsgr (2408) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_D610_51C9_1051_B16B\dfsr.db'.
Record Number: 681
Source Name: ESENT
Time Written: 20090102150022.000000-360
Event Type: information
User:
Computer Name: BRIAN-PC
Event Code: 700
Message: msnmsgr (2408) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_D610_51C9_1051_B16B\dfsr.db'.
Record Number: 680
Source Name: ESENT
Time Written: 20090102150022.000000-360
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
-
Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3
16/03/2009 1:06:00 AM
mbam-log-2009-03-16 (01-06-00).txt
Scan type: Quick Scan
Objects scanned: 72753
Time elapsed: 4 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.187,85.255.112.208 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6bda7ca6-5e35-4f31-b9b4-7bdbb2455be1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.187,85.255.112.208 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.187,85.255.112.208 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6bda7ca6-5e35-4f31-b9b4-7bdbb2455be1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.187,85.255.112.208 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.187,85.255.112.208 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6bda7ca6-5e35-4f31-b9b4-7bdbb2455be1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.187,85.255.112.208 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Sorry, they were too big to post all in one. :)
-
Open HijackThis and select Do a system scan only.
Place a check mark next to the following entries: (if there)
- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
- O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
- O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
- O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -\"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6\" -\"http://www.neopets.com/games/dgs/play_shockwave.phtml?va=&game_id=480&nc_referer=&age=1&hiscore=&sp=0&questionSet=&r=59681&width=640&height=560&quality=high\"
- O17 - HKLM\System\CCS\Services\Tcpip\..\{6BDA7CA6-5E35-4F31-B9B4-7BDBB2455BE1}: NameServer = 85.255.112.187,85.255.112.208
- O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.187,85.255.112.208
- O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.187,85.255.112.208
.
Important: Close all windows except for HijackThis and then click Fix checked.
Exit HijackThis.
----------
Go to Start > Control Panel - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step.
* Double-click the Network Connections icon.
* Right-click the Local Area Connection icon and select Properties.
* Highlight Internet Protocol (TCP/IP) and click the Properties button.
* Be sure Obtain DNS server address automatically is selected.
* OK your way out.
Go to Start > Run and type in cmd
Click OK
* This will open a command prompt.
* Type the following line in the command window:
ipconfig /flushdns (note the space between ipconfig and /)
* Press Enter on the keyboard.
* Exit the command window
Now restart your computer.
----------
Go to Start > Run and type notepad.exe then click OK
Copy and paste the below into Notepad and save as fixme.reg to Your Desktop
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{821e5bf9-b9a7-11dd-94f8-001fd0a14593}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff32b111-b8b0-11dd-b5db-806d6172696f}]
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.
Delete the fixme.reg from the Desktop.
----------
Your Java is out of date.
Older versions have vulnerabilities that malicious sites can use to infect your system.
First install the new Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html)
Be sure to close all browser windows before beginning the install.
Remove the old version(s)
Download JavaRa (http://www.majorgeeks.com/JavaRa_d5967.html)
- Unzip the file and open the JavaRa.exe
- Click Remove Older Versions
- JavaRa will search for and remove any outdated version of Java and remove any that are found.
- Click Additional Tasks
- Place a check next to Remove Useless JRE Files and click Go
- Exit JavaRa
- Delete the JavaRa files from the Desktop
.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
----------
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
ComboFix 09-03-18.01 - Owner 2009-03-18 17:35:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1558 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090318-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.
2009-03-17 03:00 . 2008-04-13 19:12 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-17 00:30 . 2009-03-17 00:30 <DIR> d-------- c:\program files\Neopets
2009-03-17 00:30 . 2009-03-17 00:31 <DIR> d-------- c:\documents and settings\Owner\Application Data\Neopets Toolbar
2009-03-16 01:02 . 2009-03-16 01:02 <DIR> d-------- C:\rsit
2009-03-16 00:54 . 2009-03-16 00:54 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-16 00:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-16 00:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-16 00:53 . 2009-03-16 00:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-16 00:53 . 2009-03-16 00:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-15 21:37 . 2009-03-15 21:37 <DIR> d-------- c:\program files\Trend Micro
2009-03-13 15:47 . 2009-03-13 16:02 647,213,056 --a------ C:\(AuroraFixedDVD)05-Sword and the Wind.mpg
2009-03-13 15:31 . 2009-03-13 15:47 626,774,016 --a------ C:\(AuroraFixedDVD)04-Hand of God.mpg
2009-03-13 15:18 . 2009-03-13 15:31 628,508,672 --a------ C:\(AuroraFixedDVD)03-Baptism of Fire.mpg
2009-03-13 15:04 . 2009-03-13 15:18 662,812,672 --a------ C:\(AuroraFixedDVD)02-Band of the Hawk.mpg
2009-03-13 14:51 . 2009-03-13 16:09 <DIR> d-------- C:\TEMP
2009-03-13 14:51 . 2009-03-13 16:02 <DIR> d-------- C:\DVD
2009-03-13 14:51 . 2009-03-13 15:04 591,933,440 --a------ C:\(AuroraFixedDVD)01-The Black Swordsman.mpg
2009-03-13 14:50 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-03-13 14:50 . 2001-08-17 22:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2009-03-13 14:50 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-03-13 14:50 . 2001-08-17 22:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2009-03-13 14:50 . 2008-04-13 18:09 6,144 --a------ c:\windows\system32\kbd106.dll
2009-03-13 14:50 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-03-13 14:50 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-03-13 14:50 . 2008-04-13 18:09 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-03-13 14:50 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2009-03-13 14:50 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2009-03-13 14:50 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2009-03-13 14:50 . 2001-08-17 14:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2009-03-12 00:02 . 2009-03-12 00:02 <DIR> d-------- c:\documents and settings\Administrator
2009-03-11 23:07 . 2009-03-11 23:07 <DIR> d-------- C:\fsaua.data
2009-03-11 15:30 . 2009-03-11 15:30 <DIR> d-------- c:\windows\.jagex_cache_32
2009-03-11 15:30 . 2009-03-11 15:42 34 --a------ c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-03-08 22:52 . 2009-03-17 22:20 <DIR> d-------- c:\documents and settings\Owner\Tracing
2009-03-08 22:51 . 2009-03-08 22:51 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-08 22:51 . 2009-03-08 22:51 <DIR> d-------- c:\program files\Microsoft
2009-03-08 22:49 . 2009-03-08 22:49 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-21 14:58 . 2009-02-21 14:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Canon
2009-02-18 00:38 . 2009-02-18 00:38 <DIR> d-------- c:\program files\Virtools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 22:22 --------- d-----w c:\program files\Common Files\Adobe
2009-03-16 02:47 --------- d-----w c:\documents and settings\Owner\Application Data\BitTorrent
2009-03-13 20:47 --------- d-----w c:\program files\Aurora MPEG To DVD Burner
2009-03-11 20:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 20:00 --------- d-----w c:\program files\Bonjour
2009-03-11 19:52 --------- d-----w c:\documents and settings\Owner\Application Data\DNA
2009-03-09 03:50 --------- d-----w c:\program files\Windows Live
2009-03-09 00:26 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-03-05 07:39 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 01:05 --------- d-----w c:\documents and settings\Owner\Application Data\Winamp
2009-02-15 14:30 --------- d-----w c:\documents and settings\Owner\Application Data\Apple Computer
2009-02-15 14:19 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 23:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 04:41 --------- d-----w c:\program files\QPST
2009-02-06 04:21 --------- d-----w c:\program files\BitPim
2009-02-02 05:56 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-01-20 19:50 --------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3
2009-01-20 19:11 --------- d-----w c:\program files\Microsoft Games
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-03 21:37 8 --sh--r c:\documents and settings\All Users\Application Data\A417103B68.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\alcwzrd.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-22 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-22 20560]
S3 maa950c;maa950c;c:\windows\system32\drivers\maa950c.sys [2009-02-05 24784]
S3 maa950m;maa950m;c:\windows\system32\drivers\maa950m.sys [2009-02-05 25044]
S3 maa950u;maa950u;c:\windows\system32\drivers\maa950u.sys [2009-02-05 49237]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\FalloutLauncher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e12aa6e-0a02-11de-9514-001fd0a14593}]
\Shell\AutoRun\command - J:\setupSNK.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe
HKLM-Run-NWEReboot - (no file)
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xj5iakuv.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=101447&l=dis&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 17:36:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-18 17:37:28
ComboFix-quarantined-files.txt 2009-03-18 22:37:24
Pre-Run: 304,775,708,672 bytes free
Post-Run: 305,257,295,872 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
159 --- E O F --- 2009-03-17 08:01:20
All done, Found a trojan with mbam on the first try. Seems to have fixed it.
-
Update and run MBAM
Please Run Malwarebytes' Anti-Malware.
- Click the Update tab.
- Click Check for Updates
- If an update is found, it will download and install.
- Click the Scanner tab.
- Select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy & Paste the entire report in your next reply along with a fresh HijackThis log.
.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
----------
Download Lop S&D by Eric_71 (http://eric.71.mespages.googlepages.com/LopSD.exe) and save it to your Desktop. Lop S&D will only run on Windows XP and Windows Vista
Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. If needed see: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)
Double click LopSD.exe - If you are using Windows Vista, right-click on the LopSD icon and select Run as administrator to perform this scan.
- Choose the language by typing of the corresponding letter and press Enter
- Click OK at the informative window
- Type 1, to choose Option 1 (Search) then press Enter
- Wait until the end of the scan
- A report will be generated, post the contents of it in your next reply.
A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt
.
----------
Also let me know how the computer is running now.
-
Malwarebytes' Anti-Malware 1.34
Database version: 1888
Windows 5.1.2600 Service Pack 3
23/03/2009 10:30:02 AM
mbam-log-2009-03-23 (10-30-02).txt
Scan type: Quick Scan
Objects scanned: 68793
Time elapsed: 2 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ )
BIOS : Award Modular BIOS v6.00PG
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090322-0] 4.8.1335 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:465 Go (Free:283 Go)
D:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 23/03/2009|10:35 )
--------------------\\ Listing folders in APPLIC~1
[22/11/2008|05:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[04/12/2008|01:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[18/03/2009|05:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[20/01/2009|02:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3
[23/11/2008|04:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[04/12/2008|01:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[22/11/2008|04:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI
[23/11/2008|04:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[04/12/2008|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Corel
[08/12/2008|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Fallout3
[23/11/2008|04:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[16/03/2009|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[08/03/2009|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[11/12/2008|08:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS
[23/11/2008|04:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ScanSoft
[22/11/2008|04:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[23/11/2008|07:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip
[24/11/2008|12:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[22/11/2008|05:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[21/02/2009|09:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[22/11/2008|05:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[22/02/2009|03:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[23/11/2008|05:14] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Ahead
[15/02/2009|09:30] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[22/11/2008|04:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ATI
[15/03/2009|09:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> BitTorrent
[21/02/2009|02:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Canon
[03/12/2008|04:37] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Corel
[23/11/2008|05:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> DivX
[11/03/2009|02:52] C:\DOCUME~1\Owner\APPLIC~1\<DIR> DNA
[22/03/2009|09:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> dvdcss
[05/02/2009|11:43] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[22/11/2008|05:49] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[22/11/2008|05:51] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InstallShield
[15/02/2009|09:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> LimeWire
[28/01/2009|09:39] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[16/03/2009|12:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Malwarebytes
[20/03/2009|01:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[23/11/2008|05:22] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft Web Folders
[22/11/2008|11:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla
[24/12/2008|12:29] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MSNInstaller
[17/03/2009|12:31] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Neopets Toolbar
[23/11/2008|04:56] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ScanSoft
[23/11/2008|05:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[14/12/2008|05:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SystemRequirementsLab
[03/12/2008|04:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> vlc
[24/02/2009|08:05] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Winamp
[22/11/2008|05:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Windows Desktop Search
[22/11/2008|10:26] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Windows Search
[23/11/2008|04:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> WinRAR
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[18/03/2009 05:37 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/02/2006 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[18/03/2009|05:22] C:\Program Files\<DIR> Adobe
[23/11/2008|05:30] C:\Program Files\<DIR> Alcohol Soft
[22/11/2008|04:43] C:\Program Files\<DIR> Alwil Software
[22/11/2008|05:51] C:\Program Files\<DIR> AMD
[23/11/2008|04:46] C:\Program Files\<DIR> Apple Software Update
[23/11/2008|05:40] C:\Program Files\<DIR> Ares
[22/11/2008|04:18] C:\Program Files\<DIR> ATI Technologies
[13/03/2009|03:47] C:\Program Files\<DIR> Aurora MPEG To DVD Burner
[08/12/2008|11:55] C:\Program Files\<DIR> Bethesda Softworks
[05/02/2009|11:21] C:\Program Files\<DIR> BitPim
[23/11/2008|05:41] C:\Program Files\<DIR> BitTorrent
[11/03/2009|03:00] C:\Program Files\<DIR> Bonjour
[22/11/2008|05:51] C:\Program Files\<DIR> Browser Configuration Utility
[23/11/2008|06:34] C:\Program Files\<DIR> Canon
[23/11/2008|04:52] C:\Program Files\<DIR> CanonBJ
[18/03/2009|05:36] C:\Program Files\<DIR> Common Files
[22/11/2008|05:42] C:\Program Files\<DIR> ComPlus Applications
[03/12/2008|04:34] C:\Program Files\<DIR> Corel
[23/11/2008|04:42] C:\Program Files\<DIR> DivX
[18/03/2009|06:23] C:\Program Files\<DIR> EA GAMES
[11/03/2009|03:04] C:\Program Files\<DIR> InstallShield Installation Information
[11/02/2009|11:39] C:\Program Files\<DIR> Internet Explorer
[04/12/2008|01:27] C:\Program Files\<DIR> iPod
[01/01/2009|02:40] C:\Program Files\<DIR> iTunes
[03/12/2008|02:44] C:\Program Files\<DIR> Java
[18/03/2009|05:45] C:\Program Files\<DIR> MagicISO
[16/03/2009|12:54] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[22/11/2008|04:49] C:\Program Files\<DIR> Messenger
[08/03/2009|10:51] C:\Program Files\<DIR> Microsoft
[23/11/2008|07:04] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[23/11/2008|05:22] C:\Program Files\<DIR> microsoft frontpage
[20/01/2009|02:11] C:\Program Files\<DIR> Microsoft Games
[02/02/2009|12:56] C:\Program Files\<DIR> Microsoft Games for Windows - LIVE
[23/11/2008|05:22] C:\Program Files\<DIR> Microsoft Office
[05/03/2009|02:39] C:\Program Files\<DIR> Microsoft Silverlight
[22/11/2008|04:35] C:\Program Files\<DIR> Movie Maker
[23/03/2009|10:25] C:\Program Files\<DIR> Mozilla Firefox
[08/12/2008|11:54] C:\Program Files\<DIR> MSBuild
[24/12/2008|12:28] C:\Program Files\<DIR> MSN
[22/11/2008|05:41] C:\Program Files\<DIR> MSN Gaming Zone
[23/11/2008|07:04] C:\Program Files\<DIR> MSXML 4.0
[17/03/2009|12:30] C:\Program Files\<DIR> Neopets
[23/11/2008|05:11] C:\Program Files\<DIR> Nero
[22/11/2008|04:34] C:\Program Files\<DIR> NetMeeting
[11/12/2008|08:24] C:\Program Files\<DIR> NOS
[22/11/2008|05:41] C:\Program Files\<DIR> Online Services
[22/11/2008|04:34] C:\Program Files\<DIR> Outlook Express
[05/02/2009|11:41] C:\Program Files\<DIR> QPST
[23/11/2008|04:46] C:\Program Files\<DIR> QuickTime
[22/11/2008|05:54] C:\Program Files\<DIR> Realtek
[08/12/2008|11:53] C:\Program Files\<DIR> Reference Assemblies
[23/11/2008|05:00] C:\Program Files\<DIR> Samsung
[23/11/2008|04:55] C:\Program Files\<DIR> ScanSoft
[09/01/2009|04:38] C:\Program Files\<DIR> SimPE
[23/11/2008|07:11] C:\Program Files\<DIR> Sims2RoboFileMaid3000
[14/12/2008|05:55] C:\Program Files\<DIR> SystemRequirementsLab
[15/03/2009|09:37] C:\Program Files\<DIR> Trend Micro
[22/11/2008|05:49] C:\Program Files\<DIR> Uninstall Information
[23/11/2008|04:45] C:\Program Files\<DIR> VideoLAN
[18/02/2009|12:38] C:\Program Files\<DIR> Virtools
[03/12/2008|02:43] C:\Program Files\<DIR> Winamp
[22/11/2008|05:01] C:\Program Files\<DIR> Windows Desktop Search
[08/03/2009|10:50] C:\Program Files\<DIR> Windows Live
[08/03/2009|10:51] C:\Program Files\<DIR> Windows Live SkyDrive
[22/11/2008|05:00] C:\Program Files\<DIR> Windows Media Connect 2
[01/01/2009|02:40] C:\Program Files\<DIR> Windows Media Player
[22/11/2008|04:34] C:\Program Files\<DIR> Windows NT
[22/11/2008|05:44] C:\Program Files\<DIR> WindowsUpdate
[23/11/2008|04:54] C:\Program Files\<DIR> WinRAR
[23/11/2008|04:56] C:\Program Files\<DIR> WinZip
[22/11/2008|05:45] C:\Program Files\<DIR> xerox
--------------------\\ Listing Folders in C:\Program Files\Common Files
[18/03/2009|05:22] C:\Program Files\Common Files\<DIR> Adobe
[09/12/2008|02:35] C:\Program Files\Common Files\<DIR> Adobe AIR
[23/11/2008|05:11] C:\Program Files\Common Files\<DIR> Ahead
[04/12/2008|01:27] C:\Program Files\Common Files\<DIR> Apple
[03/12/2008|04:34] C:\Program Files\Common Files\<DIR> Corel
[23/11/2008|05:24] C:\Program Files\Common Files\<DIR> Designer
[23/11/2008|04:56] C:\Program Files\Common Files\<DIR> InstallShield
[08/03/2009|10:51] C:\Program Files\Common Files\<DIR> Microsoft Shared
[22/11/2008|05:43] C:\Program Files\Common Files\<DIR> MSSoap
[22/11/2008|11:31] C:\Program Files\Common Files\<DIR> ODBC
[03/12/2008|04:36] C:\Program Files\Common Files\<DIR> Protexis
[23/11/2008|04:56] C:\Program Files\Common Files\<DIR> ScanSoft Shared
[22/11/2008|05:43] C:\Program Files\Common Files\<DIR> Services
[22/11/2008|11:31] C:\Program Files\Common Files\<DIR> SpeechEngines
[23/11/2008|05:23] C:\Program Files\Common Files\<DIR> System
[08/03/2009|10:49] C:\Program Files\Common Files\<DIR> Windows Live
[24/11/2008|12:54] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
--------------------\\ Process
( 39 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
C:\DOCUME~1\Owner\Cookies\[email protected][2].txt
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 10:36:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Searching for other infections
-
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Owner\Application Data\BitTorrent\Age Of Empires III + Warchiefs Expansion + Crack and key.torrent
C:\DOCUME~1\Owner\Application Data\BitTorrent\The Sims 2 Apartment Life Inc. CD Keys & Crack.torrent
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack
C:\DOCUME~1\Owner\My Documents\Downloads\CorelDRAW X4 Graphics Suite 14.0\CorelDraw_X4_Keygen.exe
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\Readme.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc. CD Keys & Crack.uif
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\Torrent downloaded from Demonoid.com.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun.exe
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\autorun.inf
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRunGUI.dll
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\common_filelist.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\compressed.zip
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Crack
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\eauninstall.exe
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\eauninstall.ico
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Sims2EP8.ico
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Sims2EP8_Uninst.exe
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\TSBin
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\TSData
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\AutoRun.bmp
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\autorun.cfg
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\cs_AutoRun.bmp
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\da_AutoRun.bmp
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\de_AutoRun.bmp
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\en-uk_AutoRun.bmp
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\es_AutoRun.bmp
-
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\fi_AutoRun.bmp
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\fr-fr_AutoRun.bmp
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\hu_AutoRun.bmp
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\it_AutoRun.bmp
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\nl_AutoRun.bmp
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\no_AutoRun.bmp
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\pl_AutoRun.bmp
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\pt-br_AutoRun.bmp
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\pt-pt_AutoRun.bmp
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\ru_AutoRun.bmp
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\AutoRun\sv_AutoRun.bmp
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Crack\rld-s2e8.exe
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Crack\Sims2EP8.exe
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\cs
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\cs_eula.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\da
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\da_eula.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\de
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\de_eula.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\en-uk
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\en-uk_eula.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\es
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\es_eula.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\fi
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\fi_eula.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\fr-fr
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\fr-fr_eula.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\hu
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\hu_eula.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\it
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\it_eula.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\Localization.ini
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\nl
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\nl_eula.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\no
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\no_eula.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\OpenSSL_License.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\OpenSSL_License_FR.TXT
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\pl
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\pl_eula.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\pt-br
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\pt-br_eula.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\pt-pt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\pt-pt_eula.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\ru
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\ru_eula.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\sv
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\sv_eula.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\The Sims 2 Apartment Life_code.exe
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\The Sims 2 Apartment Life_uninst.exe
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\cs\ctimne.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\da\readme.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\de\readme.txt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\badge.gif
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Da
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\De
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Electronic_Arts_Technical_Support.htm
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\en-uk
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\en-us
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Es
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Fi
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\fr-fr
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Hu
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\It
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\NL
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\No
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Pol
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\pt
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\pt-br
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Ru
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Sv
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\Autorun.htm
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\badge.gif
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\bgrd_main.jpg
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\black background.JPG
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\blueback.gif
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\Blue_Screen_.htm
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\bookopen.gif
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\book_closed.gif
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\CD_DVD_Issues.htm
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\CD_DVD_Issues2.htm
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\CD_DVD_Troubleshooting.htm
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\check.jpg
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\Cleaning_your_CD_DVD.htm
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\close.gif
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\content_h.gif
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\content_n.gif
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\Copy of bookopen.gif
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\Crashes.htm
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\Crash_Issues2.htm
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\Crash_Issues3.htm
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\default.css
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\default_ns.css
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\directional.gif
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\DirectX.htm
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\Display_Settings.htm
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\EA_HELP_CZ.htm
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\EA_Help_UK.log
C:\DOCUME~1\Owner\My Documents\Downloads\The Sims 2 Apartment Life Inc. CD Keys & Crack\The Sims 2 Apartment Life Inc\Support\EA Help\Cz\EA_logo(Silver).jpg
-
C:\DOCUME~1\Owner\My Documents\My Music\Electronica\Sets\ADAMZ\110 Wind That Cracks the Leaves.mp3
C:\DOCUME~1\Owner\My Documents\My Music\Electronica\Sets\ADAMZ\111 Wind That Cracks the Leaves.mp3
C:\DOCUME~1\Owner\My Documents\My Music\Electronica\Sets\daves\Pavement Cracks (Scumfrog Vocal Mix).mp3
C:\DOCUME~1\Owner\Recent\Age Of Empires III + Warchiefs Expansion + Crack and key.lnk
C:\DOCUME~1\Owner\Recent\The Sims 2 Apartment Life Inc. CD Keys & Crack (2).lnk
[F:42][D:8]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:96][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:274][D:4]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 23/03/2009|10:36 - Option : [1]
--------------------\\ Scan completed at 10:36:46
Hey! Things are running great since the last MBAM. No more redirects and speed seems to be up a little as well. The program flagged EVERY file in that Apt. Life folder. I cut some of it out so i could post this in less than 20 posts.
-
You have to remove the cracks before I can continue helping...
-
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ )
BIOS : Award Modular BIOS v6.00PG
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090323-0] 4.8.1335 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:465 Go (Free:285 Go)
D:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 23/03/2009|20:06 )
--------------------\\ Listing folders in APPLIC~1
[22/11/2008|05:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[04/12/2008|01:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[18/03/2009|05:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[20/01/2009|02:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3
[23/11/2008|04:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[04/12/2008|01:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[22/11/2008|04:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI
[23/11/2008|04:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[04/12/2008|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Corel
[08/12/2008|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Fallout3
[23/11/2008|04:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[16/03/2009|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[08/03/2009|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[11/12/2008|08:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS
[23/11/2008|04:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ScanSoft
[22/11/2008|04:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[23/11/2008|07:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip
[24/11/2008|12:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[22/11/2008|05:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[21/02/2009|09:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[22/11/2008|05:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[22/02/2009|03:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[23/11/2008|05:14] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Ahead
[15/02/2009|09:30] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[22/11/2008|04:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ATI
[23/03/2009|08:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> BitTorrent
[21/02/2009|02:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Canon
[03/12/2008|04:37] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Corel
[23/11/2008|05:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> DivX
[11/03/2009|02:52] C:\DOCUME~1\Owner\APPLIC~1\<DIR> DNA
[22/03/2009|09:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> dvdcss
[05/02/2009|11:43] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[22/11/2008|05:49] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[22/11/2008|05:51] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InstallShield
[15/02/2009|09:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> LimeWire
[28/01/2009|09:39] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[16/03/2009|12:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Malwarebytes
[20/03/2009|01:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[23/11/2008|05:22] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft Web Folders
[22/11/2008|11:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla
[24/12/2008|12:29] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MSNInstaller
[17/03/2009|12:31] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Neopets Toolbar
[23/11/2008|04:56] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ScanSoft
[23/11/2008|05:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[14/12/2008|05:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SystemRequirementsLab
[03/12/2008|04:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> vlc
[24/02/2009|08:05] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Winamp
[22/11/2008|05:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Windows Desktop Search
[22/11/2008|10:26] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Windows Search
[23/11/2008|04:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> WinRAR
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[18/03/2009 05:37 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/02/2006 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[18/03/2009|05:22] C:\Program Files\<DIR> Adobe
[23/11/2008|05:30] C:\Program Files\<DIR> Alcohol Soft
[22/11/2008|04:43] C:\Program Files\<DIR> Alwil Software
[22/11/2008|05:51] C:\Program Files\<DIR> AMD
[23/11/2008|04:46] C:\Program Files\<DIR> Apple Software Update
[23/11/2008|05:40] C:\Program Files\<DIR> Ares
[22/11/2008|04:18] C:\Program Files\<DIR> ATI Technologies
[13/03/2009|03:47] C:\Program Files\<DIR> Aurora MPEG To DVD Burner
[08/12/2008|11:55] C:\Program Files\<DIR> Bethesda Softworks
[05/02/2009|11:21] C:\Program Files\<DIR> BitPim
[23/11/2008|05:41] C:\Program Files\<DIR> BitTorrent
[11/03/2009|03:00] C:\Program Files\<DIR> Bonjour
[22/11/2008|05:51] C:\Program Files\<DIR> Browser Configuration Utility
[23/11/2008|06:34] C:\Program Files\<DIR> Canon
[23/11/2008|04:52] C:\Program Files\<DIR> CanonBJ
[18/03/2009|05:36] C:\Program Files\<DIR> Common Files
[22/11/2008|05:42] C:\Program Files\<DIR> ComPlus Applications
[03/12/2008|04:34] C:\Program Files\<DIR> Corel
[23/11/2008|04:42] C:\Program Files\<DIR> DivX
[18/03/2009|06:23] C:\Program Files\<DIR> EA GAMES
[11/03/2009|03:04] C:\Program Files\<DIR> InstallShield Installation Information
[11/02/2009|11:39] C:\Program Files\<DIR> Internet Explorer
[04/12/2008|01:27] C:\Program Files\<DIR> iPod
[01/01/2009|02:40] C:\Program Files\<DIR> iTunes
[03/12/2008|02:44] C:\Program Files\<DIR> Java
[18/03/2009|05:45] C:\Program Files\<DIR> MagicISO
[16/03/2009|12:54] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[22/11/2008|04:49] C:\Program Files\<DIR> Messenger
[08/03/2009|10:51] C:\Program Files\<DIR> Microsoft
[23/11/2008|07:04] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[23/11/2008|05:22] C:\Program Files\<DIR> microsoft frontpage
[20/01/2009|02:11] C:\Program Files\<DIR> Microsoft Games
[02/02/2009|12:56] C:\Program Files\<DIR> Microsoft Games for Windows - LIVE
[23/11/2008|05:22] C:\Program Files\<DIR> Microsoft Office
[05/03/2009|02:39] C:\Program Files\<DIR> Microsoft Silverlight
[22/11/2008|04:35] C:\Program Files\<DIR> Movie Maker
[23/03/2009|08:01] C:\Program Files\<DIR> Mozilla Firefox
[08/12/2008|11:54] C:\Program Files\<DIR> MSBuild
[24/12/2008|12:28] C:\Program Files\<DIR> MSN
[22/11/2008|05:41] C:\Program Files\<DIR> MSN Gaming Zone
[23/11/2008|07:04] C:\Program Files\<DIR> MSXML 4.0
[17/03/2009|12:30] C:\Program Files\<DIR> Neopets
[23/11/2008|05:11] C:\Program Files\<DIR> Nero
[22/11/2008|04:34] C:\Program Files\<DIR> NetMeeting
[11/12/2008|08:24] C:\Program Files\<DIR> NOS
[22/11/2008|05:41] C:\Program Files\<DIR> Online Services
[22/11/2008|04:34] C:\Program Files\<DIR> Outlook Express
[05/02/2009|11:41] C:\Program Files\<DIR> QPST
[23/11/2008|04:46] C:\Program Files\<DIR> QuickTime
[22/11/2008|05:54] C:\Program Files\<DIR> Realtek
[08/12/2008|11:53] C:\Program Files\<DIR> Reference Assemblies
[23/11/2008|05:00] C:\Program Files\<DIR> Samsung
[23/11/2008|04:55] C:\Program Files\<DIR> ScanSoft
[09/01/2009|04:38] C:\Program Files\<DIR> SimPE
[23/11/2008|07:11] C:\Program Files\<DIR> Sims2RoboFileMaid3000
[14/12/2008|05:55] C:\Program Files\<DIR> SystemRequirementsLab
[15/03/2009|09:37] C:\Program Files\<DIR> Trend Micro
[22/11/2008|05:49] C:\Program Files\<DIR> Uninstall Information
[23/11/2008|04:45] C:\Program Files\<DIR> VideoLAN
[18/02/2009|12:38] C:\Program Files\<DIR> Virtools
[03/12/2008|02:43] C:\Program Files\<DIR> Winamp
[22/11/2008|05:01] C:\Program Files\<DIR> Windows Desktop Search
[08/03/2009|10:50] C:\Program Files\<DIR> Windows Live
[08/03/2009|10:51] C:\Program Files\<DIR> Windows Live SkyDrive
[22/11/2008|05:00] C:\Program Files\<DIR> Windows Media Connect 2
[01/01/2009|02:40] C:\Program Files\<DIR> Windows Media Player
[22/11/2008|04:34] C:\Program Files\<DIR> Windows NT
[22/11/2008|05:44] C:\Program Files\<DIR> WindowsUpdate
[23/11/2008|04:54] C:\Program Files\<DIR> WinRAR
[23/11/2008|04:56] C:\Program Files\<DIR> WinZip
[22/11/2008|05:45] C:\Program Files\<DIR> xerox
--------------------\\ Listing Folders in C:\Program Files\Common Files
[18/03/2009|05:22] C:\Program Files\Common Files\<DIR> Adobe
[09/12/2008|02:35] C:\Program Files\Common Files\<DIR> Adobe AIR
[23/11/2008|05:11] C:\Program Files\Common Files\<DIR> Ahead
[04/12/2008|01:27] C:\Program Files\Common Files\<DIR> Apple
[03/12/2008|04:34] C:\Program Files\Common Files\<DIR> Corel
[23/11/2008|05:24] C:\Program Files\Common Files\<DIR> Designer
[23/11/2008|04:56] C:\Program Files\Common Files\<DIR> InstallShield
[08/03/2009|10:51] C:\Program Files\Common Files\<DIR> Microsoft Shared
[22/11/2008|05:43] C:\Program Files\Common Files\<DIR> MSSoap
[22/11/2008|11:31] C:\Program Files\Common Files\<DIR> ODBC
[03/12/2008|04:36] C:\Program Files\Common Files\<DIR> Protexis
[23/11/2008|04:56] C:\Program Files\Common Files\<DIR> ScanSoft Shared
[22/11/2008|05:43] C:\Program Files\Common Files\<DIR> Services
[22/11/2008|11:31] C:\Program Files\Common Files\<DIR> SpeechEngines
[23/11/2008|05:23] C:\Program Files\Common Files\<DIR> System
[08/03/2009|10:49] C:\Program Files\Common Files\<DIR> Windows Live
[24/11/2008|12:54] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
--------------------\\ Process
( 39 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
C:\DOCUME~1\Owner\Cookies\[email protected][2].txt
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 20:07:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Searching for other infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Owner\My Documents\My Music\Electronica\Sets\ADAMZ\110 Wind That Cracks the Leaves.mp3
C:\DOCUME~1\Owner\My Documents\My Music\Electronica\Sets\ADAMZ\111 Wind That Cracks the Leaves.mp3
C:\DOCUME~1\Owner\My Documents\My Music\Electronica\Sets\daves\Pavement Cracks (Scumfrog Vocal Mix).mp3
[F:43][D:8]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:96][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:277][D:4]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 23/03/2009|10:36 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 23/03/2009|20:07 - Option : [1]
--------------------\\ Scan completed at 20:07:27
Done and Done. (i kept the music files, is that okay?)
-
Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
Double click LopSD.exe - If you are using Windows Vista, right-click on the LopSD icon and select Run as administrator to perform this scan.
- Choose the language by typing of the corresponding letter and press Enter
- Click OK at the informative window.
- Type 2 to choose Option 2 (Delete with Hosts File Restore), then press Enter
- Wait until the end of the scan.
- A report will be generated, post the contents of it in your next reply
.
----------
Use the ESET Online Antivirus Scanner (http://www.eset.com/onlinescan/index.php)
This scanner requires Internet Explorer
1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.
----------
How is the computer running now?
-
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ )
BIOS : Award Modular BIOS v6.00PG
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090323-0] 4.8.1335 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:465 Go (Free:285 Go)
D:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 23/03/2009|21:01 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing folders in APPLIC~1
[22/11/2008|05:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[04/12/2008|01:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[18/03/2009|05:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[20/01/2009|02:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3
[23/11/2008|04:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[04/12/2008|01:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[22/11/2008|04:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI
[23/11/2008|04:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[04/12/2008|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Corel
[08/12/2008|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Fallout3
[23/11/2008|04:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[16/03/2009|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[08/03/2009|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[11/12/2008|08:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS
[23/11/2008|04:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ScanSoft
[22/11/2008|04:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[23/11/2008|07:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip
[24/11/2008|12:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[22/11/2008|05:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[21/02/2009|09:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[22/11/2008|05:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[22/02/2009|03:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[23/11/2008|05:14] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Ahead
[15/02/2009|09:30] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[22/11/2008|04:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ATI
[23/03/2009|08:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> BitTorrent
[21/02/2009|02:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Canon
[03/12/2008|04:37] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Corel
[23/11/2008|05:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> DivX
[11/03/2009|02:52] C:\DOCUME~1\Owner\APPLIC~1\<DIR> DNA
[22/03/2009|09:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> dvdcss
[05/02/2009|11:43] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[22/11/2008|05:49] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[22/11/2008|05:51] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InstallShield
[15/02/2009|09:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> LimeWire
[28/01/2009|09:39] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[16/03/2009|12:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Malwarebytes
[20/03/2009|01:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[23/11/2008|05:22] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft Web Folders
[22/11/2008|11:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla
[24/12/2008|12:29] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MSNInstaller
[17/03/2009|12:31] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Neopets Toolbar
[23/11/2008|04:56] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ScanSoft
[23/11/2008|05:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[14/12/2008|05:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SystemRequirementsLab
[03/12/2008|04:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> vlc
[24/02/2009|08:05] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Winamp
[22/11/2008|05:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Windows Desktop Search
[22/11/2008|10:26] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Windows Search
[23/11/2008|04:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> WinRAR
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[18/03/2009 05:37 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/02/2006 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[18/03/2009|05:22] C:\Program Files\<DIR> Adobe
[23/11/2008|05:30] C:\Program Files\<DIR> Alcohol Soft
[22/11/2008|04:43] C:\Program Files\<DIR> Alwil Software
[22/11/2008|05:51] C:\Program Files\<DIR> AMD
[23/11/2008|04:46] C:\Program Files\<DIR> Apple Software Update
[23/11/2008|05:40] C:\Program Files\<DIR> Ares
[22/11/2008|04:18] C:\Program Files\<DIR> ATI Technologies
[13/03/2009|03:47] C:\Program Files\<DIR> Aurora MPEG To DVD Burner
[08/12/2008|11:55] C:\Program Files\<DIR> Bethesda Softworks
[05/02/2009|11:21] C:\Program Files\<DIR> BitPim
[23/11/2008|05:41] C:\Program Files\<DIR> BitTorrent
[11/03/2009|03:00] C:\Program Files\<DIR> Bonjour
[22/11/2008|05:51] C:\Program Files\<DIR> Browser Configuration Utility
[23/11/2008|06:34] C:\Program Files\<DIR> Canon
[23/11/2008|04:52] C:\Program Files\<DIR> CanonBJ
[18/03/2009|05:36] C:\Program Files\<DIR> Common Files
[22/11/2008|05:42] C:\Program Files\<DIR> ComPlus Applications
[03/12/2008|04:34] C:\Program Files\<DIR> Corel
[23/11/2008|04:42] C:\Program Files\<DIR> DivX
[18/03/2009|06:23] C:\Program Files\<DIR> EA GAMES
[11/03/2009|03:04] C:\Program Files\<DIR> InstallShield Installation Information
[11/02/2009|11:39] C:\Program Files\<DIR> Internet Explorer
[04/12/2008|01:27] C:\Program Files\<DIR> iPod
[01/01/2009|02:40] C:\Program Files\<DIR> iTunes
[03/12/2008|02:44] C:\Program Files\<DIR> Java
[18/03/2009|05:45] C:\Program Files\<DIR> MagicISO
[16/03/2009|12:54] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[22/11/2008|04:49] C:\Program Files\<DIR> Messenger
[08/03/2009|10:51] C:\Program Files\<DIR> Microsoft
[23/11/2008|07:04] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[23/11/2008|05:22] C:\Program Files\<DIR> microsoft frontpage
[20/01/2009|02:11] C:\Program Files\<DIR> Microsoft Games
[02/02/2009|12:56] C:\Program Files\<DIR> Microsoft Games for Windows - LIVE
[23/11/2008|05:22] C:\Program Files\<DIR> Microsoft Office
[05/03/2009|02:39] C:\Program Files\<DIR> Microsoft Silverlight
[22/11/2008|04:35] C:\Program Files\<DIR> Movie Maker
[23/03/2009|08:53] C:\Program Files\<DIR> Mozilla Firefox
[08/12/2008|11:54] C:\Program Files\<DIR> MSBuild
[24/12/2008|12:28] C:\Program Files\<DIR> MSN
[22/11/2008|05:41] C:\Program Files\<DIR> MSN Gaming Zone
[23/11/2008|07:04] C:\Program Files\<DIR> MSXML 4.0
[17/03/2009|12:30] C:\Program Files\<DIR> Neopets
[23/11/2008|05:11] C:\Program Files\<DIR> Nero
[22/11/2008|04:34] C:\Program Files\<DIR> NetMeeting
[11/12/2008|08:24] C:\Program Files\<DIR> NOS
[22/11/2008|05:41] C:\Program Files\<DIR> Online Services
[22/11/2008|04:34] C:\Program Files\<DIR> Outlook Express
[05/02/2009|11:41] C:\Program Files\<DIR> QPST
[23/11/2008|04:46] C:\Program Files\<DIR> QuickTime
[22/11/2008|05:54] C:\Program Files\<DIR> Realtek
[08/12/2008|11:53] C:\Program Files\<DIR> Reference Assemblies
[23/11/2008|05:00] C:\Program Files\<DIR> Samsung
[23/11/2008|04:55] C:\Program Files\<DIR> ScanSoft
[09/01/2009|04:38] C:\Program Files\<DIR> SimPE
[23/11/2008|07:11] C:\Program Files\<DIR> Sims2RoboFileMaid3000
[14/12/2008|05:55] C:\Program Files\<DIR> SystemRequirementsLab
[15/03/2009|09:37] C:\Program Files\<DIR> Trend Micro
[22/11/2008|05:49] C:\Program Files\<DIR> Uninstall Information
[23/11/2008|04:45] C:\Program Files\<DIR> VideoLAN
[18/02/2009|12:38] C:\Program Files\<DIR> Virtools
[03/12/2008|02:43] C:\Program Files\<DIR> Winamp
[22/11/2008|05:01] C:\Program Files\<DIR> Windows Desktop Search
[08/03/2009|10:50] C:\Program Files\<DIR> Windows Live
[08/03/2009|10:51] C:\Program Files\<DIR> Windows Live SkyDrive
[22/11/2008|05:00] C:\Program Files\<DIR> Windows Media Connect 2
[01/01/2009|02:40] C:\Program Files\<DIR> Windows Media Player
[22/11/2008|04:34] C:\Program Files\<DIR> Windows NT
[22/11/2008|05:44] C:\Program Files\<DIR> WindowsUpdate
[23/11/2008|04:54] C:\Program Files\<DIR> WinRAR
[23/11/2008|04:56] C:\Program Files\<DIR> WinZip
[22/11/2008|05:45] C:\Program Files\<DIR> xerox
--------------------\\ Listing Folders in C:\Program Files\Common Files
[18/03/2009|05:22] C:\Program Files\Common Files\<DIR> Adobe
[09/12/2008|02:35] C:\Program Files\Common Files\<DIR> Adobe AIR
[23/11/2008|05:11] C:\Program Files\Common Files\<DIR> Ahead
[04/12/2008|01:27] C:\Program Files\Common Files\<DIR> Apple
[03/12/2008|04:34] C:\Program Files\Common Files\<DIR> Corel
[23/11/2008|05:24] C:\Program Files\Common Files\<DIR> Designer
[23/11/2008|04:56] C:\Program Files\Common Files\<DIR> InstallShield
[08/03/2009|10:51] C:\Program Files\Common Files\<DIR> Microsoft Shared
[22/11/2008|05:43] C:\Program Files\Common Files\<DIR> MSSoap
[22/11/2008|11:31] C:\Program Files\Common Files\<DIR> ODBC
[03/12/2008|04:36] C:\Program Files\Common Files\<DIR> Protexis
[23/11/2008|04:56] C:\Program Files\Common Files\<DIR> ScanSoft Shared
[22/11/2008|05:43] C:\Program Files\Common Files\<DIR> Services
[22/11/2008|11:31] C:\Program Files\Common Files\<DIR> SpeechEngines
[23/11/2008|05:23] C:\Program Files\Common Files\<DIR> System
[08/03/2009|10:49] C:\Program Files\Common Files\<DIR> Windows Live
[24/11/2008|12:54] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
--------------------\\ Process
( 39 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
No Lop folder found !
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 21:02:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Searching for other infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Owner\My Documents\My Music\Electronica\Sets\ADAMZ\110 Wind That Cracks the Leaves.mp3
C:\DOCUME~1\Owner\My Documents\My Music\Electronica\Sets\ADAMZ\111 Wind That Cracks the Leaves.mp3
C:\DOCUME~1\Owner\My Documents\My Music\Electronica\Sets\daves\Pavement Cracks (Scumfrog Vocal Mix).mp3
[F:43][D:8]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:95][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:301][D:4]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 23/03/2009|10:36 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 23/03/2009|20:07 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - 23/03/2009|21:00 - Option : [2]
4 - "C:\Lop SD\LopR_4.txt" - 23/03/2009|21:02 - Option : [2]
--------------------\\ Scan completed at 21:02:49
-
Looks good so far. If anything else is hiding hopefully the ESET scanner will find it.
-
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3956 (20090323)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=a09d889860779a44a0edaba65d162451
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-03-24 02:31:05
# local_time=2009-03-23 09:31:05 (-0600, Central Daylight Time)
# country="Canada"
# osver=5.1.2600 NT Service Pack 3
# scanned=205597
# found=0
# scan_time=1352
The computer seems to be running just great! Its stopped doing the redirects! Thank you thank you so much!
-
Unistall LOP S&D
Click START then RUN
Now type C:\Lop SD\Uninstal.exe in the runbox.
Then click OK.
----------
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
.
.
The above procedure will:- Delete:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
----------
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.